A modern cryptography system is mainly based on unidirectivity of computation, of which security is achieved only through experience; a future quantum computer makes fast prime factorization algorithm possible, thus foundations of the conventional cryptosystem are no longer required. The quantum key distribution technology is a new means of communication encryption emerging in recent years, which uses the single-photon quantum states encoding information to distribute a same string of random numbers of arbitrary length between a quantum signal transmitter and a quantum signal receiver located at different places, i.e., both sharing a large number of random keys. The random keys can be used to encrypt information to be transmitted between the two places. Due to the indivisibility of a single photon and quantum no-cloning theorem, the quantum key distribution can't be eavesdropped according to physical principles, having the highest level of security at present. If classical information is encrypted and decrypted by OTP (One-Time Pad), unconditional security for information transmission will be guaranteed.
In current technology, taking into account decay of the single photon in an optical-fiber channel and detection efficiency of a detector, it is hard to generate a shared quantum key available for practical secure communication if distance between the two places is beyond a certain scope. Thus, it is required to introduce trusted relay equipment between the two places, which are far away from each other, for quantum secure communication.
According to conventional mobile encryption systems and communication methods based on the quantum key distribution network, a mobile terminal is registered for accessing the network and then is connected to a quantum terminal, and applies to the quantum terminal for shared keys with a certain amount. After downloading the keys, the mobile terminal has a binding relationship with a specific quantum centralized control station, registers with the quantum centralized control station, and uses the quantum centralized control station as a calling centralized control station. When the mobile terminal communicates, the mobile terminal transfers ciphertext to the calling centralized control station. The calling centralized control station re-encrypts the ciphertext and transfers the ciphertext to a called centralized control station. The called centralized control station re-encrypts the ciphertext and transfers the ciphertext to a called user. The called user decrypts the ciphertext for plaintext, and the communication ends.
The technical solution may work well in mobile communication, but there are certain limitations for it is difficult to meet all mobile communication requirements. Ciphertext relay mobile secure communication is adopted in the foregoing technical solution. That is, the ciphertext, i.e., encrypted effective communication information load (plaintext information, such as short message and voice), is transferred among quantum centralized control stations in a quantum secure communication network. The transfer of the ciphertext data stream follows the path ‘calling terminal—calling centralized control station—relay centralized control station(s) (number: 0-n)—called centralized control station—called terminal’. This path is different from that of the data stream in some conventional mobile communication services, such as SIP call. During the call, the voice data stream is directly transferred between two mobile terminal devices in the form of point-to-point without flowing through the secure quantum communication network. Another example is SMS short message. The short message sent from the mobile phone is transferred through a proprietary network of telecom operators (China Mobile, China Telecom, China Unicom, etc.), without flowing through the secure quantum communication network either. Thus, for the above mentioned communication services with a proprietary data stream path, the ciphertext relay is a little troublesome. If necessary, the ciphertext relay can be adopted in these services usually by two ways. According to the first way, large-scale modifications are made to a conventional service link and logic, and a quantum security function is introduced. For example, if the SMS short message needs to be encrypted through the ciphertext relay, the network of telecom operators has to be changed to include quantum devices matching the nodes in the networks of China Mobile or China Unicom when the short message follows through the nodes, which complicates the whole system drastically and increases development and configuration costs. According to the second way, the conventional service link is abandoned, and a proprietary service link is established in the quantum secure network. The foregoing SMS is still taken as an example. The short message sent by the mobile phone is transferred to the quantum secure network wirelessly, without passing through the networks of telecom operators, and then is sent to a receiver through ciphertext relay. In this way, mobile terminals need to be customized, and communication services need to be realized in the quantum secure network (for example, in order to receive and send short messages in the ciphertext relay mobile secure communication scheme, it is required to provide a short message server in the quantum secure network first, and then modify the mobile terminal. Thus the short message is directly sent to the proprietary short message server without passing through networks of telecom operators). The cost is high, realization is complicated, and products are not compatible with conventional networks of telecom operators, which is disadvantageous for promotion.
In addition, characteristics of the ciphertext relay mobile secure communication determine the following content: only when a specific service between two communicating parties is truly established, and the plaintext required to be transferred is generated, encryption and transfer may be started. If there are too many relay nodes in the transferring path and the transfer takes long time, service delay is bound to be increased. For communication services with a high real-time requirement (such as SIP voice call, video call, etc.), user experience may be poor.
Hence, key relay mobile secure communication is adopted in the disclosure to solve the above problems. That is, the data relayed between centralized control stations is the service keys required by the communication instead of the ciphertext. Due to the characteristics of the quantum key, the generation of a shared quantum key is limited by the distance between two places. Thus new trusted relay devices need to be provided between the two places to relay the practical communication service keys if a quantum key distribution network with specific physical coverage is to be built. In some communication services with high real-time requirement, even if the key relay mobile secure communication is adopted, there could be a problem of delayed arrival of the keys caused by a large number of concurrent calls and relay nodes and long time consumed in the generation and relay of the service keys, which lowers the quality of service.