Search

CN-122001566-A - Terminal roaming method and terminal roaming system

CN122001566ACN 122001566 ACN122001566 ACN 122001566ACN-122001566-A

Abstract

The application discloses a terminal roaming method. The method comprises the steps of responding to a registration request initiated by a service terminal, generating a plurality of filling keys through a first quantum cryptography service node, dividing each filling key to obtain a plurality of filling key shares corresponding to each filling key, sending the filling key shares to a second quantum cryptography service node outside the first quantum cryptography service node in a quantum cryptography service platform, responding to an encryption request sent by the service terminal under the condition of roaming to a third quantum cryptography service node, obtaining a target filling key share of a target filling key in the second quantum cryptography service node, and determining the target filling key according to the target filling key shares so that the service terminal carries out encryption communication according to the target filling key. Therefore, the charging key share is stored in a distributed mode, so that even if the home node fails, the service terminal can still acquire the target charging key, and the continuity of terminal roaming communication is guaranteed.

Inventors

  • WANG DAWEI

Assignees

  • 中电信量子信息科技集团有限公司

Dates

Publication Date
20260508
Application Date
20251218

Claims (10)

  1. 1. A terminal roaming method, the method comprising: responding to a registration request initiated by a service terminal, and generating a plurality of charging keys through a first quantum cryptography service node, wherein the first quantum cryptography service node is a home node of the service terminal; Dividing each filling key to obtain a plurality of filling key shares corresponding to each filling key, and issuing the filling key shares to a second quantum cryptography service node except the first quantum cryptography service node in a quantum cryptography service platform; responding to an encryption request sent by the service terminal when the service terminal roams to a third quantum cryptography service node, and acquiring a target filling key share of a target filling key in the second quantum cryptography service node, wherein the target filling key is one of the plurality of filling keys, and the third quantum cryptography service node is one of the second quantum cryptography service nodes; And determining the target filling key according to the target filling key share so that the service terminal performs encryption communication according to the target filling key.
  2. 2. The method of claim 1, wherein the splitting each of the filling keys to obtain a plurality of filling key shares corresponding to each of the filling keys, and issuing the filling key shares to a second quantum cryptography service node in the quantum cryptography service platform, the second quantum cryptography service node being other than the first quantum cryptography service node, comprises: Dividing each filling key to generate a plurality of filling key shares corresponding to each filling key; Packaging the filling key shares to obtain a plurality of filling key share packages, wherein the plurality of filling key shares in each filling key share package are divided in the same sequence in the corresponding filling key; and respectively issuing each of the plurality of filling key share packages to one second quantum cryptography service node.
  3. 3. The method of claim 2, wherein said issuing each of said plurality of said charge key share packages to one of said second quantum cryptography service nodes, respectively, comprises: negotiating with a first target quantum cryptography service node to generate a first session key, wherein the first target quantum cryptography service node is one of the second quantum cryptography service nodes; encrypting a first target filling key share package according to the first session key, and generating a first target encrypted filling key share package, wherein the first target filling key share package is one of a plurality of filling key share packages; and transmitting the first target encryption charging key share package to the first target quantum cryptography service node.
  4. 4. The method according to claim 2, wherein the obtaining, in response to the encryption request sent by the service terminal in the case of roaming to the third quantum cryptography service node, the target charge key share of the target charge key at the second quantum cryptography service node includes: acquiring an identity and a key identification list of the service terminal; Determining any one of the key identification list as a target filling key identification; and sending a target filling key share acquisition request to the second quantum cryptography service node, and acquiring the target filling key share.
  5. 5. The method of claim 4, wherein the sending a target charging key share acquisition request to the second quantum cryptography service node, acquiring the target charging key share, comprises: Negotiating with a second target quantum cryptography service node to generate a second session key, wherein the second target quantum cryptography service node receives the target filling key share acquisition request, negotiates with the third quantum cryptography service node to generate the second session key under the condition that the target filling key share exists, encrypts the target filling key share according to the second session key to generate an encrypted target filling key share, and sends the encrypted target filling key share to the third quantum cryptography service node, and the second target quantum cryptography service node is a quantum cryptography service node in which the target filling key share is stored in the second quantum cryptography service node; Receiving the encrypted target charging key share; and decrypting the encrypted target filling key share according to the second session key to obtain the target filling key share.
  6. 6. The method of claim 1, wherein the determining the target charging key based on the target charging key share to enable the service terminal to perform encrypted communication based on the target charging key comprises: And determining the target filling key according to the target filling key share under the condition that the number of the target filling key shares is larger than or equal to a preset number.
  7. 7. The method of claim 5, wherein the method further comprises: Sending the filling key share package acquisition request to the second quantum cryptography service node; And determining a plurality of filling keys according to the filling key share package.
  8. 8. The method of claim 7, wherein the sending the charge key share package acquisition request to the second quantum cryptography service node comprises: A second target filling key share package obtaining request is sent to the second target quantum cryptography service node, wherein the second target quantum cryptography service node encrypts the second target filling key share package according to the second session key, generates a second target encryption filling key share package, and sends the second target encryption filling key share package to the third quantum cryptography service node, and the second target filling key share package is one of a plurality of filling key share packages; receiving the second target encrypted charging key share package; Decrypting the second target encrypted charging key share package according to the second session key to obtain the second target charging key share package; And determining a plurality of filling keys according to the second target filling key share package.
  9. 9. The method of claim 8, wherein said determining a plurality of said inflation keys from said inflation key share package comprises: And under the condition that the number of the filling key share packages is larger than or equal to the preset number, extracting filling key shares corresponding to each filling key from the filling key share packages, and determining the filling keys.
  10. 10. A terminal roaming system is characterized in that the system comprises a service terminal, a first quantum cryptography service node, a second quantum cryptography service node and a third quantum cryptography service node, wherein, The first quantum cryptography service node is configured to generate a plurality of charging keys in response to a registration request initiated by the service terminal, wherein the first quantum cryptography service node is a home node of the service terminal; dividing each filling key to obtain a plurality of filling key shares corresponding to each filling key, and issuing the filling key shares to the second quantum cryptography service nodes except the first quantum cryptography service node in the quantum cryptography service platform; The third quantum cryptography service node is configured to obtain a target filling key share of a target filling key in the second quantum cryptography service node in response to an encryption request sent by the service terminal when the service terminal roams to the third quantum cryptography service node, wherein the target filling key is one of the plurality of filling keys, and the third quantum cryptography service node is one of the second quantum cryptography service nodes; And determining the target filling key according to the target filling key share so that the service terminal performs encryption communication according to the target filling key.

Description

Terminal roaming method and terminal roaming system Technical Field The present application relates to the field of communications technologies, and in particular, to a terminal roaming method and a terminal roaming system. Background In the quantum communication process, the quantum key is generally distributed by centering the user home node, when the user terminal roams to a new quantum cipher service node, the new node can not independently provide key service, and the continuous progress of encrypted communication can be ensured by establishing communication with the original home node and acquiring authorization or key resources. However, when the home node fails, the new quantum cryptography service node cannot acquire necessary key data or authorization information from the failed node, so that the key distribution link is directly broken, and the continuity of roaming communication of the user terminal cannot be ensured. Disclosure of Invention The application provides a terminal roaming method and a terminal roaming system. The embodiment of the application provides a terminal roaming method, which comprises the following steps: responding to a registration request initiated by a service terminal, and generating a plurality of charging keys through a first quantum cryptography service node, wherein the first quantum cryptography service node is a home node of the service terminal; Dividing each filling key to obtain a plurality of filling key shares corresponding to each filling key, and issuing the filling key shares to a second quantum cryptography service node except the first quantum cryptography service node in a quantum cryptography service platform; responding to an encryption request sent by the service terminal when the service terminal roams to a third quantum cryptography service node, and acquiring a target filling key share of a target filling key in the second quantum cryptography service node, wherein the target filling key is one of the plurality of filling keys, and the third quantum cryptography service node is one of the second quantum cryptography service nodes; And determining the target filling key according to the target filling key share so that the service terminal performs encryption communication according to the target filling key. Therefore, the dependence of terminal roaming communication on a single attribution node is eliminated through the distributed storage of the filling key shares, so that even if a first quantum cryptography service node fails, a third quantum cryptography service node can still acquire key shares from other second quantum cryptography service nodes to recover the target filling key, continuity and safety of terminal roaming communication are guaranteed to a certain extent, and reliability and practicability of quantum communication are improved. In some embodiments, the splitting the charging key to obtain a plurality of charging key shares corresponding to each charging key, and issuing the charging key shares to a second quantum cryptography service node in the quantum cryptography service platform, where the second quantum cryptography service node is other than the first quantum cryptography service node, includes: Dividing each filling key to generate a plurality of filling key shares corresponding to each filling key; Packaging the filling key shares to obtain a plurality of filling key share packages, wherein the plurality of filling key shares in each filling key share package are divided in the same sequence in the corresponding filling key; and respectively issuing each of the plurality of filling key share packages to one second quantum cryptography service node. Therefore, when the multiple filling keys are recovered, the shares corresponding to the serial numbers can be directly extracted from each share package, the processes of share extraction and key recovery are simplified to a certain extent, the key recovery time is shortened, seamless connection of encrypted communication is guaranteed, roaming experience of a user terminal is improved, each share package is respectively issued to different nodes, physical isolation storage of shares is realized, even if a certain second quantum cryptography service node is attacked or fails, only part of shares are affected, complete key leakage is not caused, and the anti-risk capability of key storage is improved. In some embodiments, said issuing each of said plurality of said charged key share packages to one of said second quantum cryptography service nodes, respectively, comprises: negotiating with a first target quantum cryptography service node to generate a first session key, wherein the first target quantum cryptography service node is one of the second quantum cryptography service nodes; encrypting a first target filling key share package according to the first session key, and generating a first target encrypted filling key share package, wherein the first target filling key