CN113114460A - Quantum encryption-based power distribution network information secure transmission method - Google Patents

Quantum encryption-based power distribution network information secure transmission method Download PDF

Info

Publication number
CN113114460A
CN113114460A CN202110660049.XA CN202110660049A CN113114460A CN 113114460 A CN113114460 A CN 113114460A CN 202110660049 A CN202110660049 A CN 202110660049A CN 113114460 A CN113114460 A CN 113114460A
Authority
CN
China
Prior art keywords
information
quantum
encryption
server
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110660049.XA
Other languages
Chinese (zh)
Other versions
CN113114460B (en
Inventor
司为国
乐全明
单立新
刘家齐
刘伟浩
樊立波
吴靖
杜猛俊
郑伟彦
王凯
顾建炜
刘兴业
苏斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202110660049.XA priority Critical patent/CN113114460B/en
Publication of CN113114460A publication Critical patent/CN113114460A/en
Application granted granted Critical
Publication of CN113114460B publication Critical patent/CN113114460B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quantum encryption-based power distribution network information secure transmission method, which comprises the following steps: step S1, establishing communication; s2, the edge server acquires request information of the power distribution terminal, and generates a binary random number sequence L1 according to the occupation situation of the request information in the primary information block A; s3, the master station server generates a response information block according to the request information and generates a binary random number sequence L2 according to the occupation situation of the primary response information block; step S4, the quantum encryption server generates a key pool Q, and a public key pool Puk and a private key pool Pri are configured for the quantum key pool Q; step S5, respectively obtaining quantum keys by taking binary random number sequences L1 and L2 as random numbers; step S6, the edge server uses the obtained quantum secret key to encrypt, and the edge server uses the obtained quantum secret key to decrypt; and step S7, the power distribution and utilization terminal acquires corresponding response information. The scheme realizes the positioning encryption and decryption of the parallel data, and improves the encryption and decryption efficiency based on the quantum key.

Description

Quantum encryption-based power distribution network information secure transmission method
Technical Field
The invention relates to the technical field of information security of a power distribution network, in particular to a quantum encryption-based secure transmission method for information of the power distribution network.
Background
In order to improve the information safety protection level of a service master station, a channel and a terminal link, the national grid company limited issues standards or guiding documents such as ' safety protection technical specifications of power consumer power consumption information acquisition systems ' (Q/GDW 377-2009) ' network safety protection schemes of power distribution automation systems ' (Q/GDW 377-2009) ') and the like, so as to ensure the safe and stable operation of a power distribution network. However, the currently adopted security protection measures are more focused on a master station system with centralized deployment of software and hardware, and the security protection measures of service terminals and communication terminals with multiple points, wide areas and open environments are relatively weak. The field power distribution terminal is mainly accessed to the power distribution automation system through communication modes such as optical fibers and wireless networks, and with the enhancement of network attack means, the security risks such as information leakage, falsification and bypass control are increased increasingly, so that the power distribution automation system with multiple points, wide distribution faces the network attack risk from a public network or a private network, and the safe and reliable power supply of the power distribution system to users is further influenced.
Currently, distribution automation emphasizes real-time bidirectional interaction, and services only concern security protection of a master station side and authentication of a terminal on the master station. Because the distribution automation terminals are numerous, and old terminals which are not modified cannot support message encryption, a compatible mode of one-way authentication is mainly adopted in the distribution automation system, and an effective safety protection measure is urgently needed at a terminal side and an access network convergence side. The quantum secret communication technology utilizes a quantum uncertainty principle and the quantum state uncopyable characteristic to distribute a secure key, an attacker cannot measure and copy the key (quantum state), and the key can be found once eavesdropping is carried out, so that the quantum secret communication technology has higher security than a traditional key distribution mechanism, and the quantum secret communication can realize the secure classical communication in a point-to-point mode through a one-time pad encryption mode; the application process of quantum key distribution and encryption in the technical field of information security of the power distribution network is as follows: the quantum encryption server obtains a quantum key through negotiation and makes the quantum key into a key pool, the quantum key pool is distributed on line through an optical fiber quantum channel, the encryption terminal passively acquires the key pool and then selects one key to conduct quantum encryption on the power message instruction to be encrypted, the quantum key pool is updated until the key in the key pool is used up, and the decryption terminal obtains the key pool and then conducts quantum decryption on the encrypted power message instruction. The quantum key is randomly selected during quantum key encryption, when the number of the power message instructions transmitted in parallel is too large, a plurality of power message instructions are encrypted by the quantum key and then transmitted to the decryption terminal, and the decryption terminal is difficult to find the corresponding quantum key to decrypt the encrypted power message instructions; therefore, how to improve the quantum key encryption and decryption efficiency of the power distribution network system is a technical direction which needs to be overcome.
Chinese patent publication No.: CN 108880800B; a power distribution and utilization communication system and a method based on quantum secret communication are disclosed, wherein a first quantum key generation device and a second quantum key generation device of the power distribution and utilization communication system jointly negotiate to generate a quantum key; the quantum key management equipment stores and manages the quantum key; the first quantum key generation device distributes a quantum key to a terminal encryption module of the power distribution and consumption communication system in an online mode, the quantum key mobile storage device distributes the quantum key to the terminal encryption module in an offline mode, and the terminal encryption module encrypts and decrypts the data of the power distribution and consumption service of the power distribution and consumption terminal through the quantum key; and the master station encryption module encrypts and decrypts the data of the power distribution service passing the identity authentication through the quantum key. According to the scheme, the encryption module of the main station needs to encrypt and decrypt information after quantum encryption of the terminal encryption modules, and as the quantum keys of the terminal encryption modules are randomly selected (including an off-line mode and an on-line mode), the encryption module of the main station needs to traverse the quantum keys in the quantum key pool to decrypt the information after each terminal encryption information is sent to the main station, so that the encryption and decryption efficiency is greatly reduced.
Disclosure of Invention
The invention aims to solve the problem that the encryption and decryption efficiency of the quantum encryption technology on the parallel electric power data is low in the application process of the technical field of the information security of the power distribution network, and provides a quantum encryption-based information security transmission method for the power distribution network.
In order to achieve the technical purpose, the invention provides a technical scheme that a quantum encryption-based secure transmission method for information of a power distribution network comprises the following steps:
step S1, establishing communication:
all power distribution and utilization terminals in a management domain are in communication connection with an edge server, the edge server, a proxy server and a main station server realize information interaction through a power communication network, a quantum encryption server is in communication connection with the main station server, and the quantum encryption server distributes quantum keys to the proxy server and the edge server through quantum channels;
step S2, the edge server sequentially obtains the request information sent by the power distribution terminal, packs the request information into a first-level information block A and a second-level information block B according to the security level and sends the first-level information block A and the second-level information block B to the main station server: generating a binary random number sequence L1 according to the occupation situation of the request information in the first-level information block A;
step S3, the master station server generates a corresponding first-level response information block C and a corresponding second-level response information block D according to the request information, and sends the response information blocks to the proxy server; the proxy server generates a binary random number sequence L2 according to the occupation situation of the primary response information C in the primary response information block C;
step S4, the quantum encryption server generates m + n quantum key Q after receiving the control signal sent by the master station server, makes the m + n quantum key Q into a quantum key pool Q, and records Q = (Q)1,q2,···,qm+n) Distributing key storage addresses according to the quantum key generation sequence numbers, wherein each key storage address bit stores a quantum key of a corresponding sequence number; configuring a public key pool Puk and a private key pool Pri for the quantum key pool Q, and recording as follows: pub = (puk)1,puk2,···,pukm+n);Pri=(pri1,pri2,···,prim+n) The public key number in the public key pool Puk corresponds to the quantum key generation sequence number; the private key number of the private key pool Pri corresponds to the public key number in the public key pool Puk one by one;
step S5, the proxy server takes a binary random number sequence L1 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and further quantum encryption is carried out on the primary response information c to obtain primary response encryption information cx; encrypting the primary response information block C and the secondary response information block D after the quantum key is encrypted, and then sending the encrypted primary response information block C and the encrypted secondary response information block D to an edge server;
synchronously, the edge server takes a binary random number sequence L2 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and stores the quantum key q in a key storage unit;
step S6, the edge server acquires the first-level response information block C and the second-level response information block D and carries out authentication decryption on the first-level response information block C and the second-level response information block D, and the decrypted first-level response information block C is decrypted through the quantum key q;
and step S7, the edge server sends the response information corresponding to the request information to the corresponding power distribution and utilization terminal.
In the scheme, the edge server, the master station server and the proxy server are respectively in communication connection with the quantum encryption server, and the quantum encryption server distributes keys to the proxy server and the edge server through a quantum channel, so that the possibility of interception and decryption of information in the key transmission process is eliminated; the request information is sent to the edge server and is packaged into a first-level information block A and a second-level information block B according to the security level and is sent to the main station server, the main station server generates response information according to the request information and replaces the request information of corresponding bits, the quantum encryption server receives an excitation signal of the main station server and generates a quantum key to form a quantum key pool, the proxy server and the edge server synchronously acquire the quantum key according to an oblivious transmission protocol, and due to the fact that binary random numbers are the same, the quantum key acquired from the quantum encryption server is also the same, the acquired quantum key is used for encrypting and decrypting information on corresponding occupation, and the encryption and decryption efficiency is remarkably improved; the quantum encryption server generates m + n quantum keys for the first time to form a key pool Q, in order to accurately obtain the corresponding quantum keys by the proxy server and the edge server, a corresponding public key puk and a corresponding private key pri are configured for the key Q of the quantum key pool, the quantum keys on corresponding positions can be actively obtained through an inadvertent transmission protocol, and the quantum encryption server does not know which quantum key is obtained by the proxy server or the edge server, so that the security of quantum key distribution is further guaranteed.
Preferably, the step of packaging the request information into the first-level information block a and the second-level information block B according to the security level in step S2 includes the steps of:
in step S21, the primary information block a contains m pieces of primary request information a, and a = (a)1,a2,···,am) (ii) a The secondary information block B comprises n pieces of secondary request information B, and B =is recorded(b1,b2,···,bn) (ii) a Two groups of registers E1 and E2 are arranged in the proxy server, a storage space matched with the first-level information block A is distributed in the register E1, and a storage space matched with the second-level information block B is distributed in the register E2; m + n information storage bits are arranged in the storage space, and address codes of the information storage bits correspond to the numbers of the power distribution and utilization terminals; the request information comprises request information such as remote signaling, remote measuring, remote control and the like, identification tags are set according to the preset security level of the request information, the proxy server receives the request information and stores the request information in two groups of registers E1 and E2 respectively according to the identification tags, and the placement positions of the proxy server in the registers are distributed according to the numbers of the power distribution terminals in the management domain;
s22, placing the corresponding primary request information a on the corresponding information storage bit by the register E1 according to the number of the power distribution terminal, and generating a corresponding binary random number sequence L1 according to the position occupying information;
s23, a register E2 places the corresponding secondary request information b on the corresponding information storage bit according to the number of the power distribution terminal;
s24, packaging the information in the storage space of the register E1, encrypting the information through a public key of the master station server, signing the encrypted information by a private key of the proxy server, packaging the signed information into a primary information block A and sending the primary information block A to the master station server;
and S25, packaging the information in the storage space of the register E2, encrypting the information through the public key of the master station server, signing the encrypted information by the private key of the proxy server, packaging the signed information into a secondary information block B, and sending the secondary information block B to the master station server.
Preferably, the binary random number sequence L1 is generated as follows:
m + n information storage bits are arranged in the register E1, a binary random number sequence L1 is generated according to the occupation situation of the information storage bits, wherein the sequence bit information of the binary sequence is matched with the occupation information of the information storage bits; the occupation of the information storage bits is marked as null and is marked as '0', and the occupation of the information storage bits is marked as non-null and is marked as '1'.
Preferably, the step S3 of sending the response message block to the proxy server includes the steps of:
s31, the first-level information block A and the second-level information block B are received by a security gateway of the main station server, source reliability verification is respectively carried out on the first-level information block A and the second-level information block B by adopting a public key of the edge server, after the source reliability verification is successful, the step S32 is executed, and if the source reliability verification is unsuccessful, the report is discarded;
step S32, decrypting the first-level information block A and the second-level information block B by using a private key of the master station server, and sequentially reading first-level request information a and second-level request information B by the master station server according to information storage positions;
step S33, the master station server generates primary response information c according to the primary request information a, and replaces the primary request information a on the corresponding place occupation with the primary response information c on the information storage position;
step S34, the master station server generates secondary response information d according to the secondary request information b, and replaces the secondary request information b on the corresponding place occupation with the secondary response information d on the information storage position;
and step S35, the master station server packs the replaced information blocks into a primary response information block C and a secondary response information block D respectively, sends the primary response information block C to the primary information unit of the proxy server, and sends the secondary response information block D to the secondary information unit of the proxy server.
In the scheme, the response information is adopted to replace the request information on the corresponding bit, so that the response information is transmitted subsequently, the data block is thinned, the memory of the system is saved, and the information receiving and transmitting speed is improved.
Preferably, the binary random number sequence L2 is generated as follows:
the proxy server generates a binary random number sequence L2 according to the occupation situation of the information storage bits in the primary information unit, wherein the occupation of the information storage bits is null and is marked as '0', and the occupation of the information storage bits is non-null and is marked as '1'.
Preferably, the quantum encryption of the primary response information c in step S5 includes the following steps:
step S511, the master station encryption and decryption module at the proxy server side sequentially obtains public keys Puk with corresponding numbers in a public key pool Puk in the quantum encryption server according to the serial number of the non-empty binary random number sequence L2;
s512, encrypting the random number sequence L2 into a ciphertext by using a public key puk, and sending the ciphertext to a quantum encryption server;
step S513, the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding numbered quantum key q and then is sent to the master station encryption and decryption module through a quantum channel;
step S514, the main station encryption and decryption module carries out XOR operation on the received information in sequence by adopting a real binary random number sequence L2 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the XOR operation is finished, and the step S512 is executed again; until finding out the quantum key q of all corresponding bits;
and step S515, quantum encryption is sequentially carried out on the primary response information c on the corresponding information storage bit in the primary information unit by using the obtained quantum key q to obtain primary response encryption information cx.
Preferably, storing the quantum key q in the key storage unit comprises the steps of:
step S521, after the quantum encryption server completes the key pool Q, the terminal encryption and decryption module at the edge server side sequentially obtains the public keys Puk with corresponding numbers in the public key pool Puk of the quantum encryption server according to the serial number of the binary random number sequence L1 with the sequence being the value of '1';
step S522, after the random number sequence L1 is encrypted into a ciphertext by adopting the public key puk, the ciphertext is sent to a quantum encryption server;
the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding number quantum key q and then is sent to the terminal encryption and decryption module through a quantum channel;
step S523, the terminal encryption and decryption module carries out XOR on the received information in sequence by adopting a real binary random number sequence L1 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the round of XOR operation is finished, and step S522 is executed again; until finding out the quantum key q of all corresponding bits;
step S524, the obtained quantum keys q are sequentially placed in a key storage unit on the proxy server side, where the key storage unit has m + n information storage bits, an occupation of the information storage bits corresponds to the random number sequence L1 serial number, and the quantum keys obtained corresponding to the serial numbers are placed on the occupation of the corresponding information storage bits.
Preferably, step S6 includes the steps of:
step S61, after the first-level information block A and the second-level information block B are received by the edge server, source reliability verification (the information reliability verification can also adopt a symmetric encryption mode) is respectively carried out on the first-level response information block C and the second-level response information block D by adopting a public key of the proxy server, after the verification is successful, step S62 is executed, and if the verification is unsuccessful, the report is discarded;
step S62, the private key of the proxy server is used for decrypting the information of the first-level response information block C and the second-level response information block D, the proxy server stores the first-level response information block C in a register E1, and the second-level response information block D in a register E2;
step S63, the first order response encryption information cx in the first order response information block C replaces the first order request information a on the corresponding information storage bit in sequence; sequentially decrypting the first-stage response encryption information cx on the information storage bit through the terminal encryption and decryption module to obtain first-stage response information c;
step S64, the secondary response information D in the secondary response information block D replaces the secondary request information b on the corresponding information storage bit in sequence;
and step S65, sequentially distributing the replaced and decrypted primary response information c and secondary response information d to corresponding power distribution terminals.
In the scheme, as the single secondary response information D in the secondary response information block D is not subjected to quantum encryption, only the secondary response information block D is encrypted (in an asymmetric encryption mode or a symmetric encryption mode), the secondary response information block D can be read from the corresponding position in the secondary response information block after being successfully authenticated and decrypted by the edge server; each piece of primary response information C in the primary response information block C is encrypted by different quantum keys and then packaged into the primary response information block C, and the primary response information block C is encrypted and sent to the edge server, so that after the primary response information block C is successfully authenticated and decrypted by the edge server, the primary response encryption information cx on the corresponding bit of the primary response information block C still cannot be read, and the corresponding bit information of the primary response information block C needs to be sequentially decrypted by further adopting the quantum keys.
Preferably, the decryption of the primary response encryption information cx includes the following steps:
after the first-level response encryption information cx replaces the first-level request information a on the corresponding information storage bit, the terminal encryption and decryption module establishes a one-to-one correspondence relationship between the information storage bit of the key storage unit and the information storage bit of the register E1;
and the terminal encryption and decryption module sequentially acquires the quantum keys on the key storage unit, and quantum decryption is carried out on the primary response encryption information cx on the information storage bit corresponding to the acquired quantum keys by adopting the acquired quantum keys to obtain primary response information c.
Preferably, the method further comprises the step of updating the quantum key pool by the quantum encryption and decryption server, and the method comprises the following steps:
after the quantum encryption server receives a next excitation signal sent by the master station server, the proxy server synchronizes the vector sub-encryption server and sends a binary random number sequence L1, and the serial numbers of the binary random number sequence L1 correspond to the serial numbers of the quantum key pool one by one; the quantum encryption and decryption server generates m new quantum keys according to the number of '1' in the binary random number sequence L1;
and sequentially replacing the quantum keys on the corresponding sequence numbers of the original quantum key pool Q with the m quantum keys to generate a new quantum key pool.
In the scheme, m + n quantum keys are generated for the first time, the number of used keys is m, then in the next round of encryption and decryption, the number of keys generated by the quantum encryption server is m of the number of keys distributed in the previous time, and the used keys are replaced by bits and the key pool is updated according to the rule of a binary random number sequence L1 distributed by the previous key; the method ensures that the key distributed by the quantum encryption server every time is not repeated and no key is wasted, really achieves one-time pad without repetition, and further improves the security of information encryption.
The invention has the beneficial effects that:
1. the quantum encryption based power distribution network information secure transmission method provided by the invention adopts the deep fusion of the quantum encryption technology and the power distribution network system, so that the secure reliability of information transmission is obviously improved;
2. the request information is sent to the edge server and is packaged into a first-level information block A and a second-level information block B according to the security level and is sent to the main station server, the main station server generates response information according to the request information and replaces the request information of corresponding bits, the quantum encryption server receives an excitation signal of the main station server and generates a quantum key to form a quantum key pool, the proxy server and the edge server synchronously acquire the quantum key according to an oblivious transmission protocol, and due to the fact that binary random numbers are the same, the quantum key acquired from the quantum encryption server is also the same, the acquired quantum key is used for encrypting and decrypting information on corresponding occupation, and the encryption and decryption efficiency is remarkably improved;
3. the key number generated by the quantum encryption server is the key number distributed in the previous time, and the used key is replaced by bits and the key pool is updated according to the rule of the binary random number sequence L1 distributed in the previous time; the method ensures that the secret key distributed by the quantum encryption server each time is not repeated and no secret key is wasted, really realizes that the dynamic regulation of the secret key is not repeated, and further improves the security of information encryption.
Drawings
Fig. 1 is a schematic structural diagram of a quantum encryption-based power distribution network system according to the present invention.
Fig. 2 is a flowchart of a method for securely transmitting information of a power distribution network based on quantum cryptography according to the present invention.
FIG. 3 is a data flow processing guide diagram according to an embodiment of the present invention.
The notation in the figure is: the system comprises a main station server 1, an edge server 2, a proxy server 3, an electricity distribution and utilization terminal 4, a quantum encryption server 5, a communication base station 6, a security gateway 11, a terminal encryption and decryption module 21, a key storage unit 22, a main station encryption and decryption module 31, a primary information unit 32 and a secondary information unit 33.
Detailed Description
For the purpose of better understanding the objects, technical solutions and advantages of the present invention, the following detailed description of the present invention with reference to the accompanying drawings and examples should be understood that the specific embodiment described herein is only a preferred embodiment of the present invention, and is only used for explaining the present invention, and not for limiting the scope of the present invention, and all other embodiments obtained by a person of ordinary skill in the art without making creative efforts shall fall within the scope of the present invention.
Example (b):
as shown in fig. 1, a power distribution network system based on quantum encryption is composed of an edge server 2, a master station server 1, a proxy server 3, a plurality of power distribution and utilization terminals 4, a quantum encryption server 5 and a communication base station 6, wherein a terminal encryption and decryption module 21 and a key storage unit 22 are arranged on the edge server side, a master station encryption and decryption module 31, a primary information unit 32 and a secondary information unit 33 are arranged on the proxy server side, a security gateway 11 is arranged on the master station server side, a plurality of terminal servers are connected with the edge server, the edge server is in communication connection with the master station server through the communication base station and sends request information to the security gateway for identity authentication, and the edge server, the master station server and the proxy server are in communication connection with the quantum encryption server; the quantum encryption server distributes the keys to the proxy server and the edge server through the quantum channel, so that the possibility of intercepting and cracking information in the key transmission process is avoided; the request information is sent to the edge server and is packaged into a first-level information block A and a second-level information block B according to the security level and is sent to the main station server, the main station server generates response information according to the request information, replaces the request information of corresponding bits and respectively transmits the request information to the first-level information unit and the second-level information unit, the quantum encryption server receives an excitation signal of the main station server to generate a quantum key to form a quantum key pool, the proxy server and the edge server synchronously acquire the quantum key according to an oblivious transmission protocol, the quantum keys acquired from the quantum encryption server are the same due to the same binary random numbers, and the acquired quantum key q is used for encrypting and decrypting information on corresponding occupation, so that the encryption and decryption efficiency is obviously improved; the quantum encryption server generates m + n quantum keys for the first time to form a key pool Q, in order to accurately obtain the corresponding quantum keys by the proxy server and the edge server, a corresponding public key puk and a corresponding private key pri are configured for the key Q of the quantum key pool, the quantum keys on corresponding positions can be actively obtained through an inadvertent transmission protocol, and the quantum encryption server does not know which quantum key is obtained by the proxy server or the edge server, so that the security of quantum key distribution is further guaranteed.
As shown in fig. 2, a method for securely transmitting information of a power distribution network based on quantum cryptography, which is suitable for the power distribution network system based on quantum cryptography shown in fig. 1, includes the following steps:
step S1, establishing communication:
all power distribution and utilization terminals in the management domain are in communication connection with the edge server, the proxy server and the main station server realize information interaction through a power communication network, the quantum encryption server is in communication connection with the main station server, and the quantum encryption server distributes quantum keys to the proxy server and the edge server through quantum channels.
Step S2, the edge server sequentially obtains request information sent by the power distribution terminal, packs the request information into a first-level information block A and a second-level information block B according to the security level and sends the first-level information block A and the second-level information block B to the master station server; generating a binary random number sequence L1 according to the occupation situation of the request information in the first-level information block A;
the method for packaging the request information into the first-level information block A and the second-level information block B according to the security level comprises the following steps:
step S21, primary information block A packetContains m pieces of primary request information a, and takes A = (a)1,a2,···,am) (ii) a The secondary information block B comprises n pieces of secondary request information B, and B = (B)1,b2,···,bn) (ii) a Two groups of registers E1 and E2 are arranged in the proxy server, a storage space matched with the first-level information block A is distributed in the register E1, and a storage space matched with the second-level information block B is distributed in the register E2; m + n information storage bits are arranged in the storage space, and address codes of the information storage bits correspond to the numbers of the power distribution and utilization terminals; the request information comprises request information such as remote signaling, remote measuring, remote control and the like, identification tags are set according to the preset security level of the request information, the proxy server receives the request information and stores the request information in two groups of registers E1 and E2 respectively according to the identification tags, and the placement positions of the proxy server in the registers are distributed according to the numbers of the power distribution terminals in the management domain;
s22, placing the corresponding primary request information a on the corresponding information storage bit by the register E1 according to the number of the power distribution terminal, and generating a corresponding binary random number sequence L1 according to the position occupying information;
s23, a register E2 places the corresponding secondary request information b on the corresponding information storage bit according to the number of the power distribution terminal;
s24, packaging the information in the storage space of the register E1, encrypting the information through a public key of the master station server, signing the encrypted information by a private key of the proxy server, packaging the signed information into a primary information block A and sending the primary information block A to the master station server;
and S25, packaging the information in the storage space of the register E2, encrypting the information through the public key of the master station server, signing the encrypted information by the private key of the proxy server, packaging the signed information into a secondary information block B, and sending the secondary information block B to the master station server.
The binary random number sequence L1 is generated as follows:
m + n information storage bits are arranged in the register E1, a binary random number sequence L1 is generated according to the occupation situation of the information storage bits, wherein the sequence bit information of the binary sequence is matched with the occupation information of the information storage bits; the occupation of the information storage bits is marked as null and is marked as '0', and the occupation of the information storage bits is marked as non-null and is marked as '1'.
Step S3, the master station server generates a corresponding first-level response information block C and a corresponding second-level response information block D according to the request information, and sends the response information blocks to the proxy server; the proxy server generates a binary random number sequence L2 according to the occupation situation of the primary response information C in the primary response information block C;
wherein, sending the response information block to the proxy server comprises the following steps:
s31, the first-level information block A and the second-level information block B are received by a security gateway of the main station server, source reliability verification is respectively carried out on the first-level information block A and the second-level information block B by adopting a public key of the edge server, after the source reliability verification is successful, the step S32 is executed, and if the source reliability verification is unsuccessful, the report is discarded;
step S32, decrypting the first-level information block A and the second-level information block B by using a private key of the master station server, and sequentially reading first-level request information a and second-level request information B by the master station server according to information storage positions;
step S33, the master station server generates primary response information c according to the primary request information a, and replaces the primary request information a on the corresponding place occupation with the primary response information c on the information storage position;
step S34, the master station server generates secondary response information d according to the secondary request information b, and replaces the secondary request information b on the corresponding place occupation with the secondary response information d on the information storage position;
step S35, the master station server packs the replaced information blocks into a primary response information block C and a secondary response information block D respectively, sends the primary response information block C to a primary information unit of the proxy server, and sends the secondary response information block D to a secondary information unit of the proxy server; because the response information is adopted to replace the request information on the corresponding bit, the response information is transmitted subsequently, the data block is thinned, the memory of the system is saved, and the information receiving and transmitting speed is improved.
The binary random number sequence L2 is generated as follows:
the proxy server generates a binary random number sequence L2 according to the occupation situation of the information storage bits in the primary information unit, wherein the occupation of the information storage bits is null and is marked as '0', and the occupation of the information storage bits is non-null and is marked as '1'.
Step S4, the quantum encryption server generates m + n quantum key Q after receiving the control signal sent by the master station server, makes the m + n quantum key Q into a quantum key pool Q, and records Q = (Q)1,q2,···,qm+n) Distributing key storage addresses according to the quantum key generation sequence numbers, wherein each key storage address bit stores a quantum key of a corresponding sequence number; configuring a public key pool Puk and a private key pool Pri for the quantum key pool Q, and recording as follows: pub = (puk)1,puk2,···,pukm+n);Pri=(pri1,pri2,···,prim+n) The public key number in the public key pool Puk corresponds to the quantum key generation sequence number; the private key numbers of the private key pool Pri correspond to the public key numbers in the public key pool Puk one by one.
Step S5, the proxy server takes a binary random number sequence L1 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and further quantum encryption is carried out on the primary response information c to obtain primary response encryption information cx; encrypting the primary response information block C and the secondary response information block D after the quantum key is encrypted, and then sending the encrypted primary response information block C and the encrypted secondary response information block D to an edge server;
the quantum encryption of the first-level response information c comprises the following steps:
step S511, the master station encryption and decryption module at the proxy server side sequentially obtains public keys Puk with corresponding numbers in a public key pool Puk in the quantum encryption server according to the serial number of the non-empty binary random number sequence L2;
s512, encrypting the random number sequence L2 into a ciphertext by using a public key puk, and sending the ciphertext to a quantum encryption server;
step S513, the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding numbered quantum key q and then is sent to the master station encryption and decryption module through a quantum channel;
step S514, the main station encryption and decryption module carries out XOR operation on the received information in sequence by adopting a real binary random number sequence L2 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the XOR operation is finished, and the step S512 is executed again; until finding out the quantum key q of all corresponding bits;
and step S515, quantum encryption is sequentially carried out on the primary response information c on the corresponding information storage bit in the primary information unit by using the obtained quantum key q to obtain primary response encryption information cx.
Synchronously, the edge server takes a binary random number sequence L2 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and stores the quantum key q in a key storage unit;
the method for storing the quantum key q in the key storage unit comprises the following steps:
step S521, after the quantum encryption server completes the key pool Q, the terminal encryption and decryption module at the edge server side sequentially obtains the public keys Puk with corresponding numbers in the public key pool Puk of the quantum encryption server according to the serial number of the binary random number sequence L1 with the sequence being the value of '1';
step S522, after the random number sequence L1 is encrypted into a ciphertext by adopting the public key puk, the ciphertext is sent to a quantum encryption server;
the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding number quantum key q and then is sent to the terminal encryption and decryption module through a quantum channel;
step S523, the terminal encryption and decryption module carries out XOR on the received information in sequence by adopting a real binary random number sequence L1 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the round of XOR operation is finished, and step S522 is executed again; until finding out the quantum key q of all corresponding bits;
step S524, the obtained quantum keys q are sequentially placed in a key storage unit on the proxy server side, where the key storage unit has m + n information storage bits, an occupation of the information storage bits corresponds to the random number sequence L1 serial number, and the quantum keys obtained corresponding to the serial numbers are placed on the occupation of the corresponding information storage bits.
Step S6, the edge server acquires the first-level response information block C and the second-level response information block D and carries out authentication decryption on the first-level response information block C and the second-level response information block D, and the decrypted first-level response information block C is decrypted through the quantum key q; the method comprises the following steps:
step S61, after the first-level information block A and the second-level information block B are received by the edge server, the public key of the proxy server is adopted to respectively carry out source reliability verification (a symmetric encryption mode can also be adopted) on the first-level response information block C and the second-level response information block D, after the verification is successful, step S62 is executed, and if the verification is unsuccessful, the report is discarded;
step S62, the private key of the proxy server is used for decrypting the information of the first-level response information block C and the second-level response information block D, the proxy server stores the first-level response information block C in a register E1, and the second-level response information block D in a register E2;
step S63, the first order response encryption information cx in the first order response information block C replaces the first order request information a on the corresponding information storage bit in sequence; sequentially decrypting the first-stage response encryption information cx on the information storage bit through the terminal encryption and decryption module to obtain first-stage response information c;
step S64, the secondary response information D in the secondary response information block D replaces the secondary request information b on the corresponding information storage bit in sequence;
and step S65, sequentially distributing the replaced and decrypted primary response information c and secondary response information d to corresponding power distribution terminals.
In this embodiment, since the single secondary response information D in the secondary response information block D is not subjected to quantum encryption, but only the secondary response information block D is encrypted (by adopting an asymmetric encryption manner or a symmetric encryption manner), the secondary response information block D can be read from the corresponding secondary response information D in the secondary response information block after being successfully authenticated and decrypted by the edge server; each piece of primary response information C in the primary response information block C is encrypted by different quantum keys and then packaged into the primary response information block C, and the primary response information block C is encrypted and sent to the edge server, so that after the primary response information block C is successfully authenticated and decrypted by the edge server, the primary response encryption information cx on the corresponding bit of the primary response information block C still cannot be read, and the corresponding bit information of the primary response information block C needs to be sequentially decrypted by further adopting the quantum keys.
The decryption of the primary response encryption information cx comprises the following steps:
after the first-level response encryption information cx replaces the first-level request information a on the corresponding information storage bit, the terminal encryption and decryption module establishes a one-to-one correspondence relationship between the information storage bit of the key storage unit and the information storage bit of the register E1;
and the terminal encryption and decryption module sequentially acquires the quantum keys on the key storage unit, and quantum decryption is carried out on the primary response encryption information cx on the information storage bit corresponding to the acquired quantum keys by adopting the acquired quantum keys to obtain primary response information c.
And step S7, the edge server sends the response information corresponding to the request information to the corresponding power distribution and utilization terminals, and the power distribution and utilization terminals sequentially receive the corresponding response information to execute corresponding instruction operation.
The quantum encryption and decryption server updates the quantum key pool, and comprises the following steps:
after the quantum encryption server receives a next excitation signal sent by the master station server, the proxy server synchronizes the vector sub-encryption server and sends a binary random number sequence L1, and the serial numbers of the binary random number sequence L1 correspond to the serial numbers of the quantum key pool one by one; the quantum encryption and decryption server generates m new quantum keys according to the number of '1' in the binary random number sequence L1;
and sequentially replacing the quantum keys on the corresponding sequence numbers of the original quantum key pool Q with the m quantum keys to generate a new quantum key pool.
In this embodiment, m + n quantum keys are generated for the first time, the number of keys used is m, then in the next round of encryption and decryption, the number of keys generated by the quantum encryption server is m of the number of keys distributed in the previous time, and the keys that have been used are replaced by bits and the key pool is updated according to the rule of the binary random number sequence L1 distributed by the previous time of keys; the method ensures that the key distributed by the quantum encryption server every time is not repeated and no key is wasted, really achieves one-time pad without repetition, and further improves the security of information encryption.
As shown in fig. 3, an application example of the method for transmitting information of a power distribution network based on quantum cryptography is used to show the data processing idea of the present invention, and cannot be used as a limitation to the application scope of the present invention;
the number of the power distribution terminals owned in the administrative domain is 10, wherein m =5, n =5, and the first-level information block is represented by a = (a)1,a2,···,a5) Second level information block B = (B)1,b2,···,b5);
The register E1 and the register E2 are provided with 10 information storage bits for respectively storing the primary request information in the primary information block and the secondary request information in the secondary information block; the request information in the first-level information block is set to be respectively numbered by the power distribution and utilization terminal as follows: 2/4/5/7/10, the request information in the secondary information block is respectively numbered by the power distribution and utilization terminal as follows: 1/3/6/8/9 is sent out;
a generation method according to the binary random number L1; l1=0101101001, wherein the request information is an IEC104 protocol message; classifying the messages according to the types of the messages (mainly comprising remote measurement, remote signaling and remote control signals, and classifying the messages into primary information and secondary information according to the security level of the signals, wherein quantum encryption is adopted for one type of information, and a national network encryption mode is adopted for the second type of information);
the master station server generates a corresponding primary response information block C = (C) according to the request information1,c2,···,c5) Two-stage response information block D = (D)1,d2,···,d5);
A generation method according to the binary random number L1; l2= 0101101001; the L1 and the L2 are the same;
quantum key pool Q = (Q)1,q2,···,q10) (ii) a Public key pool Pub = (puk)1,puk2,···,puk10) (ii) a Private key pool Pri = (Pri)1,pri2,···,pri10) (ii) a The quantum key obtained by actively acquiring the random numbers L1 and L2 respectively in an inadvertent transmission protocol mode is (q)2,q4,q5,q7,q10) (in the process, quantum key acquisition is carried out synchronously, so that a large amount of time is saved for quantum decryption, and the encryption and decryption efficiency of the power distribution network information is further improved);
the master station encryption and decryption module encrypts the primary response information c through the quantum key to obtain primary encrypted response information cx; the terminal encryption and decryption module encrypts the primary encrypted response information cx on the corresponding bit through the quantum key to obtain c, and distributes the decrypted response information to the power distribution and utilization terminal with the corresponding number to realize accurate control.
The above-mentioned embodiments are preferred embodiments of the method for securely transmitting information in a power distribution network based on quantum cryptography, and the scope of the present invention is not limited thereto, and all equivalent changes made in the shape and structure of the present invention are within the scope of the present invention.

Claims (10)

1. A quantum encryption-based power distribution network information secure transmission method is characterized by comprising the following steps: the method comprises the following steps:
step S1, establishing communication:
all power distribution and utilization terminals in a management domain are in communication connection with an edge server, the edge server, a proxy server and a main station server realize information interaction through a power communication network, a quantum encryption server is in communication connection with the main station server, and the quantum encryption server distributes quantum keys to the proxy server and the edge server through quantum channels;
step S2, the edge server sequentially obtains request information sent by the power distribution terminal, packs the request information into a first-level information block A and a second-level information block B according to the security level and sends the first-level information block A and the second-level information block B to the master station server; generating a binary random number sequence L1 according to the occupation situation of the request information in the first-level information block A;
step S3, the master station server generates a corresponding first-level response information block C and a corresponding second-level response information block D according to the request information, and sends the response information blocks to the proxy server; the proxy server generates a binary random number sequence L2 according to the occupation situation of the primary response information C in the primary response information block C;
step S4, the quantum encryption server receives the control signal sent by the master station server, generates m + n quantum keys Q to make quantum key pools Q, and distributes key storage addresses according to the quantum key generation sequence numbers, wherein each key storage address bit stores the quantum key corresponding to the sequence number; configuring a public key pool Puk and a private key pool Pri for the quantum key pool Q, wherein public key numbers in the public key pool Puk correspond to quantum key generation sequence numbers; the private key number of the private key pool Pri corresponds to the public key number in the public key pool Puk one by one;
step S5, the proxy server takes a binary random number sequence L1 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and further quantum encryption is carried out on the primary response information c to obtain primary response encryption information cx; encrypting the primary response information block C and the secondary response information block D after the quantum key is encrypted, and then sending the encrypted primary response information block C and the encrypted secondary response information block D to an edge server;
synchronously, the edge server takes a binary random number sequence L2 as a random number to obtain a quantum key q distributed by the quantum encryption server through an oblivious transmission protocol, and stores the quantum key q in a key storage unit;
step S6, the edge server acquires the first-level response information block C and the second-level response information block D and carries out authentication decryption on the first-level response information block C and the second-level response information block D, and the decrypted first-level response information block C is decrypted through the quantum key q;
and step S7, the edge server sends the response information corresponding to the request information to the corresponding power distribution and utilization terminal.
2. The quantum encryption-based power distribution network information secure transmission method according to claim 1, characterized in that:
in step S2, the step of packaging the request information into the first-level information block a and the second-level information block B according to the security level includes the steps of:
in step S21, the primary information block a contains m pieces of primary request information a, and a = (a)1,a2,···,am) (ii) a The secondary information block B comprises n pieces of secondary request information B, and B = (B)1,b2,···,bn) (ii) a Two groups of registers E1 and E2 are arranged in the proxy server, a storage space matched with the first-level information block A is distributed in the register E1, and a storage space matched with the second-level information block B is distributed in the register E2; m + n information storage bits are arranged in the storage space, and address codes of the information storage bits correspond to the numbers of the power distribution and utilization terminals;
s22, placing the corresponding primary request information a on the corresponding information storage bit by the register E1 according to the number of the power distribution terminal, and generating a corresponding binary random number sequence L1 according to the position occupying information;
s23, a register E2 places the corresponding secondary request information b on the corresponding information storage bit according to the number of the power distribution terminal;
s24, packaging the information in the storage space of the register E1, encrypting the information through a public key of the master station server, signing the encrypted information by a private key of the proxy server, packaging the signed information into a primary information block A and sending the primary information block A to the master station server;
and S25, packaging the information in the storage space of the register E2, encrypting the information through the public key of the master station server, signing the encrypted information by the private key of the proxy server, packaging the signed information into a secondary information block B, and sending the secondary information block B to the master station server.
3. The quantum encryption-based power distribution network information secure transmission method according to claim 1 or 2, characterized in that:
the binary random number sequence L1 is generated as follows:
m + n information storage bits are arranged in the register E1, a binary random number sequence L1 is generated according to the occupation situation of the information storage bits, wherein the sequence bit information of the binary sequence is matched with the occupation information of the information storage bits; the occupation of the information storage bits is marked as null and is marked as '0', and the occupation of the information storage bits is marked as non-null and is marked as '1'.
4. The quantum encryption-based power distribution network information secure transmission method according to claim 1 or 2, characterized in that: in step S3, the sending of the response message block to the proxy server includes the following steps:
s31, the first-level information block A and the second-level information block B are received by a security gateway of the main station server, source reliability verification is respectively carried out on the first-level information block A and the second-level information block B by adopting a public key of the edge server, after the source reliability verification is successful, the step S32 is executed, and if the source reliability verification is unsuccessful, the report is discarded;
step S32, decrypting the first-level information block A and the second-level information block B by using a private key of the master station server, and sequentially reading first-level request information a and second-level request information B by the master station server according to information storage positions;
step S33, the master station server generates primary response information c according to the primary request information a, and replaces the primary request information a on the corresponding place occupation with the primary response information c on the information storage position;
step S34, the master station server generates secondary response information d according to the secondary request information b, and replaces the secondary request information b on the corresponding place occupation with the secondary response information d on the information storage position;
and step S35, the master station server packs the replaced information blocks into a primary response information block C and a secondary response information block D respectively, sends the primary response information block C to the primary information unit of the proxy server, and sends the secondary response information block D to the secondary information unit of the proxy server.
5. The quantum encryption-based power distribution network information secure transmission method according to claim 4, characterized in that:
the binary random number sequence L2 is generated as follows:
the proxy server generates a binary random number sequence L2 according to the occupation situation of the information storage bits in the primary information unit, wherein the occupation of the information storage bits is null and is marked as '0', and the occupation of the information storage bits is non-null and is marked as '1'.
6. The quantum encryption-based power distribution network information secure transmission method according to claim 1, characterized in that:
in step S5, quantum encryption of the primary response information c includes the following steps:
step S511, the master station encryption and decryption module at the proxy server side sequentially obtains public keys Puk with corresponding numbers in a public key pool Puk in the quantum encryption server according to the serial number of the non-empty binary random number sequence L2;
s512, encrypting the random number sequence L2 into a ciphertext by using a public key puk, and sending the ciphertext to a quantum encryption server;
step S513, the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding numbered quantum key q and then is sent to the master station encryption and decryption module through a quantum channel;
step S514, the main station encryption and decryption module carries out XOR operation on the received information in sequence by adopting a real binary random number sequence L2 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the XOR operation is finished, and the step S512 is executed again; until finding out the quantum key q of all corresponding bits;
and step S515, quantum encryption is sequentially carried out on the primary response information c on the corresponding information storage bit in the primary information unit by using the obtained quantum key q to obtain primary response encryption information cx.
7. The quantum encryption-based power distribution network information secure transmission method according to claim 1, characterized in that:
storing the quantum key q in a key storage unit comprises the following steps:
step S521, after the quantum encryption server completes the key pool Q, the terminal encryption and decryption module at the edge server side sequentially obtains the public keys Puk with corresponding numbers in the public key pool Puk of the quantum encryption server according to the serial number of the binary random number sequence L1 with the sequence being the value of '1';
step S522, after the random number sequence L1 is encrypted into a ciphertext by adopting the public key puk, the ciphertext is sent to a quantum encryption server;
the quantum encryption server decrypts the ciphertext information in sequence by adopting a private key to obtain m + n groups of binary random number sequences, and each group of binary random number sequences is XOR-ed with the corresponding number quantum key q and then is sent to the terminal encryption and decryption module through a quantum channel;
step S523, the terminal encryption and decryption module carries out XOR on the received information in sequence by adopting a real binary random number sequence L1 to obtain a quantum key q of a required corresponding bit, the rest information is messy codes, after the messy code information is removed immediately, the round of XOR operation is finished, and step S522 is executed again; until finding out the quantum key q of all corresponding bits;
step S524, the obtained quantum keys q are sequentially placed in a key storage unit on the proxy server side, where the key storage unit has m + n information storage bits, an occupation of the information storage bits corresponds to the random number sequence L1 serial number, and the quantum keys obtained corresponding to the serial numbers are placed on the occupation of the corresponding information storage bits.
8. The quantum encryption-based power distribution network information secure transmission method according to claim 7, characterized in that:
step S6 includes the following steps:
s61, after the first-level information block A and the second-level information block B are received by the edge server, source reliability verification is respectively carried out on the first-level response information block C and the second-level response information block D by using a public key of the proxy server, after the verification is successful, the step S62 is executed, and if the verification is unsuccessful, the report is discarded;
step S62, the private key of the proxy server is used for decrypting the information of the first-level response information block C and the second-level response information block D, the proxy server stores the first-level response information block C in a register E1, and the second-level response information block D in a register E2;
step S63, the first order response encryption information cx in the first order response information block C replaces the first order request information a on the corresponding information storage bit in sequence; sequentially decrypting the first-stage response encryption information cx on the information storage bit through the terminal encryption and decryption module to obtain first-stage response information c;
step S64, the secondary response information D in the secondary response information block D replaces the secondary request information b on the corresponding information storage bit in sequence;
and step S65, sequentially distributing the replaced and decrypted primary response information c and secondary response information d to corresponding power distribution terminals.
9. The quantum encryption-based power distribution network information secure transmission method according to claim 8, characterized in that:
the decryption of the primary response encryption information cx comprises the following steps:
after the first-level response encryption information cx replaces the first-level request information a on the corresponding information storage bit, the terminal encryption and decryption terminal establishes a one-to-one correspondence relationship between the information storage bit of the key storage unit and the information storage bit of the register E1;
the terminal encryption and decryption terminal sequentially obtains the quantum keys on the key storage unit, and quantum decryption is carried out on the primary response encryption information cx on the information storage bit corresponding to the obtained quantum keys by adopting the obtained quantum keys to obtain primary response information c.
10. The quantum encryption-based power distribution network information secure transmission method according to claim 1, characterized in that:
the method also comprises the step that the quantum encryption and decryption server updates the quantum key pool Q, and comprises the following steps:
after the quantum encryption server receives a next excitation signal sent by the master station server, the proxy server synchronizes the vector sub-encryption server and sends a binary random number sequence L2, and the serial numbers of the binary random number sequence L2 correspond to the serial numbers of the quantum key pool one by one; the quantum encryption and decryption server generates m new quantum keys according to the number of '1' in the binary random number sequence L2;
and sequentially replacing the quantum key Q on the corresponding sequence number of the original quantum key pool Q with the m quantum keys to generate a new quantum key pool Qx.
CN202110660049.XA 2021-06-15 2021-06-15 Quantum encryption-based power distribution network information secure transmission method Active CN113114460B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110660049.XA CN113114460B (en) 2021-06-15 2021-06-15 Quantum encryption-based power distribution network information secure transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110660049.XA CN113114460B (en) 2021-06-15 2021-06-15 Quantum encryption-based power distribution network information secure transmission method

Publications (2)

Publication Number Publication Date
CN113114460A true CN113114460A (en) 2021-07-13
CN113114460B CN113114460B (en) 2021-08-24

Family

ID=76723494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110660049.XA Active CN113114460B (en) 2021-06-15 2021-06-15 Quantum encryption-based power distribution network information secure transmission method

Country Status (1)

Country Link
CN (1) CN113114460B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113904769A (en) * 2021-12-08 2022-01-07 浙江九州量子信息技术股份有限公司 Quantum encryption-based power distribution automation reinforcement implementation method
CN114286331A (en) * 2021-12-03 2022-04-05 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for 5G data terminal of power Internet of things
CN114697092A (en) * 2022-03-18 2022-07-01 国网浙江省电力有限公司绍兴市上虞区供电公司 Data encryption control system fusing quantum encryption and zero trust
CN114978612A (en) * 2022-04-29 2022-08-30 国网浙江省电力有限公司宁波供电公司 Safe transmission method for electric power target range data
CN116232731A (en) * 2023-03-07 2023-06-06 国网浙江省电力有限公司杭州供电公司 Near-end safety protection method and system based on intelligent substation edge network
CN116743380A (en) * 2023-08-14 2023-09-12 ***量子科技有限公司 OTN encryption communication method and system based on quantum key distribution

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667607A (en) * 2018-05-18 2018-10-16 国网信息通信产业集团有限公司 A kind of quantum key synchronous method with electric terminal
CN110493177A (en) * 2019-07-02 2019-11-22 如般量子科技有限公司 Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN112422560A (en) * 2020-11-17 2021-02-26 中国电力科学研究院有限公司 Lightweight substation secure communication method and system based on secure socket layer

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667607A (en) * 2018-05-18 2018-10-16 国网信息通信产业集团有限公司 A kind of quantum key synchronous method with electric terminal
CN110493177A (en) * 2019-07-02 2019-11-22 如般量子科技有限公司 Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN112422560A (en) * 2020-11-17 2021-02-26 中国电力科学研究院有限公司 Lightweight substation secure communication method and system based on secure socket layer

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114286331A (en) * 2021-12-03 2022-04-05 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for 5G data terminal of power Internet of things
CN114286331B (en) * 2021-12-03 2023-09-12 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for electric power Internet of things 5G data terminal
CN113904769A (en) * 2021-12-08 2022-01-07 浙江九州量子信息技术股份有限公司 Quantum encryption-based power distribution automation reinforcement implementation method
CN113904769B (en) * 2021-12-08 2022-03-18 浙江九州量子信息技术股份有限公司 Quantum encryption-based power distribution automation reinforcement implementation method
CN114697092A (en) * 2022-03-18 2022-07-01 国网浙江省电力有限公司绍兴市上虞区供电公司 Data encryption control system fusing quantum encryption and zero trust
CN114697092B (en) * 2022-03-18 2023-11-03 国网浙江省电力有限公司绍兴市上虞区供电公司 Quantum encryption and zero trust integrated data encryption control system
CN114978612A (en) * 2022-04-29 2022-08-30 国网浙江省电力有限公司宁波供电公司 Safe transmission method for electric power target range data
CN114978612B (en) * 2022-04-29 2023-10-10 国网浙江省电力有限公司宁波供电公司 Safe transmission method for electric power target range data
CN116232731A (en) * 2023-03-07 2023-06-06 国网浙江省电力有限公司杭州供电公司 Near-end safety protection method and system based on intelligent substation edge network
CN116232731B (en) * 2023-03-07 2023-09-29 国网浙江省电力有限公司杭州供电公司 Near-end safety protection method and system based on intelligent substation edge network
CN116743380A (en) * 2023-08-14 2023-09-12 ***量子科技有限公司 OTN encryption communication method and system based on quantum key distribution

Also Published As

Publication number Publication date
CN113114460B (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CN113114460B (en) Quantum encryption-based power distribution network information secure transmission method
CN101789865B (en) Dedicated server used for encryption and encryption method
CN109842485B (en) Centralized quantum key service network system
EP2355401A1 (en) Key distribution system
CN101420303B (en) Communication method for audio data and apparatus thereof
CN105610773B (en) A kind of communication encryption method of electric energy meter remote meter reading
CN108540436B (en) Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
CN112671710B (en) Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method
CN111490871A (en) SM9 key authentication method and system based on quantum key cloud and storage medium
CN100440775C (en) Encryption communication method and device
CN110224821A (en) A kind of communication encrypting method of unmanned mobile platform
CN102447705A (en) Digital certificate revocation method and equipment
CN114531680B (en) Light-weight IBC bidirectional identity authentication system and method based on quantum key
CN103167494A (en) Information sending method and information sending system
CN114826593B (en) Quantum security data transmission method and digital certificate authentication system
CN111371551A (en) Quantum key synchronous relay device
CN115484033A (en) PMU power system communication method based on state cryptographic algorithm
CN112019553B (en) Data sharing method based on IBE/IBBE
CN114499862A (en) Symmetric key pool encryption and transmission method based on quantum key distribution
CN114374550A (en) Electric power measurement platform that possesses high security
CN110365482A (en) A kind of data communications method and device
CN116684091B (en) Relay multi-level data blockchain sharing method and system based on quantum key distribution
CN116233767B (en) Cluster intercom communication method, device, equipment and storage medium
CN113904792B (en) Power grid regulation information encryption transmission method based on national encryption algorithm
CN116980122B (en) Quantum key distribution management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant