[go: up one dir, main page]

CN114697008B - Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform - Google Patents

Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform Download PDF

Info

Publication number
CN114697008B
CN114697008B CN202011616484.4A CN202011616484A CN114697008B CN 114697008 B CN114697008 B CN 114697008B CN 202011616484 A CN202011616484 A CN 202011616484A CN 114697008 B CN114697008 B CN 114697008B
Authority
CN
China
Prior art keywords
key
quantum
encryption
encrypted
sim card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011616484.4A
Other languages
Chinese (zh)
Other versions
CN114697008A (en
Inventor
余小洁
刘春华
王学富
杨国梁
姜胜广
温娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202011616484.4A priority Critical patent/CN114697008B/en
Priority to PCT/CN2021/142320 priority patent/WO2022143727A1/en
Publication of CN114697008A publication Critical patent/CN114697008A/en
Application granted granted Critical
Publication of CN114697008B publication Critical patent/CN114697008B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a communication system and a method based on a quantum security SIM card, the quantum security SIM card and a quantum key service platform, wherein a file storage space is opened up and a definition data interaction interface is increased on the basis of the physical structure and the logic architecture of the conventional SIM card, so that the communication system and the method can directly provide a quantum key for upper-layer application to protect the safety of a communication process, thereby providing a quantum security function and allowing a large capacity, and further meeting the increasing requirements of secure information communication and file storage under the gradual popularization of a 5G network. By means of the cooperation design of the key filling mode and the communication mode, the freshness and pre-stored safety of the session key and the encryption key thereof can be effectively ensured, and the data safety of the quantum security SIM card is ensured.

Description

Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
Technical Field
The invention relates to the field of quantum secret communication, in particular to a communication system and method based on a quantum security SIM card, the quantum security SIM card and a key service platform.
Background
The main function of the existing SIM card is to identify the identity of the holder of the SIM card by using a preset secret key and charge the flow generated in the communication process. The SIM card is a computer chip storing the customer information of the digital mobile phone, and is used for the GSM network to identify and verify the user identity. The preset and stored key in the SIM card is mainly used for authentication, protection and negotiation of the identity information of the card holder, and the session key is negotiated to ensure the safety of communication content. In the prior art, the key is not used for processing the communication content, so that the safety of the voice and short message communication process is difficult to ensure; and key service cannot be provided for other applications on the upper layer, and the application on the upper layer of the mobile phone is not protected by a corresponding security policy.
Disclosure of Invention
Aiming at the problem, the invention provides a communication system and a method based on a quantum security SIM card, and a quantum security SIM card and a key service platform, wherein a file storage space is opened up and a definition data interaction interface is increased on the basis of the physical structure and the logic architecture of the existing SIM card, so that the communication system and the method can directly provide a quantum key for upper-layer application to protect the safety of a communication process, thereby providing a quantum security function and allowing a large capacity, and further meeting the increasingly-popular safety information communication and file storage demands of a 5G network. The session key and the encryption key thereof can be effectively ensured to be fresh and prestored in safety by means of the cooperation design of the key filling mode and the communication mode, and the data safety of the quantum security SIM card is ensured.
Specifically, a first aspect of the invention relates to a communication system based on a quantum secure SIM card, comprising a quantum key service platform, a mobile device SDK and a quantum secure SIM card;
the quantum key service platform is configured to: forming and transmitting first encrypted data under a key charging mode, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and a first encryption key Ka encrypted by a public key; and forming and transmitting second encrypted data in a communication mode, the second encrypted data including a session key Kb encrypted with the shared quantum key K1;
the mobile device SDK is arranged to allow data interaction between the quantum key service platform and the quantum security SIM card;
the quantum secure SIM card is configured to: storing the first encrypted data under the key charging mode; and in the communication mode, obtaining the session key Kb for secret communication by means of a decryption operation based on the first encrypted data and the second encrypted data.
Further, the quantum key service platform may be configured to: generating the first encryption key Ka under the key charging mode, encrypting the shared quantum key K1 by using the first encryption key Ka, and encrypting the first encryption key Ka by using the public key; and/or in the communication mode, generating the session key Kb, and encrypting the session key Kb by using the shared quantum key K1.
Further, the quantum security SIM card may be configured to: in the communication mode, decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
Wherein the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
Alternatively, the symmetric encryption and decryption operations may be implemented by means of exclusive-or operations.
Preferably, the mobile device SDK is configured to encapsulate an interaction interface for data interaction with the quantum key service platform and a call interface for data interaction with the quantum security SIM card; the quantum security SIM card defines a data interface for allowing data interaction to be invoked by the mobile device SDK.
A second aspect of the present invention relates to a communication method based on a quantum secure SIM card, including a key charging step and a session key obtaining step;
the key filling step is used for generating first encrypted data and storing the first encrypted data into the quantum security SIM card, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and a first encryption key Ka encrypted by a public key;
the session key obtaining step is used for: generating second encrypted data and storing the second encrypted data into the quantum security SIM card, wherein the second encrypted data comprises a session key Kb encrypted by the shared quantum key K1; and obtaining the session key Kb from the first encrypted data and the second encrypted data by means of a decryption operation in the quantum secure SIM card.
Further, in the key filling step, the quantum key service platform generates the first encryption key Ka, encrypts the shared quantum key K1 by using the first encryption key Ka, and encrypts the first encryption key Ka by using the public key;
in the session key obtaining step, the quantum key service platform generates the session key Kb, and encrypts the session key Kb by using the shared quantum key K1; and decrypting, by the quantum secure SIM card, the public-key-encrypted first encryption key Ka with a private key to obtain the first encryption key Ka, decrypting the first-encryption-key-encrypted shared quantum key K1 with the first encryption key Ka to obtain the shared quantum key K1, and decrypting the shared quantum key K1-encrypted session key Kb with the shared quantum key K1 to obtain the session key Kb.
Still further, in the session key obtaining step, the quantum key service platform generates the session key Kb in response to a session key request.
Further, the communication method may further comprise the step of configuring a mobile device SDK to enable data interaction between the quantum key service platform and the quantum secure SIM card.
Wherein the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
A third aspect of the present invention relates to a quantum security SIM card, which includes a data interface, a key data storage unit, a session key storage unit, and an encryption/decryption unit;
the key data storage unit is configured to store key data, wherein the key data includes first encrypted data including a shared quantum key K1 encrypted with a first encryption key Ka and a first encryption key Ka encrypted with a public key, and second encrypted data including a session key Kb encrypted with the shared quantum key K1;
the data interface is defined to allow interaction of the key data to be invoked;
the encryption and decryption unit is configured to obtain the session key Kb from the key data by means of a decryption operation;
the session key storage unit is arranged to store the session key Kb.
Further, the encryption and decryption unit may be configured to: decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
Further, the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
The encryption and decryption unit may be configured to implement symmetric encryption and decryption operations by means of exclusive or operations.
The fourth aspect of the invention relates to a quantum key service platform, which comprises a symmetric key generation unit, an encryption and decryption unit and a data interface;
the symmetric key generation unit is arranged to: generating a first encryption key Ka in a key charging mode and a session key Kb in a communication mode;
the encryption and decryption unit is configured to: encrypting a shared quantum key K1 with the first encryption key Ka under the key charging mode, and encrypting the first encryption key Ka with a public key, thereby forming first encrypted data; and in the communication mode, encrypting the session key Kb with the shared quantum key K1, thereby forming second encrypted data;
the data interface is arranged for data interaction.
Further, the public key is an ECC public key; and/or the encryption and decryption unit is set to realize symmetric encryption and decryption operation by means of exclusive or operation.
Further, the symmetric key generation unit is further arranged to generate the session key Kb in response to a session key request.
Drawings
The following describes the embodiments of the present invention in further detail with reference to the drawings.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows a schematic flow diagram of a quantum secure SIM card based communication system for implementing quantum key charging according to the present invention;
fig. 2 shows a schematic flow diagram of a quantum secure SIM card based communication system for implementing encrypted communications according to the present invention.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following examples are provided by way of illustration to fully convey the spirit of the invention to those skilled in the art to which the invention pertains. Thus, the present invention is not limited to the embodiments disclosed herein.
According to the invention, a communication system based on a quantum secure SIM card may comprise a quantum key service platform, a mobile device SDK and a quantum secure SIM card.
The quantum key service platform may operate in a key charging mode and a communication mode.
Under the key charging mode, the quantum key service platform generates a first symmetric key Ka, encrypts a shared quantum key K1 by using the first symmetric key Ka, encrypts the first symmetric key Ka by using a public key, and accordingly forms first encrypted data which are sent outwards through a network. Accordingly, the first encrypted data may include the shared quantum key K1 encrypted with the first symmetric key Ka, and the first symmetric key Ka encrypted with the public key.
In the communication mode, the quantum key service platform generates a second symmetric key Kb, encrypts the second symmetric key Kb by using the shared quantum key K1, so as to form second encrypted data, and sends the second encrypted data outwards through a network. Accordingly, the second encrypted data may include a second symmetric key Kb encrypted with the shared quantum key K1.
As an example, the public key may be an ECC public key. As an example, a symmetric encryption operation may be performed using an exclusive-or operation.
In one embodiment, the quantum key service platform may include a symmetric key generation unit, an encryption and decryption unit, and a data interface.
The symmetric key generation unit may generate the first encryption key Ka in the key charging mode and generate the session key Kb in the communication mode.
The encryption and decryption unit may be configured to perform an encryption operation to generate first encrypted data and second encrypted data. Under the key charging mode, the shared quantum key K1 can be encrypted by using the first encryption key Ka, and the first encryption key Ka is encrypted by using the public key to form first encrypted data; in the communication mode, the session key Kb is encrypted with the shared quantum key K1, thereby forming second encrypted data.
The data interface may be used to enable data interaction with an external (e.g., mobile device SDK), such as outputting the first and second encrypted data, and receiving a session key request, etc.
The mobile device SDK may be packaged with an interaction interface for data interaction with the quantum key service platform and a call interface for data interaction with the quantum security SIM card, thereby providing a data channel between the quantum key service platform and the quantum security SIM card to allow data interaction between the quantum key service platform and the quantum security SIM card. Thus, the mobile device SDK itself does not store any key related data.
Accordingly, a data interface may be defined on the quantum secure SIM card for allowing mobile device SDK calls for data interaction.
In addition, the quantum secure SIM card also operates in a key charging mode and a communication mode.
In the key charging mode, the quantum secure SIM card may receive and store the first encrypted data via the mobile device SDK.
In the communication mode, the quantum secure SIM card may receive and store second encrypted data via the mobile device SDK, and: decrypting the first symmetric key Ka encrypted by the public key in the first encrypted data by utilizing a pre-stored corresponding private key (such as an ECC private key) to obtain the first symmetric key Ka; decrypting the shared quantum key K1 encrypted by the first symmetric key Ka in the first encrypted data by using the first symmetric key Ka to obtain the shared quantum key K1; and decrypting the second encrypted data by using the shared quantum key K1 to obtain a second symmetric key Kb, and taking the second symmetric key Kb as a session key.
It can be seen that, in the non-communication mode, the key related data stored in the quantum security SIM card are all in an encrypted form (stored in the form of the first encrypted data), and the plaintext of the second symmetric key Kb as the session key is generated only in the communication mode for secret communication, so that the security of the key data in the quantum security SIM card can be effectively ensured, thereby ensuring the confidentiality of communication.
As an embodiment, the quantum security SIM card may include a data interface, a key data storage unit, a session key storage unit, and an encryption and decryption unit.
The key data storage unit may be configured to store key data including, for example, first encrypted data and second encrypted data.
The data interface may be defined to allow for interaction of data, such as key data, to be invoked (e.g., mobile device SDK).
The encryption and decryption unit may perform encryption and decryption operations to obtain the session key Kb from the key data.
The session key storage unit may store the session key Kb for use in the secure communication process.
The workflow of the quantum secure SIM card based communication method according to the present invention will be described further in order to better understand the working principle of the communication system of the present invention.
Fig. 1 shows a schematic flow diagram of a communication system based on a quantum secure SIM card for implementing quantum key charging according to the present invention.
As shown in fig. 1, in the key filling mold, a key filling step will be performed.
In the key filling step, a first symmetric key Ka is generated by a quantum key service platform, and the shared quantum key K1 is encrypted by using the first symmetric key Ka to obtain the shared quantum key K1 encrypted by the first symmetric key Ka; and encrypting the first symmetric key Ka by using the ECC public key to obtain the first symmetric key Ka encrypted by the ECC public key. Thus, first encrypted data is formed on the quantum key service platform, which includes the shared quantum key K1 encrypted with the first symmetric key Ka, and the first symmetric key Ka encrypted with the ECC public key.
The quantum key service platform then sends the first encrypted data to the mobile device SDK.
The mobile device SDK allows storing the first encrypted data in the quantum secure SIM card by means of the interactive interface and the interface that invokes the quantum secure SIM card. Thus, the key filling of the quantum security SIM card is realized.
Fig. 2 shows a schematic flow diagram of a quantum secure SIM card based communication system for implementing encrypted communications according to the present invention.
When the upper layer application has a communication requirement, namely in a communication mode, the session key acquisition step is executed.
As shown in fig. 2, in the session key obtaining step, a session key request is sent via the SDK vector subkey service platform of the mobile device, and a session key of the present communication is applied.
The quantum key service platform responds to the session key request and generates a second symmetric key Kb (for example, 128 bits) serving as a session key of the communication; and the second symmetric key Kb is encrypted by utilizing the shared quantum key K1, so as to obtain second encrypted data, namely the second symmetric key Kb encrypted by the shared quantum key K1, and the second encrypted data is sent outwards.
The mobile equipment SDK receives the second encrypted data through the interaction interface and calls an interface of the quantum security SIM card to transmit the second encrypted data to the quantum security SIM card for storage.
The quantum security SIM card decrypts a first symmetric key Ka encrypted by an ECC public key in the first encrypted data by utilizing a pre-stored corresponding ECC private key to obtain the first symmetric key Ka; decrypting the shared quantum key K1 encrypted by the first symmetric key Ka in the first encrypted data by using the first symmetric key Ka to obtain the shared quantum key K1; and finally, decrypting the second symmetric key Kb encrypted by the shared quantum key K1 in the second encrypted data by using the shared quantum key K1 to obtain a second symmetric key Kb, and storing the second symmetric key Kb.
At this time, since the plaintext of the second symmetric key Kb, which is the session key, is already stored in the quantum security SIM card, the communication service partner can perform secure communication using the second symmetric key Kb stored in the quantum security SIM card as the session key.
In summary, by means of the communication system and method based on the quantum security SIM card provided by the invention, the SIM card can be allowed to directly provide the quantum key for the upper application (such as the mobile phone application) to realize the security protection of the communication process without changing the structure of the traditional SIM card by only adding the definition data interaction interface, and meanwhile, the communication system and method also have the functions of the identity recognition and the communication charging of the traditional SIM card. The session key and the encryption key thereof can be effectively ensured to be fresh and prestored by means of the cooperation design of the key filling mode and the communication mode, and the data security of the quantum security SIM card and the security protection of the communication process are ensured.
While the invention has been described in connection with the specific embodiments illustrated in the drawings, it will be readily appreciated by those skilled in the art that the above embodiments are merely illustrative of the principles of the invention, which are not intended to limit the scope of the invention, and various combinations, modifications and equivalents of the above embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention.

Claims (18)

1. A communication system based on a quantum security SIM card comprises a quantum key service platform, a mobile device SDK and the quantum security SIM card;
the quantum key service platform is configured to: forming and transmitting first encrypted data under a key charging mode, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and a first encryption key Ka encrypted by a public key; and forming and transmitting second encrypted data in a communication mode, the second encrypted data including a session key Kb encrypted with the shared quantum key K1;
the mobile device SDK is arranged to allow data interaction between the quantum key service platform and the quantum security SIM card;
the quantum secure SIM card is configured to: storing the first encrypted data under the key charging mode; and in the communication mode, obtaining the session key Kb for secret communication by means of a decryption operation based on the first encrypted data and the second encrypted data.
2. The communication system of claim 1, wherein the quantum key service platform is further configured to: generating the first encryption key Ka under the key charging mode, encrypting the shared quantum key K1 by using the first encryption key Ka, and encrypting the first encryption key Ka by using the public key; and/or in the communication mode, generating the session key Kb, and encrypting the session key Kb by using the shared quantum key K1.
3. The communication system of claim 1, wherein the quantum secure SIM card is further configured to: in the communication mode, decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
4. The communication system of claim 1, wherein:
the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb;
and/or the public key is an ECC public key.
5. The communication system of claim 1, wherein the symmetric encryption and decryption operations are implemented by means of exclusive-or operations.
6. The communication system of claim 1, wherein the mobile device SDK is configured to encapsulate an interaction interface for data interaction with the quantum key service platform and a call interface for data interaction with the quantum security SIM card;
the quantum security SIM card defines a data interface for allowing data interaction to be invoked by the mobile device SDK.
7. A communication method based on a quantum security SIM card comprises a key filling step and a session key obtaining step;
the key filling step is used for generating first encrypted data and storing the first encrypted data into the quantum security SIM card, wherein the first encrypted data comprises a shared quantum key K1 encrypted by a first encryption key Ka and a first encryption key Ka encrypted by a public key;
the session key obtaining step is used for: generating second encrypted data and storing the second encrypted data into the quantum security SIM card, wherein the second encrypted data comprises a session key Kb encrypted by the shared quantum key K1; and obtaining the session key Kb from the first encrypted data and the second encrypted data by means of a decryption operation in the quantum secure SIM card.
8. The communication method of claim 7, wherein:
in the key filling step, a quantum key service platform generates the first encryption key Ka, encrypts the shared quantum key K1 by using the first encryption key Ka, and encrypts the first encryption key Ka by using the public key;
in the session key obtaining step, the quantum key service platform generates the session key Kb, and encrypts the session key Kb by using the shared quantum key K1; and decrypting, by the quantum secure SIM card, the public-key-encrypted first encryption key Ka with a private key to obtain the first encryption key Ka, decrypting the first-encryption-key-encrypted shared quantum key K1 with the first encryption key Ka to obtain the shared quantum key K1, and decrypting the shared quantum key K1-encrypted session key Kb with the shared quantum key K1 to obtain the session key Kb.
9. The communication method of claim 8, wherein in the session key acquisition step, the quantum key service platform generates the session key Kb in response to a session key request.
10. The communication method of claim 7, further comprising the step of configuring a mobile device SDK to enable data interaction between a quantum key service platform and the quantum secure SIM card.
11. The communication method of claim 7, wherein:
the first encryption key Ka is a first symmetric key Ka, and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
12. The quantum security SIM card comprises a data interface, a key data storage unit, a session key storage unit and an encryption and decryption unit;
the key data storage unit is configured to store key data, wherein the key data includes first encrypted data including a shared quantum key K1 encrypted with a first encryption key Ka and a first encryption key Ka encrypted with a public key, and second encrypted data including a session key Kb encrypted with the shared quantum key K1;
the data interface is defined to allow interaction of the key data to be invoked;
the encryption and decryption unit is configured to obtain the session key Kb from the key data by means of a decryption operation;
the session key storage unit is arranged to store the session key Kb.
13. The quantum security SIM card of claim 12 wherein the encryption and decryption unit is configured to: decrypting the first encryption key Ka encrypted by the public key by using a private key to obtain the first encryption key Ka; decrypting the shared quantum key K1 encrypted by the first encryption key Ka by using the first encryption key Ka to obtain the shared quantum key K1; and decrypting the session key Kb encrypted by the shared quantum key K1 by using the shared quantum key K1 to obtain the session key Kb.
14. The quantum secure SIM card of claim 12 or 13, wherein the first encryption key Ka is a first symmetric key Ka and the session key Kb is a second symmetric key Kb; and/or the public key is an ECC public key.
15. The quantum secure SIM card of claim 12, wherein the encryption and decryption unit is configured to implement symmetric encryption and decryption operations by means of exclusive-or operations.
16. The quantum key service platform comprises a symmetric key generation unit, an encryption and decryption unit and a data interface;
the symmetric key generation unit is arranged to: generating a first encryption key Ka in a key charging mode and a session key Kb in a communication mode;
the encryption and decryption unit is configured to: encrypting a shared quantum key K1 with the first encryption key Ka under the key charging mode, and encrypting the first encryption key Ka with a public key, thereby forming first encrypted data; and in the communication mode, encrypting the session key Kb with the shared quantum key K1, thereby forming second encrypted data;
the data interface is configured for data interaction;
under the key filling mode, the first encrypted data is stored in the quantum security SIM card; in the communication mode, the second encrypted data is acquired by the quantum security SIM card to perform decryption operation based on the first encrypted data and the second encrypted data to obtain a session key Kb for secret communication.
17. The quantum key service platform of claim 16, wherein the public key is an ECC public key; and/or the encryption and decryption unit is set to realize symmetric encryption and decryption operation by means of exclusive or operation.
18. The quantum key service platform of claim 16, wherein the symmetric key generation unit is further configured to generate the session key Kb in response to a session key request.
CN202011616484.4A 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform Active CN114697008B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011616484.4A CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
PCT/CN2021/142320 WO2022143727A1 (en) 2020-12-30 2021-12-29 Quantum-safe sim card-based communication system and method, quantum-safe sim card, and key service platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011616484.4A CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform

Publications (2)

Publication Number Publication Date
CN114697008A CN114697008A (en) 2022-07-01
CN114697008B true CN114697008B (en) 2024-03-12

Family

ID=82132817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011616484.4A Active CN114697008B (en) 2020-12-30 2020-12-30 Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform

Country Status (2)

Country Link
CN (1) CN114697008B (en)
WO (1) WO2022143727A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208564A (en) * 2022-07-15 2022-10-18 安徽省极光智能科技有限公司 Mobile service platform safety management system based on quantum encryption
CN115348085B (en) * 2022-08-12 2023-06-02 长江量子(武汉)科技有限公司 Epidemic prevention management method based on quantum encryption and epidemic prevention terminal
CN115987506A (en) * 2022-12-28 2023-04-18 中电信量子科技有限公司 Quantum charging key integrity protection method and device
CN117220878B (en) * 2023-10-20 2024-05-28 合肥合燃华润燃气有限公司 Remote on-line quantum key management method for gas meter
CN119544199A (en) * 2024-10-28 2025-02-28 中移互联网有限公司 A key processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN106465121A (en) * 2014-05-23 2017-02-22 苹果公司 Electronic Subscriber Identity Module Configuration
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483808B (en) * 2008-01-07 2011-01-05 中兴通讯股份有限公司 Method for ensuring safety of multimedia broadcast service
GB201506045D0 (en) * 2015-04-09 2015-05-27 Vodafone Ip Licensing Ltd SIM security
CN111865589B (en) * 2020-08-14 2023-09-08 国科量子通信网络有限公司 Quantum communication encryption system and method for realizing mobile communication quantum encryption transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN106465121A (en) * 2014-05-23 2017-02-22 苹果公司 Electronic Subscriber Identity Module Configuration
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key

Also Published As

Publication number Publication date
WO2022143727A1 (en) 2022-07-07
CN114697008A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN114697008B (en) Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
CN101340443B (en) Session key negotiating method, system and server in communication network
KR101438243B1 (en) SIM based authentication method
CN110519041B (en) Attribute-based encryption method based on SM9 identification encryption
CN103458382B (en) Hardware encryption transmission and storage method and system for mobile phone private short message
US20100135491A1 (en) Authentication method
CN101720071A (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN101141680A (en) Short message encrypting transmission and reception method
CN108599944A (en) A kind of identifying code short message transparent encryption method based on handset identities
CN104239808A (en) Method and device for encryption transmission of data
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN114567470A (en) SDK-based key splitting verification system and method under multiple systems
CN102264068B (en) Shared key consultation method, system, network platform and terminal
JP2022533274A (en) Quantum resistant SIM card
CN117640084A (en) Method, gateway and system for protecting communication data by quantum encryption
CN103458401B (en) A kind of voice encryption communication system and communication means
CN105262759A (en) Method and system for encrypted communication
KR101728338B1 (en) Call Security System
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
CN215186781U (en) Quantum computing resistant mobile communication system based on quantum secret communication network
WO2009004411A1 (en) Communication device with secure storage of user data
CN114095205A (en) A communication system and method for encrypted transmission of battery remote core capacity data
CN104955037A (en) Communication encryption method and device for GSM (global system for mobile communications) mobile phones
JPH08139718A (en) Cryptographic device and communication method between terminals using the same
CN115119150B (en) Short message encryption and decryption method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant