CN113630249A - Quantum network access security trusteeship client platform and operation method thereof - Google Patents

Quantum network access security trusteeship client platform and operation method thereof Download PDF

Info

Publication number
CN113630249A
CN113630249A CN202111110930.9A CN202111110930A CN113630249A CN 113630249 A CN113630249 A CN 113630249A CN 202111110930 A CN202111110930 A CN 202111110930A CN 113630249 A CN113630249 A CN 113630249A
Authority
CN
China
Prior art keywords
quantum
module
key
security
quantum key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111110930.9A
Other languages
Chinese (zh)
Other versions
CN113630249B (en
Inventor
翟萌
左葳东
王玉龙
辛华
李承东
靳俊刚
范俊
闫丽娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kete Xinan Technology Co ltd
Cas Quantum Network Co ltd
Original Assignee
Beijing Kete Xinan Technology Co ltd
Cas Quantum Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kete Xinan Technology Co ltd, Cas Quantum Network Co ltd filed Critical Beijing Kete Xinan Technology Co ltd
Priority to CN202111110930.9A priority Critical patent/CN113630249B/en
Publication of CN113630249A publication Critical patent/CN113630249A/en
Application granted granted Critical
Publication of CN113630249B publication Critical patent/CN113630249B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Electromagnetism (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Optics & Photonics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of quantum communication, in particular to a quantum network access security trusteeship client platform and an operation method thereof, which comprises a cryptographic module, a security module and a security module, wherein the cryptographic module is used for carrying out fine-grained full-life-cycle management on a quantum key and outputting the quantum key to the periphery; the executive machine module is used for receiving the quantum key output by the password module and simultaneously carrying out data encryption and decryption, integrity verification and authentication authorization; and the strategy machine module is used for managing, generating strategy configuration and sending the strategy configuration to the password module and the executive machine module so as to realize convenient management and delivery of quantum security capability. The invention carries out the non-perception and non-invasion deep fusion with a user service system by taking quantum security clients with various forms as carriers, carries out the automatic configuration on various quantum security clients, reduces the attention of users to services other than the users, provides safe and reliable quantum capability, and simultaneously reduces the access cost of the users to the maximum extent, thereby helping the realization of the civilization of the quantum communication technology.

Description

Quantum network access security trusteeship client platform and operation method thereof
Technical Field
The invention relates to the technical field of quantum communication, in particular to a quantum network access security trusteeship client platform and an operation method thereof.
Background
Although the quantum technology starts late in China, by means of strong support of policies and large capital investment, straight-lane overtaking is successfully realized in the field of quantum communication, the system is globally advanced in the aspects of the number of test point applications and the scale of network construction, and multiple construction records are led to the world. Since the start of the Jinghusu trunk line in 2014, the construction of the quantum secret communication in China starts to accelerate, the construction of a backbone network, a metropolitan area network and a satellite-ground integrated network is continuously improved, and a foundation is laid for the penetration of the quantum communication to the government affairs, finance, electric power, traffic and other industries. However, the application of the quantum communication network still has many problems at present, such as single application form, inflexible application fusion mode, high cost for the original application system, difficult access to the quantum network, expensive hardware equipment, and the like.
The current quantum security capability application product has single form, the access of a user service system is difficult and tedious, the forms are various, and the standard and standard products are very deficient, so that the quantum security capability is difficult to fall to the ground, the access is difficult, and the management is difficult.
Based on the above, a quantum network access security hosting client platform is developed, and the platform takes a quantum security client as a final quantum security capability carrier, and goes deep into a user service scene in a diversified form to perform non-perception and non-invasion quantum security capability delivery, including an SDK level, an application level, a Docker level and a device level. And deep combination with various application systems, network equipment and cloud resources for carrying services in enterprises through various types of delivery modules is supported, so that quantum security reinforcement of various enterprise services is facilitated. The user does not need to pay attention to other problems except the system service of the user, the problems that the user is difficult to access a wide-area quantum secret communication network and the requirement on quantum safety is high are fundamentally solved, and the method and the system help the country, enterprises and even individuals to realize information safety guarantee.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses a quantum network access security trusteeship client platform and an operation method thereof, which are used for solving the problems that the quantum security capability is difficult to fall to the ground, the access is difficult and the management is difficult directly caused by the single form of the current quantum security capability application product, the access of a user business system is difficult and the products with various forms and standard specifications are very deficient.
The invention is realized by the following technical scheme:
in a first aspect, the present invention provides a quantum network access secure hosting client platform comprising
The cryptographic module is used for carrying out fine-grained full-life-cycle management on the quantum key and outputting the quantum key to the periphery;
the executive machine module is used for receiving the quantum key output by the password module and simultaneously carrying out data encryption and decryption, integrity verification and authentication authorization;
and the strategy machine module is used for managing, generating and sending strategy configuration to the password module and the executive machine module, so that convenient management and delivery of quantum security capability are realized.
Furthermore, the cryptographic module is used for generating, deriving, storing, using, updating, backing up and destroying the key, when the cryptographic module generates the password, the asymmetric key is generated by taking the policy configuration sent by the policy engine module as a root key, and the root key and the random string are signed by using a private key in the asymmetric key to obtain a signature field.
Furthermore, when the executive machine module carries out data encryption and decryption, a user private key and a user public key are calculated through a Hash algorithm and an elliptic encryption algorithm according to quantum key information during encryption; and quantum key information is obtained during decryption, and a private key and a public key are calculated through the quantum key information according to a built-in Hash algorithm and an elliptic encryption algorithm of the secret module.
Furthermore, when the executive machine module carries out integrity check, the special check chip unit of the network data source node carries out integrity check calculation on the network data, and then the network data added with the integrity check code is sent to the network sink node; or the initial network data is sent to the network sink node through the communication unit of the network data source node, and the network sink node executes integrity check calculation on the network data and adds an integrity check code.
Furthermore, the executive machine module is integrated with the functions of strategy execution, safety audit, network access application and interception, national cryptographic algorithm docking and data acquisition/synchronization.
Furthermore, the security audit receives the quantum key sent by the password module, and controls the authentication authorization to perform related authentication and authorization after the audit is passed, wherein during the authentication, the authentication mode of a target port is obtained according to information, and whether the user terminal is an authorized user is determined according to the authentication process corresponding to the authentication mode; and if the user terminal is an authorized user, the executive machine module acquires the data of the authorized user and sends the data to the user terminal.
Further, the data transmission encryption is based on a quantum key received by the execution machine module, and the quantum key encodes a message into a quantum state in quantum communication.
Further, the cryptographic algorithm interface comprises SM2, SM3, and SM4 cryptographic algorithms.
Still further, the policy engine module includes a key policy, a derivative policy, a filter policy, an authentication policy, and a protocol policy.
Furthermore, the cryptographic module further comprises a quantum key comparison submodule, wherein the quantum key comparison submodule can measure a quantum bit sequence of the obtained quantum key according to a quantum key distribution rule, calculate an error rate value, and calculate the security performance of the quantum key according to the error rate value.
Furthermore, the cryptographic module further comprises an alarm log submodule, and the alarm log submodule can record the security performance of the quantum key and can be consulted by a user.
Furthermore, the safety performance of the quantum key calculated by the quantum key comparison submodule comprises low safety performance and high safety performance, and when the safety performance is low, the quantum key is destroyed in a failure mode, and a new quantum key is regenerated and synchronized to the execution machine module and the password module.
In a second aspect, the present invention provides a method for operating a quantum network access security hosting client platform, comprising the steps of:
s1 generates strategy configuration through strategy module management, and sends to cipher module and executive module;
the S2 cryptographic module manages and generates the quantum key according to the strategy configuration, and sends the quantum key to the execution machine module;
the S3 execution machine module receives the quantum key and simultaneously performs data encryption and decryption, integrity check and authentication authorization;
and the S4 password module, the execution machine module and the strategy machine module are in deep interactive cooperation, so that convenient management and delivery of quantum security capability are completed.
Furthermore, a1 is further included between S2 and S3, where a1 is to detect the quantum key, calculate the security performance of the quantum key by calculating the error rate value, and make the cryptographic module perform an instruction whether to regenerate a new quantum key according to the security performance and the user' S setting.
The invention has the beneficial effects that:
the invention flexibly carries out non-perception and non-invasion deep fusion with a user service system by taking quantum security clients with various forms as carriers, simultaneously carries out automatic configuration and all-around monitoring management on various quantum security clients, reduces the attention of users to services, provides safe and reliable quantum capability, and simultaneously reduces the access cost of the users to the maximum extent, thereby assisting the realization of the civilization of the quantum communication technology.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic block diagram of a quantum network access secure hosted client platform;
FIG. 2 is a diagram of the method steps for operation of a quantum network access secure hosted client platform;
FIG. 3 is a diagram of a software management interface according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to FIG. 1, the present embodiment provides a quantum network access secure hosting client platform comprising
The cryptographic module is used for carrying out fine-grained full-life-cycle management on the quantum key and outputting the quantum key to the periphery;
the executive machine module is used for receiving the quantum key output by the password module and simultaneously carrying out data encryption and decryption, integrity verification and authentication authorization;
and the strategy machine module is used for managing, generating and sending strategy configuration to the password module and the executive machine module, so that convenient management and delivery of quantum security capability are realized.
The cryptographic module of the embodiment is used for generating, deriving, storing, using, updating, backing up and destroying the key.
In the embodiment, the quantum key is negotiated through the bottom layer QKM device, the generation process is completely completed in the key service system, the outside cannot interfere, and the safety and the quality of key generation are ensured.
The embodiment supports the unique identification of the quantum key, and the quantum key is bound with the user application one by one, so that the user-level and application-level security isolation is realized.
The embodiment provides multiple product forms of an SDK level, an application level, a Docker level, a device level and the like, and is flexibly integrated with a user service system.
The cryptographic module is used for generating, deriving, storing, using, updating, backing up and destroying a secret key, when the cryptographic module generates a password, the asymmetric secret key is generated by taking the policy configuration sent by the policy engine module as a root secret key, and a private key in the asymmetric secret key is used for signing the root secret key and a random string to obtain a signature field.
When the executive machine module of the embodiment encrypts and decrypts data, a user private key and a user public key are calculated through a Hash algorithm and an elliptic encryption algorithm according to quantum key information during encryption; and quantum key information is obtained during decryption, and a private key and a public key are calculated through the quantum key information according to a built-in Hash algorithm and an elliptic encryption algorithm of the secret module.
When the executive machine module of the embodiment carries out integrity check, the special check chip unit of the network data source node carries out integrity check calculation on the network data, and then the network data added with the integrity check code is sent to the network sink node; or the initial network data is sent to the network sink node through the communication unit of the network data source node, and the network sink node executes integrity check calculation on the network data and adds an integrity check code.
The execution machine module of the embodiment integrates the functions of strategy execution, security audit, network access application and interception, national cryptographic algorithm docking and data acquisition/synchronization.
In the embodiment, the security audit receives the quantum key sent by the cryptographic module, and controls the authentication authorization to perform related authentication and authorization after the audit is passed, wherein during the authentication, the authentication mode of a target port is obtained according to information, and whether the user terminal is an authorized user is determined according to the authentication process corresponding to the authentication mode; and if the user terminal is an authorized user, the executive machine module acquires the data of the authorized user and sends the data to the user terminal.
The data transmission encryption of the embodiment is based on the quantum key received by the execution machine module, and the quantum key encodes a message into a quantum state in quantum communication.
The embodiment supports protecting the security of the user system from the dimensions of authentication authorization, data transmission security, data storage security and the like.
The embodiment supports configuration management of the security policy of the quantum security client, supports deployment modes of a single point, a main standby mode, a cluster and a cloud platform, and supports fusion with a service system in a serial or parallel mode.
The quantum network access security trusteeship client platform is used as a final delivery carrier of quantum security capability, on one hand, quantum security capability delivery is carried out by a quantum security client which has various forms and uniform access standard specifications and goes deep into a user service scene, and on the other hand, uniform security management of delivery products of various forms is supported.
The cryptographic module in this embodiment further includes a quantum key comparison sub-module, and the quantum key comparison sub-module can measure a quantum bit sequence of the obtained quantum key according to a quantum key distribution rule, calculate an error rate value, and calculate the security performance of the quantum key according to the error rate value. The possibility that a thief steals the quantum key is calculated by calculating the error code rate value corresponding to the quantum key, and the safety performance of the quantum key is calculated, so that a user can know whether the encrypted data is in a device which is stolen by no person or attempted to be stolen by others, and the user can monitor the states of the quantum key and the encrypted data conveniently.
The cryptographic module in this embodiment further includes an alarm log submodule, and the alarm log submodule can record the security performance of the quantum key and can be referred by a user. The user can inquire the state of the quantum key in different time periods from the warning log submodule, and the monitoring of the user on the quantum key is further enhanced.
The security performance of the quantum key calculated by the quantum key comparison submodule in this embodiment includes low security performance and high security performance, and when the security performance is low, the quantum key is destroyed in a failure mode, and a new quantum key is regenerated and synchronized to the execution machine module and the cryptographic module. When the quantum key is in a low-security state, the generated quantum key is destroyed in a failure mode, and a new quantum key is generated at the same time, so that the risk coefficient of a single quantum key is controlled, and the condition that a stealer has a high probability of acquiring encrypted data information when the security performance of the quantum key is continuously in a low state (namely the risk coefficient of the quantum key is continuously in a high state) is avoided, thereby greatly improving the security of encrypted data.
Example 2
At a specific implementation level, the present embodiment provides a quantum network access security trusteeship client system, which is a quantum security capability delivery platform independently and independently developed and developed to meet the requirement of easy and convenient access of users in a state that a country highly attaches importance to information security, autonomous and controllable, strongly supports a quantum communication technology, and makes it difficult to apply a current quantum communication to a ground.
As shown in fig. 3, in this embodiment, the quantum secure client is accessed to the software management interface of the secure escrow client system through the subnetwork, so that the quantum secure client can perform full-life-cycle management on the quantum key, perform security management and policy management on the quantum secure client, and implement all-around and fine-grained management and control on the quantum secure client.
The quantum network access security escrow client platform comprises three core modules including a password module, an execution machine and a policy machine.
The cryptographic module of this embodiment performs full-life-cycle management on the quantum key, including generation, derivation, storage, use, update, backup, and destruction of the key.
The execution machine of the embodiment has basic functions of data encryption and decryption, integrity check and authentication, and in addition, deep combination with application systems, network equipment, cloud resources and the like of various bearing services in enterprises through various types of clients is supported, so that various enterprise services are supported to have quantum security capability.
The policy machine of the embodiment provides flexible policy configuration and management for the password module and the execution machine; the three modules are mutually matched to finish convenient management and delivery of quantum security capability together.
The embodiment develops a quantum network access security trusteeship client system with standard compliance, supports configuration management of a polymorphic client of a final delivery user, and solves the problems of difficult access, difficult use and difficult management when quantum security capability is connected with a user system.
In the embodiment, diversified user application access software with standardized interface specifications is researched and developed, and a hardware environment module with corresponding functions is integrated. The technical problems that the butt joint standard of the quantum network and the end user system is not unified and the use and the development are difficult are solved.
The software system with the full-life-cycle quantum key management function is researched and developed, generation, derivation, use, storage, updating, backup and destruction of the quantum key and unique key identification management are supported, and the tracking management problem of fine granularity of the quantum key is solved.
Example 3
In a specific implementation level, the embodiment provides a development process of a quantum network access security hosting client platform, including the following processes:
technical research: the investigation research is directed to the quantum capacity delivery interface specification of the user side, the investigation research is conducted on quantum trunk network, metropolitan area network and privatized deployment network quantum application practice, and the research is conducted on quantum secret communication technical specification, national communication safety specification and commercial password specification.
Specification and scheme design: the user application access software and hardware platform with diversified forms and standard interface specifications and the outline design of the platform software system are designed and developed.
Software system development: based on the scheme design, after the freezing design is reviewed and demonstrated, software codes are compiled.
Hardware platform integration: screening a trusted hardware platform meeting the software operation requirement, developing a hardware module with customized function requirement, integrating a complete set of hardware platform, and performing software adaptability test.
Example 4
Referring to fig. 2, the present embodiment provides an operation method of a quantum network access security hosting client platform, including the following steps:
s1 generates strategy configuration through strategy module management, and sends to cipher module and executive module;
the S2 cryptographic module manages and generates the quantum key according to the strategy configuration, and sends the quantum key to the execution machine module;
the S3 execution machine module receives the quantum key and simultaneously performs data encryption and decryption, integrity check and authentication authorization;
and the S4 password module, the execution machine module and the strategy machine module are in deep interactive cooperation, so that convenient management and delivery of quantum security capability are completed.
In this embodiment, a1 is further included between S2 and S3, where a1 is to detect a quantum key, calculate the security of the quantum key by calculating the error rate value, and enable the cryptographic module to make an instruction whether to regenerate a new quantum key according to the security and the user' S setting.
In the embodiment, the quantum key is negotiated through the bottom layer QKM device, the generation process is completely completed in the key service system, the outside cannot interfere, and the safety and the quality of key generation are ensured.
The embodiment performs fine-grained full-life-cycle tracking management and control on the quantum key. And the comprehensive support is provided for SM2, SM3 and SM4 cryptographic algorithms published by the national crypto bureau.
The embodiment supports the unique identification of the quantum key, and the quantum key is bound with the user application one by one, so that the user-level and application-level security isolation is realized.
The embodiment provides multiple product forms of an SDK level, an application level, a Docker level, a device level and the like, and is flexibly integrated with a user service system.
The embodiment supports protecting the security of the user system from the dimensions of authentication authorization, data transmission security, data storage security and the like.
The embodiment supports the configuration management of the security policy of the quantum security client; the method supports the deployment mode of single points, main and standby, clusters and cloud platforms, and supports the integration with a service system in a serial or parallel mode.
In conclusion, the quantum security client with various forms is used as a carrier, the non-perception and non-invasion deep fusion with a user service system is flexibly carried out, meanwhile, the automatic configuration and the all-around monitoring management are carried out on various quantum security clients, the attention of users to services other than the quantum security clients is reduced, the safe and reliable quantum capacity is provided, and meanwhile, the access cost of the users is reduced to the maximum extent, so that the realization of the civilization of the quantum communication technology is assisted.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A quantum network access security hosting client platform comprising
The cryptographic module is used for carrying out fine-grained full-life-cycle management on the quantum key and outputting the quantum key to the periphery;
the executive machine module is used for receiving the quantum key output by the password module and simultaneously carrying out data encryption and decryption, integrity verification and authentication authorization;
and the strategy machine module is used for managing, generating and sending strategy configuration to the password module and the executive machine module, so that convenient management and delivery of quantum security capability are realized.
2. The client platform of claim 1, wherein the cryptographic module is configured to generate, derive, store, use, update, backup, and destroy a key, and when the cryptographic module generates a password, the cryptographic module generates an asymmetric key based on a policy configuration sent by the policy engine module as a root key, and signs the root key and a random string with a private key of the asymmetric key to obtain a signature field.
3. The client platform of claim 1, wherein the execution module is configured to compute a private key and a public key of the user by a hash algorithm and an elliptic encryption algorithm according to the quantum key information during encryption when encrypting and decrypting data; and quantum key information is obtained during decryption, and a private key and a public key are calculated through the quantum key information according to a built-in Hash algorithm and an elliptic encryption algorithm of the secret module.
4. The client platform of claim 3, wherein when the execution module performs integrity check, the chip unit dedicated for check of the network data source node performs integrity check calculation on the network data, and then sends the network data added with the integrity check code to the network sink node; or the initial network data is sent to the network sink node through the communication unit of the network data source node, and the network sink node executes integrity check calculation on the network data and adds an integrity check code.
5. A quantum network access security hosting client platform as described in claim 1, wherein the execution engine module integrates policy enforcement, security auditing, network access application and interception, cryptographic algorithm docking, and data collection/synchronization functions.
6. The quantum network access security hosting client platform according to claim 5, wherein the security audit receives the quantum key sent by the cryptographic module, and controls the authentication authorization to perform related authentication and authorization after the audit is passed, wherein during the authentication, an authentication mode of a target port is obtained according to information, and whether the user terminal is an authorized user is determined according to an authentication process corresponding to the authentication mode; and if the user terminal is an authorized user, the executive machine module acquires the data of the authorized user and sends the data to the user terminal.
7. A quantum network access security hosting client platform as described in claim 5, wherein the data transport encryption is based on quantum keys received by the execution engine module, the quantum keys being in quantum communication with messages encoded into quantum states, the cryptographic algorithm interface comprising SM2, SM3, and SM4 cryptographic algorithms.
8. A quantum network access security hosting client platform as described in claim 1, wherein the policy engine module comprises a key policy, a derivative policy, a filter policy, an authentication policy, and a protocol policy.
9. The client platform of claims 1-8, wherein the cryptographic module further comprises a quantum key comparison sub-module, the quantum key comparison sub-module is capable of measuring a quantum bit sequence of the obtained quantum key according to a quantum key distribution rule, calculating an error rate value, and calculating the security performance of the quantum key according to the error rate value; the cipher module also comprises an alarm log submodule which can record the safety performance of the quantum key and can be consulted by a user; the safety performance of the quantum key calculated by the quantum key comparison submodule comprises low safety performance and high safety performance, and when the safety performance is low, the quantum key is destroyed in a failure mode, a new quantum key is regenerated and synchronized into the execution machine module and the password module.
10. A method of operating a quantum network access security hosting client platform, comprising the steps of:
s1 generates strategy configuration through strategy module management, and sends to cipher module and executive module;
the S2 cryptographic module manages and generates the quantum key according to the strategy configuration, and sends the quantum key to the execution machine module;
the S3 execution machine module receives the quantum key and simultaneously performs data encryption and decryption, integrity check and authentication authorization;
and the S4 password module, the execution machine module and the strategy machine module are in deep interactive cooperation, so that convenient management and delivery of quantum security capability are completed.
CN202111110930.9A 2021-09-18 2021-09-18 Quantum network access security trusteeship client platform Active CN113630249B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111110930.9A CN113630249B (en) 2021-09-18 2021-09-18 Quantum network access security trusteeship client platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111110930.9A CN113630249B (en) 2021-09-18 2021-09-18 Quantum network access security trusteeship client platform

Publications (2)

Publication Number Publication Date
CN113630249A true CN113630249A (en) 2021-11-09
CN113630249B CN113630249B (en) 2022-09-09

Family

ID=78390593

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111110930.9A Active CN113630249B (en) 2021-09-18 2021-09-18 Quantum network access security trusteeship client platform

Country Status (1)

Country Link
CN (1) CN113630249B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362944A (en) * 2022-01-07 2022-04-15 济南量子技术研究院 D2D secure mobile communication method and system based on quantum key

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917543A (en) * 2020-08-14 2020-11-10 国科量子通信网络有限公司 User access cloud platform security access authentication system and application method thereof
CN111953492A (en) * 2020-09-15 2020-11-17 国科量子通信网络有限公司 ERP networking monitoring system based on quantum key encryption and application method thereof
CN112511570A (en) * 2021-02-07 2021-03-16 浙江地芯引力科技有限公司 Internet of things data integrity checking system and method based on special chip
CN112800439A (en) * 2020-12-02 2021-05-14 中国电子科技集团公司第三十研究所 Key management protocol design method and system for secure storage
CN113037478A (en) * 2021-03-22 2021-06-25 阿米华晟数据科技(江苏)有限公司 Quantum key distribution system and method
CN213937912U (en) * 2020-12-22 2021-08-10 福建海天丝路卫星科技有限公司 Unmanned aerial vehicle communication system based on quantum security strategy

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917543A (en) * 2020-08-14 2020-11-10 国科量子通信网络有限公司 User access cloud platform security access authentication system and application method thereof
CN111953492A (en) * 2020-09-15 2020-11-17 国科量子通信网络有限公司 ERP networking monitoring system based on quantum key encryption and application method thereof
CN112800439A (en) * 2020-12-02 2021-05-14 中国电子科技集团公司第三十研究所 Key management protocol design method and system for secure storage
CN213937912U (en) * 2020-12-22 2021-08-10 福建海天丝路卫星科技有限公司 Unmanned aerial vehicle communication system based on quantum security strategy
CN112511570A (en) * 2021-02-07 2021-03-16 浙江地芯引力科技有限公司 Internet of things data integrity checking system and method based on special chip
CN113037478A (en) * 2021-03-22 2021-06-25 阿米华晟数据科技(江苏)有限公司 Quantum key distribution system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362944A (en) * 2022-01-07 2022-04-15 济南量子技术研究院 D2D secure mobile communication method and system based on quantum key

Also Published As

Publication number Publication date
CN113630249B (en) 2022-09-09

Similar Documents

Publication Publication Date Title
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
US9698979B2 (en) QKD key management system
CN106487821B (en) Digital signature method based on Internet block chain technology
CN112134695B (en) Cloud platform management method and system based on quantum key distribution technology
US20140270179A1 (en) Method and system for key generation, backup, and migration based on trusted computing
CN113037478B (en) Quantum key distribution system and method
CN113645195B (en) Cloud medical record ciphertext access control system and method based on CP-ABE and SM4
CN114448727B (en) Information processing method and system based on industrial internet identification analysis system
US20210105136A1 (en) Method for securing a data exchange in a distributed infrastructure
CN108881240B (en) Member privacy data protection method based on block chain
CN113630249B (en) Quantum network access security trusteeship client platform
CN116566705A (en) Authentication method, system, client and server based on key derivation function
Feng et al. Autonomous vehicles' forensics in smart cities
Rukavitsyn et al. The method of ensuring confidentiality and integrity data in cloud computing
CN101646172B (en) Method and device for generating key in distributed MESH network
CN115348054A (en) Block chain data proxy re-encryption model based on IPFS
CN106685646B (en) Digital certificate key management method and management server
KR20010045157A (en) Method for managing information needed to recovery crytographic key
CN115412236A (en) Method for key management and password calculation, encryption method and device
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
CN112187456B (en) Key hierarchical management and collaborative recovery system and method
CN114640501A (en) Super-fusion security monitoring and control system and method based on privacy computing platform
CN109922042B (en) Method and system for managing sub-keys of lost equipment
CN114124373B (en) Video key management method and system for automatic backup and recovery
CN114255530B (en) Communication security guarantee method and system for intelligent lockset of power supply equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant