Abstract: The security of classical network communication is mostly based on computational security, which is nonunconditional. The emergence of quantum key distribution (QKD) network based on physical security changes this situation. By means of quantum key distribution network generated quantum key, classical network data communication can achieve unconditional security. At present, the most effective information system authentication method is based on the identity authentication method of PKI (public key infrastructure). Its security depends on the security of public key encryption. The security of public key encryption is based on the complexity of large number decomposition. Based on the quantum cryptography network, a quantum key digital certificate system can be constructed by means of a trusted center, and a quantum key infrastructure (QKI) with quantum authentication mechanism (QCA) is established. Quantum key digital certificate in the identification and digital signature of the specific application methods.

Key words: quantum key distribution (QKD), quantum cryptography network, public key infrastructure (PKI), quantum key digital certificate, symmetric key signature

摘要： 经典网络通信的安全性多是基于计算安全的，是非无条件安全的.基于物理安全性的量子密钥分发(quantum key distribution, QKD)网络的出现改变了这一现状, 借助于量子密钥分发网络生成的量子密钥，经典网络数据通信可达到无条件安全性.现阶段最有效的信息系统身份认证方法是基于公钥基础设施(public key infrastructure, PKI)的身份认证方法，其安全性依赖于公钥加密的安全性，公钥加密的安全性基于大数分解的复杂性.基于量子密码网络借助可信中心构建了一种可达到无条件安全级别的量子密钥数字证书系统，建立以量子认证机构(QCA)为核心的量子密钥基础设施(quantum key infrastructure, QKI)，并给出了量子密钥数字证书在身份认证及数字签名方面的具体应用方法.

关键词: 量子密钥分发, 量子密码网络, 公钥基础设施, 量子密钥数字证书, 对称密钥签名