CN109067527B - Quantum encryption communication method, communication terminal and computer readable storage medium - Google Patents
Quantum encryption communication method, communication terminal and computer readable storage medium Download PDFInfo
- Publication number
- CN109067527B CN109067527B CN201811011689.2A CN201811011689A CN109067527B CN 109067527 B CN109067527 B CN 109067527B CN 201811011689 A CN201811011689 A CN 201811011689A CN 109067527 B CN109067527 B CN 109067527B
- Authority
- CN
- China
- Prior art keywords
- key
- communication terminal
- terminal
- communication
- quantum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Optics & Photonics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a quantum encryption communication method, a communication terminal and a computer readable storage medium, wherein the quantum encryption communication method comprises the following steps: the method comprises the steps that a first communication terminal sends an identity authentication request to a quantum terminal; the first communication terminal receives an authentication passing notice returned by the quantum terminal, and sends an encryption key request to the quantum terminal; the first communication terminal receives the secret key ID returned by the quantum terminal and sends the secret key ID to the second communication terminal; when the first communication terminal receives a decryption key acquisition notice returned by the second communication terminal, the sub-terminal acquires an encryption key according to the key ID vector; the first communication terminal encrypts communication data using the encryption key and transmits the encrypted communication data to the second communication terminal. The problem that each quantum terminal only allows one communication terminal or two communication terminals which are already established with communication connection to use and the use efficiency of the quantum terminal is low can be solved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a quantum encryption communication method, a communication terminal, and a computer-readable storage medium.
Background
With the development of computer technology and internet, data transmission among a plurality of terminals is more and more frequent, and in order to guarantee the safety of data transmission, people develop an encryption algorithm to carry out secret transmission on data. Shannon in 1948 has demonstrated that if the password is secure, the communication content is strictly secure, but the existing classical protocol cannot ensure the security of the shared password of both communicating parties. Taking the method of establishing a common cipher using a secret channel as an example, there is no provable absolutely secure secret channel for classical communication, because an eavesdropper can in principle always obtain the information (cipher) of the "secret channel" without leaving traces, and a legitimate user has no way to know whether the key sent through the "secret channel" has been eavesdropped or not. Another classical approach to establishing keys is based on complexity assumptions about specific mathematical problems, however, existing complexity assumptions do not yield strict mathematical proofs, and quantum-logic-based large number decomposition algorithms theoretically prove that classical RSA communication protocols are not secure. Because the security of the quantum key is guaranteed by physical characteristics of quantum such as unclonability, an inaccurate measurement principle and single photon irreparability, compared with classical communication, quantum communication has the great advantage of realizing the security (absolute security) under strict mathematical identification, and therefore quantum communication is more and more widely applied to the high-end security application field.
In the prior art, chinese patent publication No. CN107357809A discloses a data transmission method, in which a quantum key is introduced as a service encryption key and a decryption key in service transmission of a transmission message requiring encryption and decryption, such as a VPN service. However, in the above patent document, the data sending end and the data receiving end do not have an identity in the quantum key management terminal, and the quantum key management terminal cannot distinguish different application terminals, so that, in order to avoid communication errors between the data sending end and the data receiving end, each quantum terminal can only allow one communication terminal or two communication terminals that have already established communication connection to use.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to solve the problem that in the data transmission method in the prior art, each quantum terminal can only allow one communication terminal or two communication terminals that have already established communication connection to use, and the use efficiency of the quantum terminal is low.
To this end, according to a first aspect, the present invention provides a quantum cryptography communication method comprising the steps of: the method comprises the steps that a first communication terminal sends an identity authentication request to a quantum terminal, wherein the identity authentication request carries terminal identity information of the first communication terminal; the first communication terminal receives an authentication passing notice returned by the quantum terminal, and sends an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, the encryption key carries terminal identity information of a second communication terminal, and communication connection is established between the first communication terminal and the second communication terminal; the first communication terminal receives the secret key ID returned by the quantum terminal and sends the secret key ID to the second communication terminal; the key ID is used for uniquely representing an encryption key applied by the first communication terminal; when the first communication terminal receives a decryption key acquisition notice returned by the second communication terminal, the sub-terminal acquires an encryption key according to the key ID vector; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys; the first communication terminal encrypts communication data using the encryption key and transmits the encrypted communication data to the second communication terminal.
Optionally, the number of the quantum terminals is one or more, when the number of the quantum terminals is multiple, the multiple quantum terminals are in the same quantum communication network, and the first communication terminal sends an identity authentication request and an encryption key request to any one of the multiple quantum terminals.
Optionally, the first communication terminal encrypts the communication data using the encryption key and transmits the encrypted communication data to the second communication terminal, including the following steps: intercepting an encryption field from the encryption key according to the required key amount, and recording an offset value of the encryption field in the encryption key; combining the key ID and the offset value to form a new key ID; encrypting the communication data by using the encryption field, and sending the encrypted communication data to the second communication terminal; the encrypted communication data carries a new key ID.
According to a second aspect, the present invention provides a quantum cryptography communication method, comprising the steps of: the second communication terminal receives the secret key ID sent by the first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal; the second communication terminal sends a decryption key request to the sub-terminal according to the key ID vector; the decryption key request is used for requesting a decryption key corresponding to the key ID of the sub-terminal, and the decryption key request carries terminal identity information of the second communication terminal; the second communication terminal receives the decryption key; the decryption key is returned by the quantum terminal after the identity authentication of the second communication terminal is passed by using the terminal identity information of the second communication terminal received from the first communication terminal and the terminal identity information of the second communication terminal carried in the decryption key request; the second communication terminal sends a decryption key acquisition notice to the first communication terminal; and the second communication terminal receives the encrypted communication data sent by the first communication terminal and decrypts the encrypted communication data by using the decryption key.
Optionally, the second communication terminal receives the encrypted communication data sent by the first communication terminal, and decrypts the encrypted communication data by using the decryption key, including the following steps: receiving encrypted communication data sent by a first communication terminal, and acquiring a new secret key ID carried in the encrypted communication data; the new key ID is composed of a key ID and an offset value of an encryption segment for encrypting the communication data in the encryption key; intercepting the decrypted segment according to the offset value; and decrypting the encrypted communication data by using the decryption fragment.
According to a third aspect, the present invention provides a communication terminal, having a communication connection established with a second communication terminal, comprising: the authentication request module is used for sending an identity authentication request to the quantum terminal, wherein the identity authentication request carries the local terminal identity information of the communication terminal; the key request module is used for receiving an authentication passing notice returned by the quantum terminal and sending an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, and the encryption key carries the terminal identity information of the second communication terminal; the key ID receiving module is used for receiving the key ID returned by the quantum terminal and sending the key ID to the second communication terminal; the key ID is used for uniquely representing the encryption key applied by the key request module; the encryption key acquisition module is used for acquiring an encryption key according to the key ID vector sub-terminal when receiving a decryption key acquisition notice returned by the second communication terminal; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys; and the data encryption module is used for encrypting the communication data by using the encryption key and sending the encrypted communication data to the second communication terminal.
Optionally, the number of the quantum terminals is one or more, when the number of the quantum terminals is multiple, the multiple quantum terminals are in the same quantum communication network, and the first communication terminal sends an identity authentication request and an encryption key request to any one of the multiple quantum terminals.
Optionally, the data encryption module includes: the encryption field intercepting unit is used for intercepting an encryption field from the encryption key according to the required key amount and recording an offset value of the encryption field in the encryption key; a new key ID generation unit for combining the key ID and the offset value to form a new key ID; a data encryption unit for encrypting the communication data using the encryption field and transmitting the encrypted communication data to the second communication terminal; the encrypted communication data carries a new key ID.
According to a fourth aspect, the present invention provides a communication terminal comprising: the key ID receiving module is used for receiving the key ID sent by the first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal; the decryption key request module is used for sending a decryption key request to the sub-terminal according to the key ID vector; the decryption key request is used for requesting a decryption key corresponding to the key ID of the sub-terminal, and the decryption key request carries local terminal identity information of the communication terminal; the decryption key receiving module is used for receiving a decryption key; the decryption key is returned by the quantum terminal after the authentication of the communication terminal identity by using the terminal identity information of the communication terminal received from the first communication terminal and the terminal identity information carried in the decryption key request is passed; the acquisition notification module is used for sending a decryption key acquisition notification to the first communication terminal; and the data decryption module is used for receiving the encrypted communication data sent by the first communication terminal and decrypting the encrypted communication data by using the decryption key.
Optionally, the data decryption module includes: the new secret key ID receiving unit is used for receiving the encrypted communication data sent by the first communication terminal and acquiring a new secret key ID carried in the encrypted communication data; the new key ID is composed of a key ID and an offset value of an encryption segment for encrypting the communication data in the encryption key; a decrypted segment intercepting unit for intercepting the decrypted segment according to the offset value; and the data decryption unit is used for decrypting the encrypted communication data by using the decryption fragment.
According to a fifth aspect, the present invention provides a communication terminal comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the processor to cause the processor to perform all or part of the method of the first aspect or all or part of the method of the second aspect.
According to a sixth aspect, the present invention provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out all or part of the steps of the method of the first aspect described above, or carry out all or part of the steps of the method of the second aspect described above.
The technical scheme provided by the embodiment of the invention has the following advantages:
the quantum encryption communication method provided by the invention comprises the following steps: the method comprises the steps that a first communication terminal sends an identity authentication request to a quantum terminal, wherein the identity authentication request carries terminal identity information of the first communication terminal; the first communication terminal receives an authentication passing notice returned by the quantum terminal, and sends an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, the encryption key carries terminal identity information of a second communication terminal, and communication connection is established between the first communication terminal and the second communication terminal; the first communication terminal receives the secret key ID returned by the quantum terminal and sends the secret key ID to the second communication terminal; the key ID is used for uniquely representing an encryption key applied by the first communication terminal; when the first communication terminal receives a decryption key acquisition notice returned by the second communication terminal, the sub-terminal acquires an encryption key according to the key ID vector; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys; the first communication terminal encrypts communication data using the encryption key and transmits the encrypted communication data to the second communication terminal. By completing the identity authentication of the first communication terminal and the second communication terminal at the quantum terminal and enabling the quantum terminal to distinguish the first communication terminal and the second communication terminal from other communication terminals according to the terminal identity information of the first communication terminal and the second communication terminal respectively by the first communication terminal carrying the terminal identity information of the second communication terminal in the request for applying the encryption key, the quantum terminal can negotiate the quantum key for the first communication terminal and the second communication terminal according to the terminal identity information and return the negotiated key to the two terminals according to the terminal identity information, the problems that in the prior art, the first communication terminal and the second communication terminal do not have identity marks at the quantum terminal and can not be distinguished from other communication terminals, and if other communication terminals applying the key appear when the keys are distributed to the first communication terminal and the second communication terminal are solved, the quantum terminal may send the negotiated key to other communication terminals, which causes the problem that the first communication terminal and the second communication terminal cannot acquire the key in time or the acquired keys are not matched, and the communication between the first communication terminal and the second communication terminal is wrong.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a quantum cryptography communication method provided in embodiment 1;
fig. 3 is a communication flow chart of a first communication terminal and a second communication terminal in embodiment 1;
FIG. 2 is a schematic view of a quantum communication network in embodiment 1;
FIG. 4 is a flowchart illustrating the detailed steps of step S50 in FIG. 1;
fig. 5 is a flowchart of a quantum cryptography communication method according to embodiment 2;
fig. 6 is a schematic structural diagram of a first communication terminal provided in embodiment 3;
fig. 7 is a schematic structural diagram of a second communication terminal provided in embodiment 4;
fig. 8 is a schematic diagram of a hardware structure of a communication terminal according to embodiment 5.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Example 1
The present embodiment provides a quantum cryptography communication method, as shown in fig. 1. It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein. The process comprises the following steps:
step S10, the first communication terminal sends an identity authentication request to the quantum terminal, where the identity authentication request carries terminal identity information of the first communication terminal.
In this embodiment, as shown in fig. 2, while the first communication terminal sends the identity authentication request to the quantum terminal, the second communication terminal also sends the identity authentication request to the quantum terminal, and similarly, the identity authentication request of the second communication terminal carries the terminal identity information of the second communication terminal.
In this embodiment, when there are one or more quantum terminals and there are multiple quantum terminals, the multiple quantum terminals are in the same quantum communication network, and the first communication terminal sends an identity authentication request and an encryption key request to any one of the multiple quantum terminals. As shown in fig. 3, when there are multiple quantum terminals, for example, the quantum terminal a, the quantum terminal B, and other quantum terminals in fig. 2 are in the same quantum communication network, each communication terminal needs to access the quantum communication network to acquire a quantum key, that is, it carries its own terminal identity information and passes through authentication of any one quantum terminal in the quantum communication network, so as to acquire its unique identity in the quantum communication network, so as to distinguish the communication terminal from other communication terminals, for example, the communication terminals a1, a2, etc. in fig. 2 pass authentication of the quantum terminal a, and the communication terminals B1, B2, etc. pass authentication of the quantum terminal B.
In step S20, the first communication terminal receives the authentication pass notification returned by the quantum terminal, and sends an encryption key request to the quantum terminal. In this embodiment, the encryption key request is used to apply for an encryption key for data communication, which carries terminal identity information of the second communication terminal, and a communication connection is established between the first communication terminal and the second communication terminal.
In this embodiment, before a new service is performed, when a first communication terminal sends a handshake signal to a second communication terminal and receives a handshake response signal returned by the second communication terminal, an encryption key needs to be acquired; or, in the service process, when the quantum encryption key obtained last time is invalid, the encryption key needs to be obtained; or, in the service process, when a predetermined time length is left before the quantum encryption key obtained last time is invalid, the encryption key needs to be obtained. In this embodiment, it should be noted that, when a new encryption key needs to be acquired during a service, since the first communication terminal has already passed authentication of the quantum terminal and has already acquired terminal identity information of the second communication terminal, it is not necessary to repeatedly perform corresponding steps.
In this embodiment, the encryption key request carries terminal identity information of the second communication terminal, so that the quantum terminal can allocate a corresponding encryption key and a corresponding decryption key for a communication negotiation between the first communication terminal and the second communication terminal, and in addition, when the quantum terminals that pass the identity authentication requests of the first communication terminal and the second communication terminal are different quantum terminals in the quantum communication network, the quantum terminal that passes the identity authentication of the first communication terminal can also find the quantum terminal that passes the identity authentication of the second communication terminal in the quantum communication network according to the terminal identity information of the second communication terminal, so that the two quantum terminals can negotiate the quantum key for allocation to the first communication terminal and the second communication terminal.
In the present embodiment, as shown in fig. 3, the communication terminals need to be registered in a conventional server, so as to perform message forwarding between different communication terminals. In this embodiment, as shown in fig. 2, the registration server is mainly configured to forward the terminal identity information of the second communication terminal to the first communication terminal.
And step S30, the first communication terminal receives the key ID returned by the quantum terminal and sends the key ID to the second communication terminal. In this embodiment, the key ID is used to uniquely represent the encryption key applied by the first communication terminal, and specifically, the key ID may be composed of the terminal identification information of the first communication terminal and a random number that is not repeated.
In step S40, when the first communication terminal receives the decryption key acquisition notification returned by the second communication terminal, the child terminal acquires the encryption key according to the key ID vector. In this embodiment, the decryption key acquisition notification is a notification that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, where the decryption key and the encryption key are corresponding quantum keys.
In step S50, the first communication terminal encrypts the communication data using the encryption key and transmits the encrypted communication data to the second communication terminal. In this embodiment, the first communication terminal stores the acquired encryption key in the key buffer, and when it is necessary to encrypt communication data transmitted to the second communication terminal, takes out the encryption key from the key buffer for encryption.
The quantum encryption communication method provided by this embodiment completes the identity authentication of the first communication terminal and the second communication terminal at the quantum terminal, and the first communication terminal carries the terminal identity information of the second communication terminal in the request for applying the encryption key, so that the quantum terminal can distinguish the first communication terminal and the second communication terminal from other communication terminals according to the terminal identity information of the first communication terminal and the second communication terminal, respectively, so that the quantum terminal can negotiate a quantum key for the first communication terminal and the second communication terminal according to the terminal identity information, and return the negotiated key to the two terminals according to the terminal identity information, thereby solving the problem that in the prior art, if the first communication terminal and the second communication terminal do not have an identity at the quantum terminal and cannot distinguish from other communication terminals, and if other communication terminals applying the key appear when keys are allocated for the first communication terminal and the second communication terminal, the quantum terminal may send the negotiated key to other communication terminals, which causes the problem that the first communication terminal and the second communication terminal cannot acquire the key in time or the acquired keys are not matched, and the communication between the first communication terminal and the second communication terminal is wrong.
In an alternative embodiment, as shown in fig. 4, step S50 includes the following steps:
the step S51 is to intercept the encrypted field from the encryption key according to the required key amount and record the offset value of the encrypted field in the encryption key. In this embodiment, the quantum key has a long length, which at least includes 1KB (1024 bytes), and the key length of the encryption/decryption or authentication algorithm in the configured transcoding is fixed, generally between 8-32 bytes, and does not need 1024 bytes. Therefore, when the encryption information is required, the required key amount is divided from the key buffer of the first communication terminal for encryption, for example, when the transcoding algorithm configured is DES encryption and the key length is 8 bytes, the encryption field of 8 bytes is cut from the encryption key in the key buffer of the first communication terminal.
The step S52 is to combine the key ID and the offset value to form a new key ID. In this embodiment, the offset value is used to record the position of the encryption field in the encryption key.
The step S53 encrypts the communication data using the encryption field, and transmits the encrypted communication data to the second communication terminal. In this embodiment, the encrypted communication data carries a new key ID.
Example 2
The present embodiment provides a quantum cryptography communication method as shown in fig. 5. The method is embodied by the method in embodiment 1 in a second communication terminal that communicates with a first communication terminal, and the description already given in embodiment 1 is omitted for brevity. It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein. The process comprises the following steps:
in step S100, the second communication terminal receives the key ID sent by the first communication terminal. In this embodiment, the key ID is obtained after the first communication terminal sends an encryption key request to the quantum terminal.
And step S200, the second communication terminal sends a decryption key request to the sub-terminal according to the key ID vector. In this embodiment, the decryption key request is used to request a decryption key corresponding to the key ID from the child terminal, and the decryption key request also carries terminal identity information of the second communication terminal.
In step S300, the second communication terminal receives the decryption key. In this embodiment, the decryption key is returned by the quantum terminal after the authentication of the second communication terminal is passed by using the terminal identity information of the second communication terminal received from the first communication terminal and the terminal identity information of the second communication terminal carried in the decryption key request, specifically, when the terminal identity information of the second communication terminal received from the first communication terminal is the same as the terminal identity information of the second communication terminal carried in the decryption key request, the authentication of the quantum terminal to the second communication terminal is passed, and the quantum terminal returns the decryption key to the second communication terminal. In this embodiment, the second communication terminal stores the decryption key in the key buffer.
In step S400, the second communication terminal sends a decryption key acquisition notification to the first communication terminal.
In step S500, the second communication terminal receives the encrypted communication data sent by the first communication terminal, and decrypts the encrypted communication data using the decryption key.
In an alternative embodiment, step S500 includes the steps of:
step S501, receiving the encrypted communication data sent by the first communication terminal, and acquiring a new key ID carried in the encrypted communication data. In the present embodiment, the new key ID is composed of the key ID and the offset value of the encrypted piece in the encryption key that encrypts the communication data.
Step S502, intercepting the decrypted segment according to the offset value.
In step S503, the encrypted communication data is decrypted using the decryption fragment.
Similar to the embodiment 1, when receiving the encrypted communication data, the required key amount is divided from the decryption key in the key buffer of the second communication terminal for decryption, for example, if the configured transcoding algorithm is DES encryption and the key length is 8 bytes, then the decryption field of 8 bytes is cut from the decryption key in the key buffer of the second communication terminal. In this embodiment, the second communication terminal matches the corresponding decryption key according to the key ID, and matches the position of the corresponding decryption segment in the decryption key according to the offset value of the encryption segment in the encryption key, which is used for encrypting the communication data, so as to obtain the decryption segment corresponding to the encryption segment, and complete decryption of the communication data.
Example 3
In this embodiment, a first communication terminal is provided, and the terminal is used to implement the foregoing embodiment 1 and its preferred embodiments, which have already been described and are not described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the terminal described in the following embodiments is preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
In this embodiment, a communication connection is established between the first communication terminal and the second communication terminal, as shown in fig. 6, the first communication terminal includes: an authentication request module 10, a key request module 20, a key ID receiving module 30, an encryption key obtaining module 40 and a data encryption module 50.
The authentication request module 10 is configured to send an identity authentication request to the quantum terminal, where the identity authentication request carries local terminal identity information of the first communication terminal; the key request module 20 is configured to receive an authentication passing notification returned by the quantum terminal, and send an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, and the encryption key carries the terminal identity information of the second communication terminal; the key ID receiving module 30 is configured to receive a key ID returned by the quantum terminal, and send the key ID to the second communication terminal; the key ID is used for uniquely representing the encryption key applied by the key request module; the encryption key obtaining module 40 is configured to obtain an encryption key according to the key ID vector sub-terminal when receiving a decryption key obtaining notification returned by the second communication terminal; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys; the data encryption module 50 is configured to encrypt communication data using an encryption key and transmit the encrypted communication data to the second communication terminal.
In an optional embodiment, the number of the quantum terminals is one or more, when the number of the quantum terminals is multiple, the multiple quantum terminals are in the same quantum communication network, and the first communication terminal sends an identity authentication request and an encryption key request to any one of the multiple quantum terminals.
In an alternative embodiment, the data encryption module 50 includes: an encryption field intercepting unit, a new key ID generating unit and a data encryption unit.
The encryption field intercepting unit is used for intercepting an encryption field from an encryption key according to the required key amount and recording an offset value of the encryption field in the encryption key; the new key ID generation unit is used for combining the key ID and the offset value to form a new key ID; the data encryption unit is used for encrypting the communication data by using the encryption field and sending the encrypted communication data to the second communication terminal; the encrypted communication data carries a new key ID.
Example 4
In this embodiment, a second communication terminal is provided, which is used to implement the foregoing embodiment 2 and its preferred embodiments, and the description that has been already made is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the terminal described in the following embodiments is preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
The second communication terminal provided in this embodiment, as shown in fig. 7, includes: a key ID receiving module 100, a decryption key requesting module 200, a decryption key receiving module 300, an acquisition notifying module 400, and a data decrypting module 500.
The key ID receiving module 100 is configured to receive a key ID sent by a first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal; the decryption key request module 200 is configured to send a decryption key request to the child terminal according to the key ID vector; the decryption key request is used for requesting a decryption key corresponding to the key ID of the sub-terminal, and the decryption key request carries local terminal identity information of the second communication terminal; the decryption key receiving module 300 is configured to receive a decryption key; the decryption key is returned by the quantum terminal after the identity authentication of the second communication terminal is passed by using the terminal identity information of the second communication terminal received from the first communication terminal and the terminal identity information of the second communication terminal carried in the decryption key request; the acquisition notification module 400 is configured to send a decryption key acquisition notification to the first communication terminal; the data decryption module 500 is configured to receive the encrypted communication data sent by the first communication terminal, and decrypt the encrypted communication data using the decryption key.
In an alternative embodiment, the data decryption module 500 comprises: a new key ID receiving unit, a decrypted fragment intercepting unit and a data decrypting unit.
The new secret key ID receiving unit is used for receiving encrypted communication data sent by the first communication terminal and acquiring a new secret key ID carried in the encrypted communication data; the new key ID is composed of a key ID and an offset value of an encryption segment for encrypting the communication data in the encryption key; the decryption fragment intercepting unit is used for intercepting the decryption fragment according to the offset value; the data decryption unit is used for decrypting the encrypted communication data by using the decryption fragment.
Example 5
An embodiment of the present invention provides a communication terminal, as shown in fig. 8, where the communication terminal may include: at least one processor 801, such as a CPU (Central Processing Unit), at least one communication interface 803, memory 804, at least one communication bus 802. Wherein a communication bus 802 is used to enable connective communication between these components. The communication interface 803 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 803 may also include a standard wired interface and a standard wireless interface. The Memory 804 may be a high-speed RAM (Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 804 may optionally be at least one memory device located remotely from the processor 801 as previously described. Wherein the memory 804 stores an application program and the processor 801 invokes the program code stored in the memory 804 for performing any of the method steps of embodiment 1 or embodiment 2, i.e. for performing the following operations:
the method comprises the steps that a first communication terminal sends an identity authentication request to a quantum terminal, wherein the identity authentication request carries terminal identity information of the first communication terminal; the first communication terminal receives an authentication passing notice returned by the quantum terminal, and sends an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, the encryption key carries terminal identity information of a second communication terminal, and communication connection is established between the first communication terminal and the second communication terminal; the first communication terminal receives the secret key ID returned by the quantum terminal and sends the secret key ID to the second communication terminal; the key ID is used for uniquely representing an encryption key applied by the first communication terminal; when the first communication terminal receives a decryption key acquisition notice returned by the second communication terminal, the sub-terminal acquires an encryption key according to the key ID vector; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring the decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys; the first communication terminal encrypts communication data using the encryption key and transmits the encrypted communication data to the second communication terminal.
In the embodiment of the present invention, the processor 801 invokes the program code in the memory 804, and is further configured to perform the following operations: the number of the quantum terminals is one or more, when the number of the quantum terminals is multiple, the multiple quantum terminals are in the same quantum communication network, and the first communication terminal sends an identity authentication request and an encryption key request to any one of the multiple quantum terminals.
In the embodiment of the present invention, the processor 801 invokes the program code in the memory 804, and is further configured to perform the following operations: intercepting an encryption field from the encryption key according to the required key amount, and recording an offset value of the encryption field in the encryption key; combining the key ID and the offset value to form a new key ID; encrypting the communication data by using the encryption field, and sending the encrypted communication data to the second communication terminal; the encrypted communication data carries a new key ID.
In the embodiment of the present invention, the processor 801 invokes the program code in the memory 804, and is further configured to perform the following operations: the second communication terminal receives the secret key ID sent by the first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal; the second communication terminal sends a decryption key request to the sub-terminal according to the key ID vector; the decryption key request is used for requesting a decryption key corresponding to the key ID of the sub-terminal, and the decryption key request carries terminal identity information of the second communication terminal; the second communication terminal receives the decryption key; the decryption key is returned by the quantum terminal after the identity authentication of the second communication terminal is passed by using the terminal identity information of the second communication terminal received from the first communication terminal and the terminal identity information of the second communication terminal carried in the decryption key request; the second communication terminal sends a decryption key acquisition notice to the first communication terminal; and the second communication terminal receives the encrypted communication data sent by the first communication terminal and decrypts the encrypted communication data by using the decryption key.
In the embodiment of the present invention, the processor 801 invokes the program code in the memory 804, and is further configured to perform the following operations: receiving encrypted communication data sent by a first communication terminal, and acquiring a new secret key ID carried in the encrypted communication data; the new key ID is composed of a key ID and an offset value of an encryption segment for encrypting the communication data in the encryption key; intercepting the decrypted segment according to the offset value; and decrypting the encrypted communication data by using the decryption fragment.
The communication bus 802 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 802 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one line is shown in FIG. 8, but this does not represent only one bus or one type of bus.
The memory 804 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 804 may also comprise a combination of the above-described types of memory.
The processor 801 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 801 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Example 6
An embodiment of the present invention further provides a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions may perform any one of the method steps of embodiment 1 or embodiment 2. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. A quantum encryption communication method is characterized by comprising the following steps:
a first communication terminal sends an identity authentication request to a quantum terminal, wherein the identity authentication request carries terminal identity information of the first communication terminal;
the first communication terminal receives an authentication passing notice returned by the quantum terminal and sends an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, the encryption key carries terminal identity information of a second communication terminal, and communication connection is established between the first communication terminal and the second communication terminal;
the first communication terminal receives the secret key ID returned by the quantum terminal and sends the secret key ID to the second communication terminal; the key ID is used for uniquely identifying an encryption key applied by the first communication terminal;
when the first communication terminal receives a decryption key acquisition notice returned by the second communication terminal, acquiring an encryption key from the quantum terminal according to the key ID; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring a decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys;
and the first communication terminal encrypts communication data by using the encryption key and sends the encrypted communication data to the second communication terminal.
2. The quantum encrypted communication method according to claim 1, wherein the number of the quantum terminals is one or more, and when the number of the quantum terminals is plural, the plural quantum terminals are in the same quantum communication network, and the first communication terminal transmits the authentication request and the encryption key request to any one of the plural quantum terminals.
3. The quantum encryption communication method according to claim 1, wherein the first communication terminal encrypts communication data using the encryption key and transmits the encrypted communication data to the second communication terminal, comprising the steps of:
intercepting an encryption field from the encryption key according to the required key amount, and recording an offset value of the encryption field in the encryption key;
combining the key ID and the offset value to form a new key ID;
encrypting the communication data by using the encryption field, and sending the encrypted communication data to the second communication terminal; and carrying the new secret key ID in the encrypted communication data.
4. A quantum encryption communication method is characterized by comprising the following steps:
the second communication terminal receives the secret key ID sent by the first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal;
the second communication terminal sends a decryption key request according to the key ID vector sub-terminal; the decryption key request is used for requesting a decryption key corresponding to the key ID from the quantum terminal, and the decryption key request carries terminal identity information of the second communication terminal;
the second communication terminal receives the decryption key; the decryption key is returned by the quantum terminal after the authentication of the terminal identity of the second communication terminal by using the terminal identity information of the second communication terminal received from the first communication terminal and the terminal identity information of the second communication terminal carried in the decryption key request is passed;
the second communication terminal sends a decryption key acquisition notice to the first communication terminal;
and the second communication terminal receives the encrypted communication data sent by the first communication terminal and decrypts the encrypted communication data by using the decryption key.
5. The quantum encrypted communication method according to claim 4, wherein the second communication terminal receives the encrypted communication data sent by the first communication terminal and decrypts the encrypted communication data using the decryption key, comprising the steps of:
receiving encrypted communication data sent by the first communication terminal, and acquiring a new secret key ID carried in the encrypted communication data; the new key ID is composed of the key ID and an offset value of an encryption fragment encrypting the communication data in the encryption key;
intercepting a decrypted segment according to the offset value;
and decrypting the encrypted communication data by using the decryption fragment.
6. A communication terminal, characterized in that a communication connection is established with a second communication terminal, the communication terminal comprising:
the authentication request module is used for sending an identity authentication request to the quantum terminal, wherein the identity authentication request carries the local terminal identity information of the communication terminal;
the key request module is used for receiving the authentication passing notification returned by the quantum terminal and sending an encryption key request to the quantum terminal; the encryption key request is used for applying an encryption key for data communication, and the encryption key carries the terminal identity information of the second communication terminal;
the secret key ID receiving module is used for receiving the secret key ID returned by the quantum terminal and sending the secret key ID to the second communication terminal; the key ID is used for uniquely identifying the encryption key applied by the key request module;
the encryption key acquisition module is used for acquiring an encryption key from the quantum terminal according to the key ID when receiving a decryption key acquisition notice returned by the second communication terminal; the decryption key acquisition notice is a notice that the quantum terminal passes the identity authentication of the second communication terminal and the second communication terminal returns after acquiring a decryption key based on the key ID, and the decryption key and the encryption key are corresponding quantum keys;
and the data encryption module is used for encrypting the communication data by using the encryption key and sending the encrypted communication data to the second communication terminal.
7. The communication terminal of claim 6, wherein the data encryption module comprises:
the encryption field intercepting unit is used for intercepting an encryption field from the encryption key according to the required key amount and recording an offset value of the encryption field in the encryption key;
a new key ID generation unit for combining the key ID and the offset value to form a new key ID;
a data encryption unit for encrypting the communication data using the encryption field and transmitting the encrypted communication data to the second communication terminal; and carrying the new secret key ID in the encrypted communication data.
8. A communication terminal, comprising:
the key ID receiving module is used for receiving the key ID sent by the first communication terminal; the secret key ID is obtained after the first communication terminal sends an encryption secret key request to the quantum terminal;
the decryption key request module is used for sending a decryption key request according to the key ID vector sub-terminal; the decryption key request is used for requesting a decryption key corresponding to the key ID from the quantum terminal, and the decryption key request carries local terminal identity information of the communication terminal;
a decryption key receiving module, configured to receive the decryption key; the decryption key is returned by the quantum terminal after the authentication of the communication terminal identity is passed by using the terminal identity information of the communication terminal received from the first communication terminal and the terminal identity information carried in the decryption key request;
an acquisition notification module, configured to send a decryption key acquisition notification to the first communication terminal;
and the data decryption module is used for receiving the encrypted communication data sent by the first communication terminal and decrypting the encrypted communication data by using the decryption key.
9. A communication terminal, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of any one of claims 1 to 3 or to perform the method of any one of claims 4 to 5.
10. A computer-readable storage medium having stored thereon computer instructions, which, when executed by a processor, carry out the steps of the method of any of the preceding claims 1 to 3, or carry out the steps of the method of any of the preceding claims 4 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811011689.2A CN109067527B (en) | 2018-08-31 | 2018-08-31 | Quantum encryption communication method, communication terminal and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811011689.2A CN109067527B (en) | 2018-08-31 | 2018-08-31 | Quantum encryption communication method, communication terminal and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067527A CN109067527A (en) | 2018-12-21 |
| CN109067527B true CN109067527B (en) | 2020-12-22 |
Family
ID=64758138
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811011689.2A Active CN109067527B (en) | 2018-08-31 | 2018-08-31 | Quantum encryption communication method, communication terminal and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067527B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112118208B (en) * | 2019-06-20 | 2023-06-27 | 北京沃东天骏信息技术有限公司 | Method and device for reporting data |
| CN110490051A (en) * | 2019-07-03 | 2019-11-22 | 武汉虹识技术有限公司 | Iris authentication system and method |
| CN114765540A (en) * | 2020-12-31 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Secret key distribution and use method of quantum cryptography network expansion equipment |
| CN114244513B (en) * | 2021-12-31 | 2024-02-09 | 日晷科技(上海)有限公司 | Key negotiation method, device and storage medium |
| CN114844639B (en) | 2022-07-04 | 2022-09-06 | 中国长江三峡集团有限公司 | Data transmission method, system and storage medium based on quantum key |
| CN115833985A (en) * | 2022-11-16 | 2023-03-21 | 中国联合网络通信集团有限公司 | Time synchronization method, device, communication terminal and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8082443B2 (en) * | 2006-01-09 | 2011-12-20 | Bbnt Solutions Llc. | Pedigrees for quantum cryptography |
| CN104660603A (en) * | 2015-02-14 | 2015-05-27 | 山东量子科学技术研究院有限公司 | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) |
| CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
| CN107040377A (en) * | 2017-06-01 | 2017-08-11 | 浙江九州量子信息技术股份有限公司 | A kind of method for storing cipher key based on quantum secret communication |
| CN107995619A (en) * | 2018-01-28 | 2018-05-04 | 浙江科易理想量子信息技术有限公司 | A kind of quantum encryption communication method for mobile terminal |
| CN108429615A (en) * | 2018-01-10 | 2018-08-21 | 如般量子科技有限公司 | A kind of Stunnel communication means and Stunnel communication systems based on quantum key |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6478749B2 (en) * | 2015-03-24 | 2019-03-06 | 株式会社東芝 | Quantum key distribution apparatus, quantum key distribution system, and quantum key distribution method |
-
2018
- 2018-08-31 CN CN201811011689.2A patent/CN109067527B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8082443B2 (en) * | 2006-01-09 | 2011-12-20 | Bbnt Solutions Llc. | Pedigrees for quantum cryptography |
| CN104660603A (en) * | 2015-02-14 | 2015-05-27 | 山东量子科学技术研究院有限公司 | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) |
| CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
| CN107040377A (en) * | 2017-06-01 | 2017-08-11 | 浙江九州量子信息技术股份有限公司 | A kind of method for storing cipher key based on quantum secret communication |
| CN108429615A (en) * | 2018-01-10 | 2018-08-21 | 如般量子科技有限公司 | A kind of Stunnel communication means and Stunnel communication systems based on quantum key |
| CN107995619A (en) * | 2018-01-28 | 2018-05-04 | 浙江科易理想量子信息技术有限公司 | A kind of quantum encryption communication method for mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 具有双向认证功能的多方量子密钥分发;林崧;《中国科学:物理学 力学 天文学》;20150420(第4期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067527A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067527B (en) | Quantum encryption communication method, communication terminal and computer readable storage medium | |
| US11522838B2 (en) | Secure end-to-end transport through in intermediary nodes | |
| US10742422B1 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
| US11316677B2 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
| US10499243B2 (en) | Authentication of phone caller identity | |
| KR101572799B1 (en) | Secure printing between printer and print client device | |
| US10091650B2 (en) | Wireless terminal configuration method, device, and system | |
| US7539866B2 (en) | Method of cryptographing wireless data and apparatus using the method | |
| JP2019535153A (en) | Method and system for quantum key distribution based on trusted computing | |
| US20150358820A1 (en) | Method for Establishing Connection Between Devices, Configuration Device, and Wireless Device | |
| JP6556955B2 (en) | Communication terminal, server device, program | |
| KR102028092B1 (en) | Apparatus and method for reliable quantum signature | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| CN113221146A (en) | Method and device for data transmission between block chain nodes | |
| CN115622772A (en) | Financial data transmission method and application gateway for financial business service | |
| CN108206738B (en) | Quantum key output method and system | |
| US9083682B2 (en) | Communication device and computer program product | |
| CN108605046B (en) | Message pushing method and terminal | |
| CN110035032A (en) | Unlocked by fingerprint method and unlocked by fingerprint system | |
| US20210014052A1 (en) | Method and terminal for establishing security infrastructure and device | |
| CN115529128B (en) | SD-WAN-based end-to-end negotiation communication method, terminal equipment and server | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| US20230297708A1 (en) | System and method for managing data-file transmission and access right to data files | |
| CN118018226A (en) | Data transmission method and related product | |
| CN113852604A (en) | Plaintext data transmission method and apparatus, storage medium, and electronic apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: The invention relates to a quantum encrypted communication method, a communication terminal and a computer-readable storage medium Effective date of registration: 20211216 Granted publication date: 20201222 Pledgee: Industrial and Commercial Bank of China Limited Suzhou Industrial Park sub branch Pledgor: SUZHOU KEDA TECHNOLOGY Co.,Ltd. Registration number: Y2021320010565 |