[go: up one dir, main page]

CN116055042A - A quantum key encryption method, device, equipment and storage medium - Google Patents

A quantum key encryption method, device, equipment and storage medium Download PDF

Info

Publication number
CN116055042A
CN116055042A CN202310065494.0A CN202310065494A CN116055042A CN 116055042 A CN116055042 A CN 116055042A CN 202310065494 A CN202310065494 A CN 202310065494A CN 116055042 A CN116055042 A CN 116055042A
Authority
CN
China
Prior art keywords
quantum key
quantum
management server
client
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310065494.0A
Other languages
Chinese (zh)
Inventor
周鹏
许敏
戚伟强
陈逍潇
孙嘉赛
杨帆
董科
孙望舒
陆鑫
钱经玮
周慧凯
吴昊
俞欣
钱锦
王臻
陈超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202310065494.0A priority Critical patent/CN116055042A/en
Publication of CN116055042A publication Critical patent/CN116055042A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a quantum key encryption method, a device, equipment and a storage medium, comprising the following steps: the quantum key management server obtains a quantum key; the quantum key management server distributes the quantum key to a client passing authentication based on a quantum key filling machine, and the client passing authentication has data to be encrypted; and the client side passing the authentication encrypts the data to be encrypted based on the quantum key. In this way, in order to cope with the brute force cracking of the quantum computer, the application proposes to encrypt the data to be encrypted by using the quantum key, so that the brute force cracking from the quantum computer can be resisted effectively, and the safety of data communication in the data transmission process is improved.

Description

一种量子密钥加密方法、装置、设备及存储介质A quantum key encryption method, device, equipment and storage medium

技术领域technical field

本申请涉及量子通信技术和信息科学技术领域,特别是涉及一种量子密钥加密方法、装置、设备及存储介质。The present application relates to the fields of quantum communication technology and information science technology, in particular to a quantum key encryption method, device, equipment and storage medium.

背景技术Background technique

在电力行业,电力通信网是电力业务系统的组成成分,电力通信网的安全运行是电力业务系统稳定运行的保障,其中,电力通信网中的系统运行指令、控制指令等均涉及较多的隐私数据,因此需要在数据的传输过程中对数据进行加密,以保障数据的安全性。In the power industry, the power communication network is a component of the power business system, and the safe operation of the power communication network is the guarantee for the stable operation of the power business system. Among them, the system operation instructions and control commands in the power communication network involve more privacy Therefore, the data needs to be encrypted during the data transmission to ensure the security of the data.

目前,电力行业采用传统的数据加密算法(如:非对称加密算法)对数据进行加密,采用公钥对数据进行加密,然后用私钥对数据进行解密,在通信时只传输公钥。但是随着人工智能、超级计算机以及量子计算机的快速发展,基于传统数据加密算法的通信存在被暴力破解的风险,导致数据通信的安全性不高。At present, the power industry uses traditional data encryption algorithms (such as asymmetric encryption algorithms) to encrypt data, encrypts data with public keys, and then decrypts data with private keys, and only transmits public keys during communication. However, with the rapid development of artificial intelligence, supercomputers, and quantum computers, communication based on traditional data encryption algorithms is at risk of being cracked by violence, resulting in low security of data communication.

因此,如何提高数据通信的安全性是本领域技术人员关注的重点问题。Therefore, how to improve the security of data communication is a key issue concerned by those skilled in the art.

发明内容Contents of the invention

基于上述问题,本申请提供了一种量子密钥加密方法、装置、设备及存储介质,以提高数据通信的安全性。本申请实施例公开了如下技术方案:Based on the above problems, the present application provides a quantum key encryption method, device, equipment and storage medium to improve the security of data communication. The embodiment of the application discloses the following technical solutions:

第一方面,本申请公开了一种量子密钥加密方法,包括:In the first aspect, the application discloses a quantum key encryption method, including:

量子密钥管理服务器获取量子密钥;The quantum key management server obtains the quantum key;

所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据;The quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted;

所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。The authenticated client encrypts the data to be encrypted based on the quantum key.

可选的,在所述量子密钥管理服务器获取量子密钥之前,还包括:Optionally, before the quantum key management server obtains the quantum key, it also includes:

所述量子密钥管理服务器获取量子随机数;The quantum key management server obtains a quantum random number;

所述量子密钥管理服务器获取量子密钥,包括:The quantum key management server obtains the quantum key, including:

所述量子密钥管理服务器基于所述量子随机数获得所述量子密钥。The quantum key management server obtains the quantum key based on the quantum random number.

可选的,在所述所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端之前,还包括:Optionally, before the quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, it further includes:

所述量子密钥管理服务器与客户端进行身份认证;The quantum key management server performs identity authentication with the client;

响应于身份认证通过,将所述客户端确定为所述认证通过的客户端。In response to passing the identity authentication, determine the client as the client passing the authentication.

可选的,所述所述量子密钥管理服务器与客户端进行身份认证,包括:Optionally, the quantum key management server and the client perform identity authentication, including:

所述客户端向所述量子密钥管理服务器发起第一请求报文;The client initiates a first request message to the quantum key management server;

响应于所述第一请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第一应答报文;In response to passing the verification of the first request message, the quantum key management server returns a first response message to the client;

所述客户端基于所述第一应答报文获得第二请求报文,并向所述量子密钥管理服务器发起所述第二请求报文;The client obtains a second request message based on the first response message, and initiates the second request message to the quantum key management server;

响应于所述第二请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第二应答报文。In response to the second request message passing the verification, the quantum key management server returns a second response message to the client.

可选的,还包括:Optionally, also include:

所述量子密钥管理服务器利用量子密钥加密技术对所述第一请求报文、所述第一应答报文、所述第二请求报文和所述第二应答报文进行加密。The quantum key management server encrypts the first request packet, the first response packet, the second request packet, and the second response packet using quantum key encryption technology.

可选的,所述所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密之前,还包括:Optionally, before the authenticated client encrypts the data to be encrypted based on the quantum key, it further includes:

所述量子密钥管理服务器预设所述量子密钥的密钥使用参数;The quantum key management server presets key usage parameters of the quantum key;

所述所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密,包括:The client that has passed the authentication encrypts the data to be encrypted based on the quantum key, including:

所述认证通过的客户端基于所述密钥使用参数,使用所述量子密钥对所述待加密数据进行加密。The authenticated client uses the quantum key to encrypt the data to be encrypted based on the key usage parameter.

可选的,所述所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,包括:Optionally, the quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, including:

所述量子密钥管理服务器将所述量子密钥写入所述量子密钥充注机的量子TF卡和量子Ukey中;The quantum key management server writes the quantum key into the quantum TF card and the quantum Ukey of the quantum key filling machine;

利用所述量子TF卡和所述量子Ukey对应的接口将所述量子密钥导入给所述认证通过的客户端。Import the quantum key to the authenticated client by using the interface corresponding to the quantum TF card and the quantum Ukey.

第二方面,本申请公开了一种量子密钥加密装置,包括:In a second aspect, the present application discloses a quantum key encryption device, including:

获取模块,用于获取量子密钥;Obtaining module, used for obtaining quantum key;

分发模块,用于基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据;A distribution module, configured to distribute the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted;

加密模块,用于基于所述量子密钥对所述待加密数据进行加密。An encryption module, configured to encrypt the data to be encrypted based on the quantum key.

可选的,还包括:Optionally, also include:

第一获取子单元,用于获取量子随机数;The first obtaining subunit is used to obtain quantum random numbers;

所述获取模块,具体用于:The acquisition module is specifically used for:

基于所述量子随机数获得所述量子密钥。The quantum key is obtained based on the quantum random number.

可选的,还包括:Optionally, also include:

认证模块,用于使所述量子密钥管理服务器与客户端进行身份认证;An authentication module, configured to enable the quantum key management server and the client to perform identity authentication;

确定模块,用于响应于身份认证通过,将所述客户端确定为所述认证通过的客户端。A determining module, configured to, in response to passing the identity authentication, determine the client as the client passing the authentication.

可选的,所述认证模块,具体用于:Optionally, the authentication module is specifically used for:

所述客户端向所述量子密钥管理服务器发起第一请求报文;The client initiates a first request message to the quantum key management server;

响应于所述第一请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第一应答报文;In response to passing the verification of the first request message, the quantum key management server returns a first response message to the client;

所述客户端基于所述第一应答报文获得第二请求报文,并向所述量子密钥管理服务器发起所述第二请求报文;The client obtains a second request message based on the first response message, and initiates the second request message to the quantum key management server;

响应于所述第二请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第二应答报文。In response to the second request message passing the verification, the quantum key management server returns a second response message to the client.

可选的,还包括:Optionally, also include:

第一加密子单元,用于利用量子密钥加密技术对所述第一请求报文、所述第一应答报文、所述第二请求报文和所述第二应答报文进行加密。The first encryption subunit is configured to encrypt the first request packet, the first response packet, the second request packet, and the second response packet using quantum key encryption technology.

可选的,还包括:Optionally, also include:

预设模块,用于预设所述量子密钥的密钥使用参数;A preset module, configured to preset key usage parameters of the quantum key;

所述加密模块,具体用于:The encryption module is specifically used for:

基于所述密钥使用参数,使用所述量子密钥对所述待加密数据进行加密。The quantum key is used to encrypt the data to be encrypted based on the key usage parameter.

可选的,所述分发模块,具体用于:Optionally, the distribution module is specifically used for:

将所述量子密钥写入所述量子密钥充注机的量子TF卡和量子Ukey中;Write the quantum key into the quantum TF card and the quantum Ukey of the quantum key filling machine;

利用所述量子TF卡和所述量子Ukey对应的接口将所述量子密钥导入给所述认证通过的客户端。Import the quantum key to the authenticated client by using the interface corresponding to the quantum TF card and the quantum Ukey.

第三方面,本申请实施例提供了一种电子设备,包括:In a third aspect, the embodiment of the present application provides an electronic device, including:

存储器,用于存储计算机程序;memory for storing computer programs;

处理器,用于执行所述计算机程序时实现上述量子密钥加密方法的步骤。A processor, configured to implement the steps of the above-mentioned quantum key encryption method when executing the computer program.

第四方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述量子密钥加密方法的步骤。In a fourth aspect, the embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the above-mentioned quantum key encryption method are implemented.

相较于现有技术,本申请具有以下有益效果:Compared with the prior art, the present application has the following beneficial effects:

在本申请中,首先由量子密钥管理服务器获取量子密钥,然后所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据,最后所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。如此,在本申请中,为了应对量子计算机的暴力破解,提出利用量子密钥对待加密的数据进行加密,可以有力的抵抗来自量子计算机的暴力破解,并提高了数据传输过程中数据通信的安全性。In this application, the quantum key is first obtained by the quantum key management server, and then the quantum key management server distributes the quantum key to the client who passes the authentication based on the quantum key filling machine, and the authentication passes There is data to be encrypted in the client, and finally the authenticated client encrypts the data to be encrypted based on the quantum key. In this way, in this application, in order to cope with the brute force cracking of the quantum computer, it is proposed to use the quantum key to encrypt the data to be encrypted, which can effectively resist the brute force cracking from the quantum computer, and improve the security of data communication during data transmission .

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present application. Those skilled in the art can also obtain other drawings based on these drawings without any creative effort.

图1为本申请实施例提供的一种量子密钥加密方法的流程图;Fig. 1 is the flowchart of a kind of quantum key encryption method that the embodiment of the present application provides;

图2为本申请实施例提供的基于SM4的量子密钥加密技术流程框架的示意图;Fig. 2 is a schematic diagram of the SM4-based quantum key encryption technology process framework provided by the embodiment of the present application;

图3为本申请实施例提供的身份认证的流程示意图;FIG. 3 is a schematic flow diagram of the identity authentication provided by the embodiment of the present application;

图4为本申请实施例提供的一种量子密钥加密装置的结构示意图;FIG. 4 is a schematic structural diagram of a quantum key encryption device provided in an embodiment of the present application;

图5为本申请实施例提供的一种电子设备结构示意图。FIG. 5 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请一部分实施例,而不是全部实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下,所获得的所有其他实施例,都属于本申请保护范围。The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of this application.

需要说明的是,本申请提供的一种量子密钥加密方法、装置、设备及存储介质,用于量子通信技术和信息科学技术领域,上述仅为示例,并不对本申请提供的方法、装置、设备及存储介质名称的应用领域进行限定。It should be noted that a quantum key encryption method, device, device, and storage medium provided by this application are used in the fields of quantum communication technology and information science technology. The application field of the device and storage medium name is limited.

正如前文描述,在电力行业,电力通信网是电力业务系统的组成成分,电力通信网的安全运行是电力业务系统稳定运行的保障,其中,电力通信网中的系统运行指令、控制指令等均涉及较多的隐私数据,因此需要在数据的传输过程中对数据进行加密,以保障数据的安全性。目前,电力行业采用传统的数据加密算法(如:非对称加密算法)对数据进行加密,采用公钥对数据进行加密,然后用私钥对数据进行解密,在通信时只传输公钥。但是随着人工智能、超级计算机以及量子计算机的快速发展,基于传统数据加密算法的通信存在被暴力破解的风险,导致数据通信的安全性不高。由此,如何提高数据通信的安全性是本领域技术人员关注的重点问题。As described above, in the power industry, the power communication network is a component of the power business system, and the safe operation of the power communication network is the guarantee for the stable operation of the power business system. Among them, the system operation instructions and control commands in the power communication network all involve There is a lot of private data, so it is necessary to encrypt the data during the data transmission to ensure the security of the data. At present, the power industry uses traditional data encryption algorithms (such as asymmetric encryption algorithms) to encrypt data, encrypts data with public keys, and then decrypts data with private keys, and only transmits public keys during communication. However, with the rapid development of artificial intelligence, supercomputers, and quantum computers, communication based on traditional data encryption algorithms is at risk of being cracked by violence, resulting in low security of data communication. Therefore, how to improve the security of data communication is a key issue that those skilled in the art pay attention to.

所以发明人提出本申请技术方案,在本申请中,首先由量子密钥管理服务器获取量子密钥,然后所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据,最后所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。如此,在本申请中,为了应对量子计算机的暴力破解,提出利用量子密钥对待加密的数据进行加密,可以有力的抵抗来自量子计算机的暴力破解,并提高了数据传输过程中数据通信的安全性。Therefore, the inventor proposes the technical solution of this application. In this application, the quantum key is firstly obtained by the quantum key management server, and then the quantum key management server distributes the quantum key to the authenticator based on the quantum key filling machine. For the client that passes the authentication, the client that passes the authentication has data to be encrypted, and finally the client that passes the authentication encrypts the data to be encrypted based on the quantum key. In this way, in this application, in order to cope with the brute force cracking of the quantum computer, it is proposed to use the quantum key to encrypt the data to be encrypted, which can effectively resist the brute force cracking from the quantum computer, and improve the security of data communication during data transmission .

接下来对本申请中可能出现的技术术语进行解释说明。Next, technical terms that may appear in this application are explained.

量子随机数发生器:其是一类特殊的随机数发生器,它依据量子力学的概率性本质进行设计的,通过量子随机源产生量子信号,对量子信号进行采样、后处理得到随机数,这种方法产生的随机数具有天然的随机性,不受初始条件和环境的影响,是一种经过理论验证的真随机数。Quantum random number generator: It is a special kind of random number generator, which is designed according to the probabilistic nature of quantum mechanics. It generates quantum signals through quantum random sources, samples the quantum signals, and obtains random numbers after post-processing. The random number generated by this method has natural randomness and is not affected by the initial conditions and the environment. It is a theoretically verified true random number.

量子密钥充注机:是量子密钥资源的“续航站”,量子安全U盾、量子安全TF卡等安全介质可以通过量子密钥充注机安全可信地就近接入量子保密通信网络,更新量子密钥资源,为量子移动安全续航。Quantum key filling machine: It is the "endurance station" of quantum key resources. Security media such as quantum security U-shield and quantum security TF card can be safely and reliably connected to the quantum security communication network nearby through the quantum key filling machine. Update quantum key resources to support quantum mobile security.

为了使本技术领域的人员更好地理解本申请方案,下面结合附图和具体实施方式对本申请作进一步的详细说明。In order to enable those skilled in the art to better understand the solution of the present application, the present application will be further described in detail below in conjunction with the drawings and specific implementation methods.

方法实施例method embodiment

以下通过一个实施例,对本申请提供的一种量子密钥加密方法进行说明。A quantum key encryption method provided by this application is described below through an embodiment.

参见图1,该图为本申请实施例提供的一种量子密钥加密方法的流程图,如图1所示,该方法包括:Referring to Fig. 1, this figure is a flow chart of a quantum key encryption method provided in the embodiment of the present application, as shown in Fig. 1, the method includes:

S101:量子密钥管理服务器获取量子密钥。S101: The quantum key management server acquires the quantum key.

在本步骤中,首先由量子密钥管理服务器获取量子随机数发生器生成的量子随机数,然后通过量子密钥管理服务器集中管理量子随机数,并将量子随机数经过合规性处理,以获得量子密钥。其中,合规性处理包括利用不同的协议规范获得量子密钥。In this step, the quantum random number generated by the quantum random number generator is first obtained by the quantum key management server, and then the quantum random number is managed centrally by the quantum key management server, and the quantum random number is subjected to compliance processing to obtain Quantum key. Among them, compliance processing includes using different protocol specifications to obtain quantum keys.

可以理解的是,量子随机数发生器会不断的接收光子,并获取光子经过量子随机数发生器后的方向,若该方向在量子随机数发生器上方,可记作比特1,若该方向在量子随机数发生器下方,可记作比特0,以此来组成量子随机数,若一次性获取到100个光子,那最后获得的量子密钥就是100位的。It is understandable that the quantum random number generator will continuously receive photons and obtain the direction of the photon passing through the quantum random number generator. If the direction is above the quantum random number generator, it can be recorded as bit 1. If the direction is in Below the quantum random number generator, it can be recorded as bit 0 to form a quantum random number. If 100 photons are obtained at one time, the final quantum key obtained will be 100 bits.

需要说明的是,本申请中的量子随机数发生器基于放大自发辐射、激光器相位噪声、真空态的统计涨落等三种生成方案,可以实现实时高速的量子真随机输出。通过该量子随机数发生器生成随机数,满足真随机性要求,随机数产生速率可达500Mbps以上。It should be noted that the quantum random number generator in this application is based on three generation schemes: amplified spontaneous emission, laser phase noise, and statistical fluctuation of vacuum state, which can realize real-time high-speed quantum true random output. Random numbers are generated by the quantum random number generator to meet the requirements of true randomness, and the random number generation rate can reach more than 500Mbps.

在一种可实现的实施方式中,量子密钥管理服务器将获得的量子密钥通过量子密钥加密技术分布存储于N个量子密钥服务库中,以便N个量子密钥服务库节点之间相互备份数据,提高了并发访问性能,每个量子密钥服务库节点支持大容量存储,提高了量子密钥的可靠性。该量子密钥加密技术可以是基于SM4的量子密钥加密技术。In a realizable implementation, the quantum key management server distributes and stores the obtained quantum keys in N quantum key service libraries through quantum key encryption technology, so that the N quantum key service library nodes Mutual backup of data improves concurrent access performance, and each quantum key service library node supports large-capacity storage, improving the reliability of quantum keys. The quantum key encryption technology may be an SM4-based quantum key encryption technology.

参见图2,图2为本申请实施例提供的基于SM4的量子密钥加密技术流程框架的示意图。Referring to FIG. 2, FIG. 2 is a schematic diagram of the SM4-based quantum key encryption technology process framework provided by the embodiment of the present application.

步骤S2.1:MKi属于预置根密钥的一部分,其中

Figure BDA0004062143510000071
QKi属于量子密钥的一部分,其中
Figure BDA0004062143510000072
xi属于明文输入的一部分,其中
Figure BDA0004062143510000073
Step S2.1: MK i is part of the preset root key, where
Figure BDA0004062143510000071
QK i is part of the quantum key, where
Figure BDA0004062143510000072
x i is part of the plaintext input, where
Figure BDA0004062143510000073

步骤S2.2:

Figure BDA0004062143510000074
其中FKi为系统参数,Ki用于密钥扩展算法中生成轮密钥rki;Step S2.2:
Figure BDA0004062143510000074
Among them, FK i is a system parameter, and K i is used to generate round key rk i in the key expansion algorithm;

步骤S2.3:

Figure BDA0004062143510000075
其中CKi为固定参数。rki用于后续的轮函数中;Step S2.3:
Figure BDA0004062143510000075
Among them, CK i is a fixed parameter. rk i is used in subsequent round functions;

步骤S2.4:轮函数F生成方法如下:Step S2.4: The method of generating the round function F is as follows:

Figure BDA0004062143510000076
Figure BDA0004062143510000076

步骤S2.5:将轮函数最后四次迭代生成的结果进行反序变换,即R(X32,X33,X34,X35)=X35X34X33X32,该变换的结果即为最终的密文。Step S2.5: Transform the results generated by the last four iterations of the round function in reverse order, that is, R(X 32 , X 33 , X 34 , X 35 )=X 35 X 34 X 33 X 32 , the result of the transformation is for the final ciphertext.

S102:所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据。S102: The quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted.

在本步骤中,首先在量子密钥充注机上,插入一个已被授权的管理员设备与一个或多个需要被充注的量子UKEY或者量子TF卡,在量子密钥充注机通过与量子密钥管理服务器交互认证通过后,量子密钥管理服务器调用量子安全SDK将量子密钥信息依次写入量子UKEY或量子TF卡中,然后通过量子UKEY和量子TF卡的API接口,将量子密钥导入给认证通过的客户端。如此,客户端可以直接获取加/解密句柄对业务数据或安全通道数据进行加解密,量子密钥明文没有在客户端的任何位置出现,保证了数据传输过程中的安全性。In this step, first insert an authorized administrator device and one or more Quantum UKEY or Quantum TF cards that need to be filled on the quantum key filling machine. After the mutual authentication of the key management server passes, the quantum key management server calls the quantum security SDK to write the quantum key information into the quantum UKEY or quantum TF card in turn, and then writes the quantum key information through the API interface of the quantum UKEY and quantum TF card. Import to authenticated clients. In this way, the client can directly obtain the encryption/decryption handle to encrypt and decrypt business data or secure channel data, and the quantum key plaintext does not appear anywhere on the client, ensuring the security of the data transmission process.

需要说明的是,在将量子密钥导入给认证通过的客户端之前,量子密钥管理服务器会与客户端进行身份认证,若身份认证通过,才将客户端确定为认证通过的客户端,向其发送量子密钥。具体的,首先客户端会向量子密钥管理服务器发起第一请求报文,量子密钥管理服务器对第一请求报文进行校验,若校验通过,客户端返回第一应答报文,第一请求报文和第一应答报文中包括双方约定的用户名;然后客户端对第一应答报文进行计算,获得第二请求报文,并向量子密钥管理服务器发起第二请求报文,量子密钥管理服务器对第二请求报文进行校验,若校验通过,客户端返回第二应答报文。若两次校验均通过,才将客户端确定为认证通过的客户端。其中,量子密钥管理服务器利用基于SM4的量子密钥加密技术对第一请求报文、第一应答报文、第二请求报文和第二应答报文进行加密,以保证数据再传输过程中的安全性。进一步的,当量子密钥管理服务器在获取到第一请求报文和第二请求报文后,会先将第一请求报文和第二请求报文进行解密后,再校验;相应的,当客户端在获取到第一应答报文和第二应答报文后,会先将第一应答报文和第二应答报文进行解密后,再计算。It should be noted that before importing the quantum key to the authenticated client, the quantum key management server will perform identity authentication with the client. It sends the quantum key. Specifically, firstly, the client will send the first request message to the quantum key management server, and the quantum key management server will verify the first request message, if the verification is passed, the client will return the first response message, and the second A request message and the first response message include the user name agreed by both parties; then the client calculates the first response message to obtain the second request message, and sends the second request message to the sub-key management server , the quantum key management server verifies the second request message, and if the verification passes, the client returns a second response message. If both verifications pass, the client is determined as the client that passed the authentication. Among them, the quantum key management server uses SM4-based quantum key encryption technology to encrypt the first request message, the first response message, the second request message, and the second response message to ensure security. Further, when the quantum key management server obtains the first request message and the second request message, it will first decrypt the first request message and the second request message, and then verify; correspondingly, After obtaining the first response message and the second response message, the client first decrypts the first response message and the second response message before calculating.

其中,量子密钥充注机和量子密钥管理服务器的身份认证方式与客户端和量子密钥管理服务器的身份认证方式相似,在此不再赘述。Among them, the identity authentication methods of the quantum key filling machine and the quantum key management server are similar to the identity authentication methods of the client and the quantum key management server, and will not be repeated here.

参见图3,图3为本申请实施例提供的身份认证的流程示意图。Referring to FIG. 3, FIG. 3 is a schematic flowchart of identity authentication provided by the embodiment of the present application.

步骤S3.1:客户端向量子密钥管理服务器发起第一请求报文,该报文主要内容为:UserName|Client-nonce,并使用基于SM4的量子密钥加密技术对第一请求报文加密;Step S3.1: The client sends a first request message to the quantum key management server, the main content of which is: UserName|Client-nonce, and uses the SM4-based quantum key encryption technology to encrypt the first request message ;

步骤S3.2:量子密钥管理服务器向客户端返回第一应答报文,该报文主要内容为:UserName|Salt|Iteration-count|Server-nonce,并使用基于SM4的量子密钥加密技术对认证挑战报文加密;Step S3.2: The quantum key management server returns the first response message to the client, the main content of which is: UserName|Salt|Iteration-count|Server-nonce, and uses SM4-based quantum key encryption technology to Authentication challenge packet encryption;

步骤S3.3:客户端计算

Figure BDA0004062143510000091
其中Key=PBKDF2(QK′,Salt,Iteration-count),Auth=UserName||Client-nonce||Salt||Iteration-count||Server-nonce(||表示拼接),客户端向量子密钥管理服务器发起第二请求报文,该报文主要内容为:UserName|ClientProof,并使用基于SM4的量子密钥加密技术对认证应答报文加密;Step S3.3: Client Computation
Figure BDA0004062143510000091
Among them, Key=PBKDF2(QK′, Salt, Iteration-count), Auth=UserName||Client-nonce||Salt||Iteration-count||Server-nonce (|| indicates splicing), and the client vector sub-key management The server initiates a second request message, the main content of which is: UserName|ClientProof, and uses SM4-based quantum key encryption technology to encrypt the authentication response message;

步骤S3.4:量子密钥管理服务器校验ClientProof是否正确,校验通过后,计算ServerProof=HMAC(Key′,Auth),其中

Figure BDA0004062143510000092
Key=PBKDF2(QK′,Salt,Iteration-count),Auth=UserName||Client-nonce||Salt||Iteration-count||Server-nonce(||表示拼接),量子密钥管理服务器向客户端返回第二应答报文,该报文主要内容为:UserName|ServerProof,并使用基于SM4的量子密钥加密技术对认证确认报文加密;Step S3.4: Quantum key management server verifies whether the ClientProof is correct, and after the verification is passed, calculates ServerProof=HMAC(Key', Auth), where
Figure BDA0004062143510000092
Key=PBKDF2(QK′,Salt,Iteration-count), Auth=UserName||Client-nonce||Salt||Iteration-count||Server-nonce (||indicates concatenation), the quantum key management server sends the client Return the second response message, the main content of which is: UserName|ServerProof, and use SM4-based quantum key encryption technology to encrypt the authentication confirmation message;

步骤S3.5:认证通过后,量子密钥管理服务器向客户端分发量子密钥,并使用基于SM4的量子密钥加密技术对量子密钥加密。Step S3.5: After passing the authentication, the quantum key management server distributes the quantum key to the client, and encrypts the quantum key using SM4-based quantum key encryption technology.

S103:所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。S103: The authenticated client encrypts the data to be encrypted based on the quantum key.

在本步骤中,认证通过的客户端利用量子密钥对待加密数据进行加密。进一步的,客户端包括电力业务系统服务端和电力业务系统服务端。电力业务系统服务器和量子密钥管理服务器认证通过后,电力业务系统服务器获取量子密钥和密钥使用参数,并将密钥使用参数发送给业务系统客户端,使电力业务系统客户端获取一致的量子密钥,如此可以进一步提升了数据通信的安全性。比如,量子密钥存在(13~33)20位,密钥使用参数预设为13~20,那么在该数据通信过程中,电力业务系统服务器和电力业务系统客户端只能使用13~20的量子密钥进行数据通信。In this step, the authenticated client uses the quantum key to encrypt the data to be encrypted. Further, the client includes a power business system server and a power business system server. After the power business system server and the quantum key management server pass the authentication, the power business system server obtains the quantum key and key usage parameters, and sends the key usage parameters to the business system client, so that the power business system client can obtain a consistent Quantum keys, which can further improve the security of data communication. For example, there are 20 bits (13~33) in the quantum key, and the key usage parameters are preset as 13~20, then in the data communication process, the power business system server and the power business system client can only use 13~20 Quantum keys for data communication.

客户端还包括接入网关,当接入网关和量子密钥管理服务器认证通过后,量子密钥管理服务器向接入网关分发量子密钥,接入网关获取量子密钥后,用于加密所建立安全隧道中的业务数。The client also includes an access gateway. After the access gateway and the quantum key management server are authenticated, the quantum key management server distributes the quantum key to the access gateway. After the access gateway obtains the quantum key, it is used to encrypt the established The number of services in the secure tunnel.

可见,本可选方案主要是说明如何提高数据通信的安全性。具体的,在本可选方案中,首先由量子密钥管理服务器获取量子密钥,然后所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据,最后所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。It can be seen that this optional scheme mainly explains how to improve the security of data communication. Specifically, in this optional solution, the quantum key management server first obtains the quantum key, and then the quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine , the authenticated client has data to be encrypted, and finally the authenticated client encrypts the to-be-encrypted data based on the quantum key.

综上,在本实施例中为了应对量子计算机的暴力破解,提出利用量子密钥对待加密的数据进行加密,可以有力的抵抗来自量子计算机的暴力破解,并提高了数据传输过程中数据通信的安全性。此外,还采用分布式架构存储量子密钥,支持大容量存储,支持高并发,支持多个量子密钥服务库节点之间互相备份,使用量子密钥对通信传输过程中的重要信息进行加密,增强了电力业务系统中重要信息在通信传输过程中的机密性。To sum up, in this embodiment, in order to cope with the brute force cracking of the quantum computer, it is proposed to use the quantum key to encrypt the data to be encrypted, which can effectively resist the brute force cracking from the quantum computer, and improve the security of data communication during the data transmission process sex. In addition, it also adopts a distributed architecture to store quantum keys, supports large-capacity storage, supports high concurrency, supports mutual backup between multiple quantum key service library nodes, and uses quantum keys to encrypt important information during communication and transmission. It enhances the confidentiality of important information in the power business system during communication and transmission.

装置实施例Device embodiment

下面对本申请实施例提供的一种量子密钥加密装置进行介绍,下文描述的一种量子密钥加密装置与上文描述的一种量子密钥加密方法可相互对应参照。A quantum key encryption device provided in the embodiment of the present application is introduced below. The quantum key encryption device described below and the quantum key encryption method described above can be referred to in correspondence.

参见图4,该图为本申请实施例提供的一种量子密钥加密装置的结构示意图,如图4所示,该装置包括:Referring to FIG. 4, this figure is a schematic structural diagram of a quantum key encryption device provided in the embodiment of the present application. As shown in FIG. 4, the device includes:

获取模块100,用于获取量子密钥;Obtaining module 100, for obtaining the quantum key;

分发模块200,用于基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据;The distribution module 200 is used for distributing the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted;

加密模块300,用于基于所述量子密钥对所述待加密数据进行加密。An encryption module 300, configured to encrypt the data to be encrypted based on the quantum key.

可选的,还包括:Optionally, also include:

第一获取子单元,用于获取量子随机数;The first obtaining subunit is used to obtain quantum random numbers;

所述获取模块100,具体用于:The acquisition module 100 is specifically used for:

基于所述量子随机数获得所述量子密钥。The quantum key is obtained based on the quantum random number.

可选的,还包括:Optionally, also include:

认证模块,用于使所述量子密钥管理服务器与客户端进行身份认证;An authentication module, configured to enable the quantum key management server and the client to perform identity authentication;

确定模块,用于响应于身份认证通过,将所述客户端确定为所述认证通过的客户端。A determining module, configured to, in response to passing the identity authentication, determine the client as the client passing the authentication.

可选的,所述认证模块,具体用于:Optionally, the authentication module is specifically used for:

所述客户端向所述量子密钥管理服务器发起第一请求报文;The client initiates a first request message to the quantum key management server;

响应于所述第一请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第一应答报文;In response to passing the verification of the first request message, the quantum key management server returns a first response message to the client;

所述客户端基于所述第一应答报文获得第二请求报文,并向所述量子密钥管理服务器发起所述第二请求报文;The client obtains a second request message based on the first response message, and initiates the second request message to the quantum key management server;

响应于所述第二请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第二应答报文。In response to the second request message passing the verification, the quantum key management server returns a second response message to the client.

可选的,还包括:Optionally, also include:

第一加密子单元,用于利用量子密钥加密技术对所述第一请求报文、所述第一应答报文、所述第二请求报文和所述第二应答报文进行加密。The first encryption subunit is configured to encrypt the first request packet, the first response packet, the second request packet, and the second response packet using quantum key encryption technology.

可选的,还包括:Optionally, also include:

预设模块,用于预设所述量子密钥的密钥使用参数;A preset module, configured to preset key usage parameters of the quantum key;

所述加密模块300,具体用于:The encryption module 300 is specifically used for:

基于所述密钥使用参数,使用所述量子密钥对所述待加密数据进行加密。The quantum key is used to encrypt the data to be encrypted based on the key usage parameter.

可选的,所述分发模块200,具体用于:Optionally, the distribution module 200 is specifically used for:

将所述量子密钥写入所述量子密钥充注机的量子TF卡和量子Ukey中;Write the quantum key into the quantum TF card and the quantum Ukey of the quantum key filling machine;

利用所述量子TF卡和所述量子Ukey对应的接口将所述量子密钥导入给所述认证通过的客户端。Import the quantum key to the authenticated client by using the interface corresponding to the quantum TF card and the quantum Ukey.

本申请实施例所提供的量子密钥加密装置与上述实施例提供的量子密钥加密方法具有相同的有益效果,因此不再赘述。The quantum key encryption device provided in the embodiment of the present application has the same beneficial effects as the quantum key encryption method provided in the above embodiments, so details are not repeated here.

电子设备实施例Electronic device embodiment

参见图5,该图为本申请实施例提供的一种电子设备结构示意图,如图5所示,包括:Referring to Figure 5, this figure is a schematic structural diagram of an electronic device provided in the embodiment of the present application, as shown in Figure 5, including:

存储器11,用于存储计算机程序;memory 11 for storing computer programs;

处理器12,用于执行所述计算机程序时实现上述任意方法实施例所述量子密钥加密方法的步骤。The processor 12 is configured to implement the steps of the quantum key encryption method in any of the above method embodiments when executing the computer program.

在本实施例中,设备可以是车载电脑、PC(Personal Computer,个人电脑),也可以是智能手机、平板电脑、掌上电脑、便携计算机等终端设备。In this embodiment, the device may be a vehicle-mounted computer, a PC (Personal Computer, personal computer), or a terminal device such as a smart phone, a tablet computer, a palmtop computer, or a portable computer.

该设备可以包括存储器11、处理器12和总线13。其中,存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器11在一些实施例中可以是设备的内部存储单元,例如该设备的硬盘。存储器11在另一些实施例中也可以是设备的外部存储设备,例如设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(SecureDigital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括设备的内部存储单元也包括外部存储设备。存储器11不仅可以用于存储安装于设备的应用软件及各类数据,例如执行故障预测方法的程序代码等,还可以用于暂时地存储已经输出或者将要输出的数据。The device may include a memory 11 , a processor 12 and a bus 13 . Wherein, the memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (eg, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may be an internal storage unit of the device in some embodiments, such as a hard disk of the device. Memory 11 can also be the external storage device of equipment in other embodiments, such as the plug-in hard disk equipped on the equipment, smart memory card (Smart Media Card, SMC), secure digital (SecureDigital, SD) card, flash memory card ( Flash Card), etc. Further, the memory 11 may also include both an internal storage unit of the device and an external storage device. The memory 11 can not only be used to store application software and various data installed in the device, such as program codes for executing fault prediction methods, but also can be used to temporarily store data that has been output or will be output.

处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如执行故障预测方法的程序代码等。In some embodiments, the processor 12 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor or other data processing chips, for running program codes or processing data stored in the memory 11. , such as program codes for implementing fault prediction methods, etc.

该总线13可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。为便于表示,图5中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The bus 13 may be a peripheral component interconnect standard (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 5 , but it does not mean that there is only one bus or one type of bus.

进一步地,设备还可以包括网络接口14,网络接口14可选的可以包括有线接口和/或无线接口(如WI-FI接口、蓝牙接口等),通常用于在该设备与其他电子设备之间建立通信连接。Further, the device can also include a network interface 14, and the network interface 14 can optionally include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are usually used for communication between the device and other electronic devices Establish a communication connection.

可选地,该设备还可以包括用户接口15,用户接口15可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口15还可以包括标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在设备中处理的信息以及用于显示可视化的用户界面。Optionally, the device may further include a user interface 15. The user interface 15 may include a display (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 15 may also include a standard wired interface and a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, and the like. Wherein, the display may also be properly referred to as a display screen or a display unit, and is used for displaying information processed in the device and for displaying a visualized user interface.

图5仅示出了具有组件11-15的设备,本领域技术人员可以理解的是,图5示出的结构并不构成对设备的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 5 only shows a device with components 11-15. Those skilled in the art can understand that the structure shown in FIG. 5 does not constitute a limitation on the device, and may include fewer or more components than those shown in the illustration. Or combine certain components, or different component arrangements.

可读存储介质实施例Readable storage medium embodiment

本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述任意方法实施例所述量子密钥加密方法的步骤。其中,该存储介质可以包括:U盘、移动硬盘、只读存储器(Read-OnlyMemory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The embodiment of the present application also provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the quantum key encryption method described in any of the above method embodiments is implemented. A step of. Wherein, the storage medium may include: U disk, mobile hard disk, read-only memory (Read-OnlyMemory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other various media that can store program codes .

需要说明的是,本发明提供的一种量子密钥加密方法可用于量子通信技术和信息科学技术领域。上述仅为示例,并不对本发明提供的一种量子密钥加密方法的应用领域进行限定。It should be noted that a quantum key encryption method provided by the present invention can be used in the fields of quantum communication technology and information science technology. The above is only an example, and does not limit the application field of a quantum key encryption method provided by the present invention.

还需要说明的是,本申请实施例中提到的“第一”、“第二”(若存在)等名称中的“第一”、“第二”只是用来做名字标识,并不代表顺序上的第一、第二。It should also be noted that the "first" and "second" in the names of "first" and "second" (if they exist) mentioned in the embodiments of this application are only used for name identification and do not represent First and second in order.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in the description is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上对本申请所提供的一种量子密钥加密方法、装置、设备及存储介质进行了详细介绍。本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以对本申请进行若干改进和修饰,这些改进和修饰也落入本申请权利要求的保护范围内。A quantum key encryption method, device, equipment, and storage medium provided in this application have been introduced in detail above. In this paper, specific examples are used to illustrate the principles and implementation methods of the present application, and the descriptions of the above embodiments are only used to help understand the methods and core ideas of the present application. It should be pointed out that those skilled in the art can make some improvements and modifications to the application without departing from the principles of the application, and these improvements and modifications also fall within the protection scope of the claims of the application.

Claims (10)

1.一种量子密钥加密方法,其特征在于,包括:1. A quantum key encryption method, characterized in that, comprising: 量子密钥管理服务器获取量子密钥;The quantum key management server obtains the quantum key; 所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据;The quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted; 所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密。The authenticated client encrypts the data to be encrypted based on the quantum key. 2.根据权利要求1所述的方法,其特征在于,在所述量子密钥管理服务器获取量子密钥之前,还包括:2. The method according to claim 1, wherein, before the quantum key management server obtains the quantum key, further comprising: 所述量子密钥管理服务器获取量子随机数;The quantum key management server obtains a quantum random number; 所述量子密钥管理服务器获取量子密钥,包括:The quantum key management server obtains the quantum key, including: 所述量子密钥管理服务器基于所述量子随机数获得所述量子密钥。The quantum key management server obtains the quantum key based on the quantum random number. 3.根据权利要求1所述的方法,其特征在于,在所述所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端之前,还包括:3. The method according to claim 1, wherein, before the quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, it also includes: 所述量子密钥管理服务器与客户端进行身份认证;The quantum key management server performs identity authentication with the client; 响应于身份认证通过,将所述客户端确定为所述认证通过的客户端。In response to passing the identity authentication, determine the client as the client passing the authentication. 4.根据权利要求3所述的方法,其特征在于,所述所述量子密钥管理服务器与客户端进行身份认证,包括:4. The method according to claim 3, wherein said quantum key management server and the client carry out identity authentication, comprising: 所述客户端向所述量子密钥管理服务器发起第一请求报文;The client initiates a first request message to the quantum key management server; 响应于所述第一请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第一应答报文;In response to passing the verification of the first request message, the quantum key management server returns a first response message to the client; 所述客户端基于所述第一应答报文获得第二请求报文,并向所述量子密钥管理服务器发起所述第二请求报文;The client obtains a second request message based on the first response message, and initiates the second request message to the quantum key management server; 响应于所述第二请求报文校验通过,所述量子密钥管理服务器向所述客户端返回第二应答报文。In response to the second request message passing the verification, the quantum key management server returns a second response message to the client. 5.根据权利要求4所述的方法,其特征在于,还包括:5. The method according to claim 4, further comprising: 所述量子密钥管理服务器利用量子密钥加密技术对所述第一请求报文、所述第一应答报文、所述第二请求报文和所述第二应答报文进行加密。The quantum key management server encrypts the first request packet, the first response packet, the second request packet, and the second response packet using quantum key encryption technology. 6.根据权利要求1所述的方法,其特征在于,所述所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密之前,还包括:6. The method according to claim 1, wherein, before the authenticated client encrypts the data to be encrypted based on the quantum key, further comprising: 所述量子密钥管理服务器预设所述量子密钥的密钥使用参数;The quantum key management server presets key usage parameters of the quantum key; 所述所述认证通过的客户端基于所述量子密钥对所述待加密数据进行加密,包括:The client that has passed the authentication encrypts the data to be encrypted based on the quantum key, including: 所述认证通过的客户端基于所述密钥使用参数,使用所述量子密钥对所述待加密数据进行加密。The authenticated client uses the quantum key to encrypt the data to be encrypted based on the key usage parameter. 7.根据权利要求1所述的方法,其特征在于,所述所述量子密钥管理服务器基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,包括:7. The method according to claim 1, wherein the quantum key management server distributes the quantum key to the authenticated client based on the quantum key filling machine, including: 所述量子密钥管理服务器将所述量子密钥写入所述量子密钥充注机的量子TF卡和量子Ukey中;The quantum key management server writes the quantum key into the quantum TF card and the quantum Ukey of the quantum key filling machine; 利用所述量子TF卡和所述量子Ukey对应的接口将所述量子密钥导入给所述认证通过的客户端。Import the quantum key to the authenticated client by using the interface corresponding to the quantum TF card and the quantum Ukey. 8.一种量子密钥加密装置,其特征在于,包括:8. A quantum key encryption device, characterized in that it comprises: 获取模块,用于获取量子密钥;Obtaining module, used for obtaining quantum key; 分发模块,用于基于量子密钥充注机将所述量子密钥分发给认证通过的客户端,所述认证通过的客户端存在待加密数据;A distribution module, configured to distribute the quantum key to the authenticated client based on the quantum key filling machine, and the authenticated client has data to be encrypted; 加密模块,用于基于所述量子密钥对所述待加密数据进行加密。An encryption module, configured to encrypt the data to be encrypted based on the quantum key. 9.一种电子设备,其特征在于,包括:9. An electronic device, characterized in that it comprises: 存储器,用于存储计算机程序;memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至7任一项所述量子密钥加密方法的步骤。A processor, configured to implement the steps of the quantum key encryption method according to any one of claims 1 to 7 when executing the computer program. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述量子密钥加密方法的步骤。10. A computer-readable storage medium, characterized in that, a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the quantum cryptography as described in any one of claims 1 to 7 is realized. The steps of the key encryption method.
CN202310065494.0A 2023-01-16 2023-01-16 A quantum key encryption method, device, equipment and storage medium Pending CN116055042A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310065494.0A CN116055042A (en) 2023-01-16 2023-01-16 A quantum key encryption method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310065494.0A CN116055042A (en) 2023-01-16 2023-01-16 A quantum key encryption method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116055042A true CN116055042A (en) 2023-05-02

Family

ID=86117950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310065494.0A Pending CN116055042A (en) 2023-01-16 2023-01-16 A quantum key encryption method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116055042A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119276480A (en) * 2024-09-25 2025-01-07 中移互联网有限公司 A connection method for SDP gateway

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234501A (en) * 2018-01-11 2018-06-29 北京国电通网络技术有限公司 A kind of virtual plant safety communicating method based on quantum key fusion
CN108667607A (en) * 2018-05-18 2018-10-16 国网信息通信产业集团有限公司 A kind of quantum key synchronous method with electric terminal
CN208986966U (en) * 2018-12-07 2019-06-14 武汉星际量子信息技术有限责任公司 An encrypted terminal and corresponding data transmission system
CN110519300A (en) * 2019-09-24 2019-11-29 杭州字节信息技术有限公司 Client key method for secure storing based on password bidirectional authentication
CN111786782A (en) * 2020-06-30 2020-10-16 全球能源互联网研究院有限公司 Electric power dedicated 2M link terminal equipment and encryption and decryption method of 2M link data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234501A (en) * 2018-01-11 2018-06-29 北京国电通网络技术有限公司 A kind of virtual plant safety communicating method based on quantum key fusion
CN108667607A (en) * 2018-05-18 2018-10-16 国网信息通信产业集团有限公司 A kind of quantum key synchronous method with electric terminal
CN208986966U (en) * 2018-12-07 2019-06-14 武汉星际量子信息技术有限责任公司 An encrypted terminal and corresponding data transmission system
CN110519300A (en) * 2019-09-24 2019-11-29 杭州字节信息技术有限公司 Client key method for secure storing based on password bidirectional authentication
CN111786782A (en) * 2020-06-30 2020-10-16 全球能源互联网研究院有限公司 Electric power dedicated 2M link terminal equipment and encryption and decryption method of 2M link data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴佳伟, 卞宇翔, 张庆, 等.: ""基于无线通道的电力量子密钥分发系统"", 《电信科学》, 20 March 2020 (2020-03-20), pages 70 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119276480A (en) * 2024-09-25 2025-01-07 中移互联网有限公司 A connection method for SDP gateway

Similar Documents

Publication Publication Date Title
CN108270571B (en) Blockchain-based Internet of Things identity authentication system and its method
US10142107B2 (en) Token binding using trust module protected keys
CN112104619B (en) Data access control system and method based on outsourced ciphertext attribute encryption
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN103795533B (en) Encryption based on identifier, the method and its performs device of decryption
CN107689869B (en) Method and server for user password management
CN106533665B (en) Mthods, systems and devices for storing website private key plaintext
WO2021012574A1 (en) Multisignature method, signature center, medium and electronic device
CN114553590B (en) Data transmission method and related equipment
US9954859B2 (en) Random number distribution
CN118174967A (en) Information verification method and related equipment
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN114844688A (en) Data transmission method, device, equipment and computer storage medium
CN114372245B (en) Internet of Things terminal authentication method, system, device and medium based on blockchain
CN114448605A (en) Encrypted ciphertext verification method, system, device and computer-readable storage medium
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
CN116055042A (en) A quantum key encryption method, device, equipment and storage medium
CN115022057A (en) Security authentication method, device and device, and storage medium
CN118101340B (en) Data security transmission method, device and electronic device
CN113382398B (en) Server, bluetooth headset terminal and Bluetooth headset firmware updating processing system
CN115086428B (en) Network request sending method and device and electronic equipment
CN117375814A (en) Data storage method, device, system, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination