[go: up one dir, main page]

CN114697008A - Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform - Google Patents

Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform Download PDF

Info

Publication number
CN114697008A
CN114697008A CN202011616484.4A CN202011616484A CN114697008A CN 114697008 A CN114697008 A CN 114697008A CN 202011616484 A CN202011616484 A CN 202011616484A CN 114697008 A CN114697008 A CN 114697008A
Authority
CN
China
Prior art keywords
key
quantum
encryption
encrypted
sim card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011616484.4A
Other languages
Chinese (zh)
Other versions
CN114697008B (en
Inventor
余小洁
刘春华
王学富
杨国梁
姜胜广
温娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202011616484.4A priority Critical patent/CN114697008B/en
Priority to PCT/CN2021/142320 priority patent/WO2022143727A1/en
Publication of CN114697008A publication Critical patent/CN114697008A/en
Application granted granted Critical
Publication of CN114697008B publication Critical patent/CN114697008B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a communication system and a method based on a quantum security SIM card, the quantum security SIM card and a quantum key service platform, wherein a file storage space is opened up and a defined data interaction interface is added on the basis of the physical structure and the logic architecture of the existing SIM card, so that the quantum key can be directly provided for upper-layer application to protect the safety of the communication process, thereby providing a quantum security function and allowing large capacity, and further meeting the increasing requirements of security information communication and file storage under the gradual popularization of a 5G network. By means of the matching design of the key charging mode and the communication mode, the freshness and the pre-storage safety of the session key and the encryption key thereof can be effectively ensured, and the data safety of the quantum safety SIM card is ensured.

Description

Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
Technical Field
The invention relates to the field of quantum secret communication, in particular to a communication system and a method based on a quantum security SIM card, the quantum security SIM card and a key service platform.
Background
The existing SIM card has the main functions of identifying the identity of a SIM card holder by using a preset key and charging the flow generated in the communication process. The SIM card is a computer chip storing the customer information of the digital mobile phone, and is used for the GSM network to identify and verify the identity of the user. The preset and stored key in the SIM card is mainly used for authentication and protection of card holder identity information and negotiation of a session key to ensure the security of communication content. In the prior art, the communication content is not processed by using a secret key, so that the safety of the voice and short message communication process is difficult to guarantee; and key service cannot be provided for other applications on the upper layer, and the applications on the upper layer of the mobile phone are not protected by corresponding security policies.
Disclosure of Invention
Aiming at the problem, the invention provides a communication system and a method based on a quantum security SIM card, the quantum security SIM card and a key service platform, wherein a file storage space is opened up and a defined data interaction interface is added on the basis of the physical structure and the logic architecture of the existing SIM card, so that the quantum key can be directly provided for upper-layer application to protect the security of the communication process, thereby providing a quantum security function and allowing large capacity, and further meeting the increasing security information communication and file storage requirements under the gradual popularization of a 5G network. By means of the key filling mode and the communication mode matched design, the freshness and the pre-storage safety of the session key and the encryption key thereof can be effectively guaranteed, and the data safety of the quantum safety SIM card is guaranteed.
Specifically, a first aspect of the present invention relates to a quantum security SIM card based communication system, which includes a quantum key service platform, a mobile device SDK, and a quantum security SIM card;
the quantum key service platform is configured to: forming and sending first encrypted data in a key-filling mode, the first encrypted data including a shared quantum key K1 encrypted with a first encryption key Ka and the first encryption key Ka encrypted with a public key; and, forming and transmitting second encrypted data in a communication mode, the second encrypted data comprising a session key Kb encrypted with the shared quantum key K1;
the mobile device SDK is set up to allow data interaction between the quantum key service platform and the quantum security SIM card;
the quantum security SIM card is configured to: storing the first encrypted data in the key charging mode; and in the communication mode, obtaining the session key Kb for secure communication by means of a decryption operation based on the first encrypted data and the second encrypted data.
Further, the quantum key service platform may be configured to: in the key charging mode, generating the first encryption key Ka, encrypting the shared quantum key K1 by using the first encryption key Ka, and encrypting the first encryption key Ka by using the public key; and/or, in the communication mode, generating the session key Kb and encrypting the session key Kb by using the shared quantum key K1.
Further, the quantum security SIM card may be configured to: in the communication mode, decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
Wherein the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
Alternatively, the symmetric encryption and decryption operations may be implemented by means of an exclusive-or operation.
Preferably, the mobile device SDK is arranged to encapsulate an interaction interface for data interaction with the quantum key service platform, and a call interface for data interaction with the quantum security SIM card; the quantum security SIM card defines a data interface for allowing invocation by the mobile device SDK for data interaction.
The second aspect of the invention relates to a communication method based on a quantum security SIM card, which comprises a key filling step and a session key obtaining step;
the key charging step is used for generating first encrypted data and storing the first encrypted data into the quantum security SIM card, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and the first encryption key Ka encrypted by a public key;
the session key obtaining step is used for: generating and storing second encrypted data in the quantum secure SIM card, the second encrypted data comprising a session key Kb encrypted with the shared quantum key K1; and obtaining, in the quantum secure SIM card, the session key Kb from the first encrypted data and the second encrypted data by means of a decryption operation.
Further, in the key filling step, the quantum key service platform generates the first encryption key Ka, encrypts the shared quantum key K1 by using the first encryption key Ka, and encrypts the first encryption key Ka by using the public key;
in the session key obtaining step, the quantum key service platform generates the session key Kb, and encrypts the session key Kb by using the shared quantum key K1; and decrypting, by the quantum secure SIM card, the public key encrypted first encryption key Ka with a private key to obtain the first encryption key Ka, decrypting the first encryption key Ka encrypted shared quantum key K1 with the first encryption key Ka to obtain the shared quantum key K1, decrypting the shared quantum key K1 the session key Kb encrypted with the shared quantum key K1 to obtain the session key Kb.
Further, in the session key obtaining step, the quantum key service platform generates the session key Kb in response to a session key request.
Further, the communication method can further comprise the step of configuring the mobile device SDK to realize data interaction between the quantum key service platform and the quantum security SIM card.
Wherein the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
The third aspect of the invention relates to a quantum security SIM card, which comprises a data interface, a key data storage unit, a session key storage unit and an encryption and decryption unit;
the key data storage unit is configured to store key data, wherein the key data comprises first encrypted data comprising a shared quantum key K1 encrypted with a first encryption key Ka and a first encryption key Ka encrypted with a public key, and second encrypted data comprising a session key Kb encrypted with the shared quantum key K1;
the data interface is defined to allow for an interaction that is invoked to conduct the key data;
the encryption and decryption unit is configured to obtain the session key Kb from the key data by means of a decryption operation;
the session key storage unit is configured to store the session key Kb.
Further, the encryption and decryption unit may be configured to: decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
Further, the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
Wherein the encryption and decryption unit may be arranged to implement a symmetric encryption and decryption operation by means of an exclusive-or operation.
The fourth aspect of the present invention relates to a quantum key service platform, which includes a symmetric key generation unit, an encryption/decryption unit, and a data interface;
the symmetric key generation unit is arranged to: generating a first encryption key Ka in a key-filling mode and a session key Kb in a communication mode;
the encryption and decryption unit is configured to: in the key charge mode, encrypting a shared quantum key K1 with the first encryption key Ka and encrypting the first encryption key Ka with a public key, thereby forming first encrypted data; and in the communication mode, encrypting the session key Kb with the shared quantum key K1, thereby forming second encrypted data;
the data interface is configured for data interaction.
Further, the public key is an ECC public key; and/or the encryption and decryption unit is arranged to implement a symmetric encryption and decryption operation by means of an exclusive-or operation.
Further, the symmetric-key generation unit is further arranged to generate the session key Kb in response to a session-key request.
Drawings
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 shows a schematic flow diagram of a quantum secure SIM card based communication system for implementing quantum key charging according to the present invention;
fig. 2 shows a flow diagram of a quantum security SIM card based communication system for implementing encrypted communication according to the present invention.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following examples are provided by way of illustration in order to fully convey the spirit of the invention to those skilled in the art to which the invention pertains. Accordingly, the present invention is not limited to the embodiments disclosed herein.
According to the invention, the communication system based on the quantum security SIM card can comprise a quantum key service platform, a mobile device SDK and the quantum security SIM card.
The quantum key service platform can work in a key filling mode and a communication mode.
In the key charging mode, the quantum key service platform generates a first symmetric key Ka, encrypts the shared quantum key K1 by using the first symmetric key Ka, and encrypts the first symmetric key Ka by using a public key, so as to form first encrypted data, and sends the first encrypted data to the outside through the network. Accordingly, the first encrypted data may include the shared quantum key K1 encrypted with the first symmetric key Ka, and the first symmetric key Ka encrypted with the public key.
In a communication mode, the quantum key service platform generates a second symmetric key Kb, encrypts the second symmetric key Kb by using the shared quantum key K1, thereby forming second encrypted data, and sends the second encrypted data to the outside through the network. Accordingly, the second encrypted data may include a second symmetric key Kb encrypted via shared quantum key K1.
As an example, the public key may be an ECC public key. As an example, a symmetric encryption operation may be performed using an exclusive or operation.
In one embodiment, the quantum key service platform may include a symmetric key generation unit, an encryption and decryption unit, and a data interface.
The symmetric-key generation unit may generate the first encryption key Ka in the key-charging mode and generate the session key Kb in the communication mode.
The encryption and decryption unit may be configured to perform an encryption operation to generate first encrypted data and second encrypted data. Wherein, in the key filling mode, the shared quantum key K1 may be encrypted with the first encryption key Ka, and the first encryption key Ka may be encrypted with the public key to form first encrypted data; in the communication mode, the session key Kb is encrypted using the shared quantum key K1, thereby forming second encrypted data.
The data interface may be used to enable data interaction with an external (e.g. mobile device SDK), such as outputting the first and second encrypted data, receiving a session key request, etc.
The mobile device SDK may be packaged with an interaction interface for data interaction with the quantum key service platform and a call interface for data interaction with the quantum secure SIM card, thereby providing a data channel between the quantum key service platform and the quantum secure SIM card to allow data interaction between the quantum key service platform and the quantum secure SIM card. Thus, the mobile device SDK itself does not store any key related data.
Accordingly, a data interface may be defined on the quantum security SIM card for allowing mobile device SDK calls for data interaction.
In addition, the quantum security SIM card also works in a key charging mode and a communication mode.
In the key charge mode, the quantum secure SIM card may receive and store first encrypted data via the mobile device SDK.
In the communication mode, the quantum security SIM card may receive and store second encrypted data via the mobile device SDK, and: decrypting the first symmetric key Ka encrypted by the public key in the first encrypted data by using a pre-stored corresponding private key (such as an ECC private key) to obtain the first symmetric key Ka; decrypting the shared quantum key K1 encrypted by the first symmetric key Ka in the first encrypted data by using the first symmetric key Ka to obtain a shared quantum key K1; and decrypting the second encrypted data using the shared quantum key K1 to obtain a second symmetric key Kb, and using it as the session key.
Therefore, in the non-communication mode, the key related data stored in the quantum security SIM card are all in an encrypted form (stored in the form of first encrypted data), and the plaintext of the second symmetric key Kb serving as the session key is generated only in the communication mode for secret communication, so that the security of the key data in the quantum security SIM card can be effectively ensured, and the confidentiality of communication is ensured.
As an embodiment, the quantum security SIM card may include a data interface, a key data storage unit, a session key storage unit, and an encryption/decryption unit.
The key data storage unit may be configured to store key data including, for example, first encrypted data and second encrypted data.
A data interface may be defined to allow for being invoked (e.g., mobile device SDK) to interact with data, such as key data.
The encryption/decryption unit may perform an encryption/decryption operation to obtain the session key Kb from the key data.
The session key storage unit may then store the session key Kb for use in secure communication procedures.
The following will continue to describe the working flow of the quantum security SIM card based communication method according to the present invention in order to better understand the working principle of the communication system of the present invention.
Fig. 1 shows a flow diagram of a quantum key charging implementation in a quantum secure SIM card based communication system according to the present invention.
In the key-filling mode, as shown in fig. 1, a key-filling step will be performed.
In the key filling step, a quantum key service platform generates a first symmetric key Ka, and encrypts a shared quantum key K1 by using the first symmetric key Ka to obtain a shared quantum key K1 encrypted by the first symmetric key Ka; and encrypting the first symmetric key Ka by using the ECC public key to obtain the first symmetric key Ka encrypted by the ECC public key. Thus, first encrypted data is formed on the quantum key service platform, which includes the shared quantum key K1 encrypted with the first symmetric key Ka, and the first symmetric key Ka encrypted with the ECC public key.
Subsequently, the quantum key service platform sends the first encrypted data to the mobile device SDK.
The mobile device SDK allows the first encrypted data to be stored in the quantum security SIM card by means of the interactive interface and the interface invoking the quantum security SIM card. Therefore, the key charging of the quantum security SIM card is realized.
Fig. 2 shows a flow diagram of a quantum security SIM card based communication system for implementing encrypted communication according to the present invention.
When the upper layer application has a communication requirement, namely is in a communication mode, a session key acquisition step is executed.
As shown in fig. 2, in the session key obtaining step, a session key request is sent to the sub-key service platform via the SDK of the mobile device, and a session key for the communication is applied.
The quantum key service platform responds to the session key request to generate a second symmetric key Kb (which is 128 bits, for example) as a session key of the communication; and the shared quantum key K1 is used for encrypting the second symmetric key Kb to obtain second encrypted data, namely the second symmetric key Kb encrypted by the shared quantum key K1, and the second encrypted data is sent outwards.
And the mobile device SDK receives the second encrypted data through the interactive interface and calls the interface of the quantum security SIM card to transmit the second encrypted data to the quantum security SIM card for storage.
The quantum security SIM card decrypts the first symmetric key Ka encrypted by the ECC public key in the first encrypted data by using a pre-stored corresponding ECC private key to obtain the first symmetric key Ka; decrypting the shared quantum key K1 encrypted by the first symmetric key Ka in the first encrypted data by using the first symmetric key Ka to obtain a shared quantum key K1; and finally, decrypting the second symmetric key Kb encrypted by the shared quantum key K1 in the second encrypted data by using the shared quantum key K1 to obtain the second symmetric key Kb, and storing the second symmetric key Kb.
At this time, since the second symmetric key Kb has been stored in the quantum security SIM card as a session key in plain text, both parties of the communication service can perform secure communication using the second symmetric key Kb stored in the quantum security SIM card as a session key.
In summary, with the communication system and method based on the quantum security SIM card provided by the present invention, the SIM card can be allowed to directly provide a quantum key for upper layer applications (e.g. mobile phone applications) to implement security protection in the communication process without changing the structure of the conventional SIM card and by only adding a defined data interaction interface, and meanwhile, the communication system and method also have the functions of identification of the conventional SIM card and communication charging. By means of the key filling mode and the communication mode matched design, the freshness and the pre-storage safety of the session key and the encryption key thereof can be effectively guaranteed, and the data safety of the quantum safety SIM card and the safety protection of the communication process are guaranteed.
Although the present invention has been described in connection with the embodiments illustrated in the accompanying drawings, it will be understood by those skilled in the art that the embodiments described above are merely exemplary for illustrating the principles of the present invention and are not intended to limit the scope of the present invention, and that various combinations, modifications and equivalents of the above-described embodiments may be made by those skilled in the art without departing from the spirit and scope of the present invention.

Claims (18)

1. A communication system based on quantum security SIM card, it includes quantum key service platform, mobile device SDK and quantum security SIM card;
the quantum key service platform is configured to: forming and sending first encrypted data in a key-filling mode, the first encrypted data including a shared quantum key K1 encrypted with a first encryption key Ka and the first encryption key Ka encrypted with a public key; and, forming and transmitting second encrypted data in a communication mode, the second encrypted data comprising a session key Kb encrypted with the shared quantum key K1;
the mobile device SDK is set up to allow data interaction between the quantum key service platform and the quantum security SIM card;
the quantum security SIM card is configured to: storing the first encrypted data in the key charging mode; and in the communication mode, obtaining the session key Kb for secure communication by means of a decryption operation based on the first encrypted data and the second encrypted data.
2. The communication system of claim 1, wherein the quantum key service platform is further configured to: in the key charging mode, generating the first encryption key Ka, encrypting the shared quantum key K1 by using the first encryption key Ka, and encrypting the first encryption key Ka by using the public key; and/or, in the communication mode, generating the session key Kb and encrypting the session key Kb by using the shared quantum key K1.
3. The communication system of claim 1, wherein the quantum secure SIM card is further configured to: in the communication mode, decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
4. The communication system of claim 1, wherein:
the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb;
and/or the public key is an ECC public key.
5. The communication system of claim 1, wherein the symmetric encryption/decryption operation is implemented by means of an exclusive-or operation.
6. The communication system of claim 1, wherein the mobile device SDK is arranged to encapsulate an interaction interface for data interaction with the quantum key service platform and a call interface for data interaction with the quantum security SIM card;
the quantum security SIM card defines a data interface for allowing invocation by the mobile device SDK for data interaction.
7. A communication method based on quantum security SIM card, it includes the key fills the step and conversation key and obtains the step;
the key charging step is used for generating first encrypted data and storing the first encrypted data into the quantum security SIM card, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and the first encryption key Ka encrypted by a public key;
the session key obtaining step is used for: generating and storing second encrypted data in the quantum secure SIM card, the second encrypted data comprising a session key Kb encrypted with the shared quantum key K1; and obtaining, in the quantum secure SIM card, the session key Kb from the first encrypted data and the second encrypted data by means of a decryption operation.
8. The communication method of claim 7, wherein:
in the key filling step, generating the first encryption key Ka by the quantum key service platform, encrypting the shared quantum key K1 by using the first encryption key Ka, and encrypting the first encryption key Ka by using the public key;
in the session key obtaining step, the quantum key service platform generates the session key Kb, and encrypts the session key Kb by using the shared quantum key K1; and decrypting, by the quantum secure SIM card, the public key encrypted first encryption key Ka with a private key to obtain the first encryption key Ka, decrypting the first encryption key Ka encrypted shared quantum key K1 with the first encryption key Ka to obtain the shared quantum key K1, decrypting the shared quantum key K1 the session key Kb encrypted with the shared quantum key K1 to obtain the session key Kb.
9. The communication method according to claim 8, wherein in the session key acquisition step, the quantum key service platform generates the session key Kb in response to a session key request.
10. The communication method of claim 7, further comprising the step of configuring a mobile device SDK to enable data interaction between the quantum key service platform and the quantum secure SIM card.
11. The communication method of claim 7, wherein:
the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
12. A quantum security SIM card comprises a data interface, a key data storage unit, a session key storage unit and an encryption and decryption unit;
the key data storage unit is configured to store key data, wherein the key data comprises first encrypted data comprising a shared quantum key K1 encrypted by a first encryption key Ka and a first encryption key Ka encrypted by a public key, and second encrypted data comprising a session key Kb encrypted by the shared quantum key K1;
the data interface is defined to allow for an interaction that is invoked to conduct the key data;
the encryption and decryption unit is configured to obtain the session key Kb from the key data by means of a decryption operation;
the session key storage unit is configured to store the session key Kb.
13. The quantum secure SIM card of claim 12, wherein the encryption and decryption unit is configured to: decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
14. The quantum secure SIM card according to claim 12 or 13, wherein the first encryption key Ka is a first symmetric key Ka and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
15. The quantum security SIM card of claim 12, wherein the encryption and decryption unit is arranged to implement a symmetric encryption and decryption operation by means of an exclusive or operation.
16. A quantum key service platform comprises a symmetric key generation unit, an encryption and decryption unit and a data interface;
the symmetric key generation unit is arranged to: generating a first encryption key Ka in a key-filling mode and a session key Kb in a communication mode;
the encryption and decryption unit is configured to: in the key fill mode, encrypting a shared quantum key K1 with the first encryption key Ka and encrypting the first encryption key Ka with a public key, thereby forming first encrypted data; and in the communication mode, encrypting the session key Kb with the shared quantum key K1, thereby forming second encrypted data;
the data interface is configured for data interaction.
17. The quantum key service platform of claim 16, wherein the public key is an ECC public key; and/or the encryption and decryption unit is arranged to implement a symmetric encryption and decryption operation by means of an exclusive-or operation.
18. The quantum key service platform of claim 16, wherein the symmetric key generation unit is further configured to generate the session key Kb in response to a session key request.
CN202011616484.4A 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform Active CN114697008B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011616484.4A CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
PCT/CN2021/142320 WO2022143727A1 (en) 2020-12-30 2021-12-29 Quantum-safe sim card-based communication system and method, quantum-safe sim card, and key service platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011616484.4A CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform

Publications (2)

Publication Number Publication Date
CN114697008A true CN114697008A (en) 2022-07-01
CN114697008B CN114697008B (en) 2024-03-12

Family

ID=82132817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011616484.4A Active CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform

Country Status (2)

Country Link
CN (1) CN114697008B (en)
WO (1) WO2022143727A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208564A (en) * 2022-07-15 2022-10-18 安徽省极光智能科技有限公司 Mobile service platform safety management system based on quantum encryption

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115348085B (en) * 2022-08-12 2023-06-02 长江量子(武汉)科技有限公司 Epidemic prevention management method based on quantum encryption and epidemic prevention terminal
CN117220878B (en) * 2023-10-20 2024-05-28 合肥合燃华润燃气有限公司 Remote on-line quantum key management method for gas meter

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN106465121A (en) * 2014-05-23 2017-02-22 苹果公司 Electronic subscriber identity module provisioning
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483808B (en) * 2008-01-07 2011-01-05 中兴通讯股份有限公司 Method for ensuring safety of multimedia broadcast service
GB201506045D0 (en) * 2015-04-09 2015-05-27 Vodafone Ip Licensing Ltd SIM security
CN111865589B (en) * 2020-08-14 2023-09-08 国科量子通信网络有限公司 Quantum communication encryption system and method for realizing mobile communication quantum encryption transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN106465121A (en) * 2014-05-23 2017-02-22 苹果公司 Electronic subscriber identity module provisioning
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208564A (en) * 2022-07-15 2022-10-18 安徽省极光智能科技有限公司 Mobile service platform safety management system based on quantum encryption

Also Published As

Publication number Publication date
WO2022143727A1 (en) 2022-07-07
CN114697008B (en) 2024-03-12

Similar Documents

Publication Publication Date Title
CN101340443B (en) Session key negotiating method, system and server in communication network
WO2022143727A1 (en) Quantum-safe sim card-based communication system and method, quantum-safe sim card, and key service platform
CN103458382B (en) Hardware encryption transmission and storage method and system for mobile phone private short message
CN101720071A (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
US20180083935A1 (en) Method and system for secure sms communications
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN104239808A (en) Method and device for encryption transmission of data
CN108599944A (en) A kind of identifying code short message transparent encryption method based on handset identities
CN102264068B (en) Shared key consultation method, system, network platform and terminal
JP2022533274A (en) Quantum resistant SIM card
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN111740958A (en) Data encryption method, data decryption method, encryption and decryption transmission method and system
CN105262759A (en) Method and system for encrypted communication
CN111541603B (en) Independent intelligent safety mail terminal and encryption method
CN106878964B (en) Authentication system and method based on short message channel
CN111427663A (en) Virtual machine system based on intelligent contract and operation method thereof
KR101728338B1 (en) Call Security System
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
CN113411347B (en) Transaction message processing method and processing device
CN215186781U (en) Quantum computing resistant mobile communication system based on quantum secret communication network
CN113642022A (en) E-mail processing method, device, system and storage medium
CN113507435A (en) Data transmission method and system
CN102739604B (en) The method and system of secure transmission of media information
JPH07303104A (en) Storage type communication system with ciphering function
JPH08139718A (en) Cryptographic device and communication method between terminals using the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant