CN116980122B - Quantum key distribution management system - Google Patents
Quantum key distribution management system Download PDFInfo
- Publication number
- CN116980122B CN116980122B CN202310952640.1A CN202310952640A CN116980122B CN 116980122 B CN116980122 B CN 116980122B CN 202310952640 A CN202310952640 A CN 202310952640A CN 116980122 B CN116980122 B CN 116980122B
- Authority
- CN
- China
- Prior art keywords
- security domain
- quantum key
- edge security
- cloud
- quantum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 claims description 8
- 238000010200 validation analysis Methods 0.000 claims 1
- 238000012545 processing Methods 0.000 description 16
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000005610 quantum mechanics Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a quantum key distribution management system, characterized in that the system comprises: cloud quantum key center, edge safety domain and terminal equipment; the cloud quantum key center is used for acquiring a plurality of quantum keys from a quantum key distribution network for storage and distributing the quantum keys to the edge security domain; the edge security domain is used for acquiring a plurality of quantum keys from the cloud quantum key center for storage, distributing the quantum keys for terminal equipment in the jurisdiction area and providing password service; the cryptographic service includes: encrypting and decrypting; and the terminal equipment is used for requesting the quantum key from the edge security domain and calling the edge security domain to finish the corresponding password service.
Description
Technical Field
The disclosure relates to the technical field of quantum communication, in particular to a quantum key distribution management system.
Background
In the traditional internet of things, keys used for data communication between devices are mainly generated by a cryptographic module based on traditional cryptography, but most terminal devices do not have the capability of key security management. With the development of quantum communication technology, the application of quantum key technology is wider and wider. The quantum communication is a novel communication mode for information transmission by utilizing quantum superposition states and entanglement effects, and provides absolute security assurance which cannot be intercepted and calculated to be cracked based on three principles of uncertainty, measurement collapse and unclonable in quantum mechanics. However, the quantum key technology is generally applied to a large-scale network data encryption transmission scene and is limited by the equipment of a quantum network with higher cost, so that the use requirement of mass terminals in the scene of the Internet of things is difficult to meet.
Disclosure of Invention
The present disclosure provides a quantum key distribution management system, a method, an electronic device, and a storage medium, so as to at least solve the above technical problems in the prior art.
According to a first aspect of the present disclosure, there is provided a quantum key distribution management system, the system comprising: cloud quantum key center, edge safety domain and terminal equipment;
The cloud quantum key center is used for acquiring a plurality of quantum keys from a quantum key distribution network for storage and distributing the quantum keys to the edge security domain;
the edge security domain is used for acquiring a plurality of quantum keys from the cloud quantum key center for storage, distributing the quantum keys for terminal equipment in the jurisdiction area and providing password service; the cryptographic service includes: encrypting and decrypting;
and the terminal equipment is used for requesting the quantum key from the edge security domain and calling the edge security domain to finish the corresponding password service.
In one embodiment, the system includes a plurality of cloud quantum key centers sharing all quantum keys among the plurality of cloud quantum key centers;
Each cloud sub-key center manages at least one edge security domain, and each edge security domain belongs to one cloud sub-key center management;
Each edge security domain manages at least one terminal device, each terminal device belonging to one edge security domain.
In an embodiment, the edge security domain is configured to collect identity information of a terminal device in a jurisdiction area of the edge security domain, and send a first obtaining request to a cloud quantum key center to which the edge security domain belongs according to the identity information, so as to request to obtain the quantum key.
In an embodiment, the cloud quantum key center is configured to respond to the first obtaining request of the edge security domain, issue a quantum key to the edge security domain according to the identity information, and record an association relationship between each quantum key and the corresponding identity information.
In one embodiment, the cloud quantum key center is configured to define two edge security domains in its jurisdiction as equal security domains to each other;
And the cloud quantum key center is used for synchronizing the quantum key and the association relationship into corresponding equivalent security domains when the quantum key is distributed.
In one embodiment, the edge security domain is configured to send, through the cloud sub-key center to which the edge security domain belongs, a verification request to another edge security domain managed by the cloud sub-key center;
The cloud quantum subkey center is used for feeding back verification passing information of the other edge security domain and defining that the two edge security domains are equal security domains.
In one embodiment, when the terminal device is a transmitting terminal,
The sending terminal is used for sending an encryption request to an edge security domain to which the sending terminal belongs according to the identity information of the sending terminal, wherein the encryption request carries the identity information and plaintext data;
The edge security domain to which the sending terminal belongs is used for responding to the encryption request of the sending terminal, distributing a corresponding quantum key for the sending terminal according to the association relation, encrypting the plaintext data by utilizing the quantum key, and returning the encrypted ciphertext data to the sending terminal;
the sending terminal is also used for receiving the ciphertext data and sending the ciphertext data.
In one embodiment, when the terminal device is a receiving terminal,
The receiving terminal is used for receiving the ciphertext data sent by the sending terminal and sending a decryption request to an edge security domain to which the receiving terminal belongs, wherein the decryption request carries the identity information and the ciphertext data of the sending terminal;
And the edge security domain to which the receiving terminal belongs is used for responding to the decryption request of the receiving terminal, acquiring a quantum key corresponding to the identity information to decrypt the ciphertext data, and returning the decrypted plaintext data to the receiving terminal.
In an embodiment, if the edge security domain to which the sending terminal belongs and the edge security domain of the receiving terminal are equal security domains, the edge security domain to which the receiving terminal belongs is used for searching the quantum key corresponding to the identity information based on the association relationship after receiving the decryption request.
In an embodiment, if the edge security domain to which the sending terminal belongs and the edge security domain of the receiving terminal are different from each other, the edge security domain to which the receiving terminal belongs is configured to send a second acquisition request to the cloud quantum subkey center to which the receiving terminal belongs after receiving the decryption request, where the acquisition request carries the identity information of the sending terminal;
and the cloud quantum key center is used for searching the quantum key corresponding to the identity information based on the association relation after receiving the second acquisition request and returning the quantum key to the edge security domain to which the receiving terminal belongs.
The present disclosure provides a quantum key distribution management system, the system comprising: cloud quantum key center, edge security domain and terminal equipment. The system accesses a quantum key distribution network through a cloud quantum key center to acquire a plurality of quantum keys and distributes the quantum keys to an edge security domain, and the edge security domain is configured to realize the security management and distribution of the quantum keys. In this way, the edge security domain can allocate quantum keys to terminal devices in its jurisdiction and provide corresponding encrypted and decrypted cryptographic services for the terminal devices. Thus, by introducing quantum key technology and edge security domains, secure distribution, management and application of keys are realized.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings, in which:
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
FIG. 1 shows a schematic diagram one of a quantum key distribution management system of an embodiment of the present disclosure;
FIG. 2 shows a schematic diagram II of a quantum key distribution management system of another embodiment of the present disclosure;
FIG. 3 shows a schematic diagram of an implementation flow of quantum key management in accordance with an embodiment of the present disclosure;
Fig. 4 shows a second implementation flow diagram of quantum key management according to another embodiment of the present disclosure.
Detailed Description
In order to make the objects, features and advantages of the present disclosure more comprehensible, the technical solutions in the embodiments of the present disclosure will be clearly described in conjunction with the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. Based on the embodiments in this disclosure, all other embodiments that a person skilled in the art would obtain without making any inventive effort are within the scope of protection of this disclosure.
The present disclosure provides a quantum key distribution management system, as shown in fig. 1, the system comprising: cloud quantum key center 101, edge security domain 102 and terminal device 103;
Cloud quantum key center 101 is configured to obtain a plurality of quantum keys from a quantum key distribution network for storage, and distribute the quantum keys to edge security domain 102.
In this example, quantum key distribution (Quantum Key Distribution, QKD for short) is based on quantum mechanics rationale, and can achieve secure communications that are unconditionally secure in principle. The two parties of the communication realize the encryption and decryption of the information by generating and sharing a random and safe quantum key. The security of quantum key distribution is based on the fundamental principle of quantum mechanics: any measurement of the quantum system can interfere with the system. If a third party tries to tap the password, it must be measured in some way, which may cause perceptible anomalies. The communication system can detect whether eavesdropping exists by transmitting information through a quantum superposition state or a quantum entanglement state. However, the traditional cryptography is based on the computational complexity of some mathematical algorithms, so that the traditional cryptography cannot detect eavesdropping, and thus cannot guarantee the security of the secret key.
The cloud quantum key center 101 serves as a request and receiving end of the quantum key and is in safe butt joint with a quantum key distribution network through a quantum channel. Upon reaching the acquisition condition, the cloud quantum key center 101 will request to acquire a large number of quantum keys from the quantum key distribution network. The obtaining condition may be that the number of quantum keys in the cloud quantum key center 101 is lower than a preset threshold, or may be that the cloud quantum key center 101 reaches a preset time for obtaining the quantum keys, or the like. In the present disclosure, the conditions for acquiring the quantum key by the cloud quantum key center 101 are not limited, and may be adjusted according to actual requirements.
The edge security domain 102 is configured to obtain a plurality of quantum keys from the cloud quantum key center 101 for storage, allocate the quantum keys to the terminal devices 103 in the jurisdiction area and provide cryptographic services; the cryptographic service includes: encryption and decryption.
In this example, edge security domain 102 is the security domain that performs storage management and distributes quantum keys.
The edge security domain 102 is in communication connection with the cloud quantum key center 101 through a secure socket layer (Secure Socket Layer, SSL) protocol, where the SSL protocol is used to ensure security of transmission of network data, and by using a data Encryption (Encryption) technology, it is ensured that data cannot be intercepted and eavesdropped during transmission on the network. The edge security domain 102 requests the cloud quantum key center 101 to acquire a plurality of quantum keys through the SSL protocol, so as to realize secure transmission of the quantum keys.
After receiving the request for obtaining the quantum key of the terminal device 103 in the jurisdiction area, the edge security domain 102 distributes the corresponding quantum key for the corresponding terminal device 103, and simultaneously provides the corresponding cryptographic service for the terminal device 103, wherein the cryptographic service comprises encryption of plaintext data and decryption of ciphertext data.
The terminal device 103 is configured to request the quantum key from the edge security domain 102, and invoke the edge security domain 102 to complete the corresponding cryptographic service.
In this example, the terminal device 103 performs data acquisition and transmission in the internet of things, and in the process of data acquisition and transmission, it is required to request a quantum key from the edge security domain 102 and call the edge security domain 102 to complete a corresponding cryptographic service. The specific content of invoking the cryptographic service in the edge security domain 102 by the terminal device 103 will be described in detail in the following embodiments.
The present disclosure provides a quantum key distribution management system, the system comprising: cloud quantum key center 101, edge security domain 102, and terminal device 103. The system accesses a quantum key distribution network through a cloud quantum key center 101 to acquire a plurality of quantum keys and distributes the quantum keys to an edge security domain 102, and the edge security domain 102 is configured to realize the security management and distribution of the quantum keys. In this way, the edge security domain 102 is able to distribute quantum keys to the terminal devices 103 in its jurisdiction and provide corresponding encrypted and decrypted cryptographic services for the terminal devices 103. Thus, by introducing quantum key technology and edge security domain 102, secure distribution, management and application of keys is achieved.
In one example, a quantum key distribution management system of the present disclosure includes a plurality of cloud quantum key centers 101, all quantum keys being shared among the plurality of cloud quantum key centers 101; each cloud sub-key center 101 manages at least one edge security domain 102, each edge security domain 102 being managed by one cloud sub-key center 101; each edge security domain 102 manages at least one terminal device 103, each terminal device 103 belonging to one edge security domain 102.
In this example, when the conditions for obtaining the quantum key are reached, a large number of quantum keys can be requested to be obtained from the quantum key distribution network through any cloud quantum key center 101, and all quantum keys are synchronized to other cloud quantum key centers 101, so that sharing of the quantum keys is realized.
Each cloud sub-key center 101 manages at least one edge security domain 102, each edge security domain 102 belonging to one cloud sub-key center 101. That is, the edge security domains 102 each have a cloud quantum key center 101 to which they belong, and thus the edge security domains 102 can request the cloud quantum key center 101 to which they belong to obtain a quantum key through the SSL protocol.
Each edge security domain 102 manages at least one terminal device 103, each terminal device 103 belonging to one edge security domain 102. I.e. each terminal device 103 requests the acquisition of the quantum key from its own belonging edge security domain 102 and invokes the corresponding cryptographic service.
In one example, the edge security domain 102 is configured to collect identity information of the terminal device 103 in its jurisdiction, and send a first acquisition request to the cloud quantum key center 101 to which it belongs according to the identity information, so as to request to acquire the quantum key.
In this example, the edge security domain 102 first collects the identity information of the terminal device 103 of its jurisdiction before requesting the quantum key from the cloud quantum key center 101 to which it belongs. The identity of the terminal device 103 is unique, and may be a serial number of the terminal device 103 or any other unique identification information that can identify the identity of the transmitting terminal. In this way, the edge security domain 102 sends a first acquisition request to the cloud quantum key center 101 to which the terminal devices 103 belong based on the identity information of the terminal devices, so as to request to acquire the quantum key corresponding to the identity information.
In one example, the cloud quantum key center 101 is configured to respond to a first acquisition request of the edge security domain 102, issue a quantum key to the edge security domain 102 according to the identity information, and record an association relationship between each quantum key and the corresponding identity information.
With the above example in mind, in this example, the cloud quantum key center 101 responds to the first acquisition request of the edge security domain 102, and issues, to the edge security domain 102, a quantum key corresponding to the identity information according to the identity information in the first acquisition request. And simultaneously, recording the association relation between each quantum key and the corresponding identity information.
The cloud quantum key centers 101 perform data intercommunication, that is, each cloud quantum key center 101 can synchronize the quantum key and the corresponding association relationship to other cloud quantum key centers 101. Therefore, the repeated issuing of the quantum key is avoided, and the safety in the data transmission process is ensured.
In one example, a cloud quantum key center 101 is used to define two edge security domains 102 in its jurisdiction as equal security domains to each other; the cloud quantum key center 101 is used to synchronize the quantum key and the association relationship into the corresponding equivalent security domain when distributing the quantum key.
In this example, when building a quantum key distribution management system, a cloud quantum key may define two edge security domains 102 in its jurisdiction as being equal security domains to each other. The two edge security domains 102 which are the same security domains can realize the synchronization of quantum keys based on the cloud quantum key centers 101 to which the two edge security domains belong. That is, when the cloud quantum key center 101 distributes the quantum key, the quantum key and the association relationship to be issued to the respective edge security domains 102 are synchronized to the corresponding equivalent security domains, so that the steps of obtaining the quantum key are reduced in the process of providing the terminal device 103 with the cryptographic service in the following.
In one example, the edge security domain 102 is configured to send a verification request to another edge security domain 102 managed by the cloud quantum key center 101 to which it belongs through the cloud quantum key center 101; the cloud quantum key center 101 is configured to feed back authentication passing information of another edge security domain 102, and define two edge security domains 102 as peer security domains.
In this example, when the quantum key distribution management system is constructed, the edge security domain 102 sends a verification request to another edge security domain 102 managed by the cloud quantum key center 101 through the cloud quantum key center 101 to which the edge security domain belongs based on its own identity information, so as to request the intercommunication quantum key and its association relationship. If the other edge security domain 102 verifies the passing verification request, the passing verification information is fed back through the cloud sub-key center 101 as well.
Also, since the cloud quantum key center 101 witnessed the verification process of the two edge security domains 102, the two edge security domains 102 are defined as being equal security domains to each other.
In one example, when the terminal device 103 is a transmitting terminal, the transmitting terminal is configured to send, according to the identity information of the terminal device itself, an encryption request to the edge security domain 102 to which the terminal device itself belongs, where the encryption request carries the identity information and plaintext data; the edge security domain 102 to which the sending terminal belongs is configured to respond to an encryption request of the sending terminal, allocate a corresponding quantum key to the sending terminal according to the association relationship, encrypt plaintext data by using the quantum key, and return encrypted ciphertext data to the sending terminal; and the sending terminal is also used for receiving the ciphertext data and sending the ciphertext data.
In this example, the transmitting terminal is a terminal device 103 that collects plaintext data and transmits the data in the internet of things. The plaintext data collected by the sending terminal, that is, the data to be encrypted obtained or collected by the sending terminal, may be, for example, video data collected by a camera, operation instruction data obtained by a mobile terminal, and the like. After the sending terminal obtains the plaintext data, the self-identity information sends an encryption request to the edge security domain 102 to which the sending terminal belongs, so as to request encryption of the plaintext data. Wherein the encryption request carries the identity information and the plaintext data.
After receiving the encryption request of the sending terminal, the edge security domain 102 to which the sending terminal belongs searches the quantum key allocated to the sending terminal from the stored association relation based on the identity information of the sending terminal, encrypts the plaintext data by using the quantum key, and returns the encrypted ciphertext data to the sending terminal, so that the sending terminal sends the ciphertext data after receiving the ciphertext data.
In one example, when the terminal device 103 is a receiving terminal, the receiving terminal is configured to receive ciphertext data sent by the sending terminal, and send a decryption request to the edge security domain 102 to which the receiving terminal belongs, where the decryption request carries identity information and ciphertext data of the sending terminal; the edge security domain 102 to which the receiving terminal belongs is configured to obtain a quantum key corresponding to the identity information in response to a decryption request of the receiving terminal, decrypt the ciphertext data, and return the decrypted plaintext data to the receiving terminal.
In this example, the receiving terminal is the terminal device 103 that receives data corresponding to the transmitting terminal described above. The ciphertext data received by the receiving terminal includes the identification information of the transmitting terminal, so that the receiving terminal may send a decryption request to the edge security domain 102 to which the receiving terminal belongs according to the identification information, so as to request to decrypt the ciphertext data. The decryption request comprises ciphertext data and identification information of the sending terminal.
After receiving the decryption request of the receiving terminal, the edge security domain 102 to which the receiving terminal belongs searches and obtains a quantum key corresponding to the identity information according to the identity information in the decryption request, decrypts the ciphertext data by using the quantum key, and returns the decrypted plaintext data to the receiving terminal.
In one example, if the edge security domain 102 to which the transmitting terminal belongs and the edge security domain 102 of the receiving terminal are equal security domains, the edge security domain 102 to which the receiving terminal belongs is used to search the quantum key corresponding to the identity information based on the association relationship after receiving the decryption request.
In this example, if the edge security domain 102 to which the transmitting terminal belongs and the edge security domain 102 of the receiving terminal are equal security domains, that is, the two edge security domains 102 are in quantum key and corresponding association relationship. After receiving the decryption request, the edge security domain 102 to which the receiving terminal belongs may search the quantum key corresponding to the identity information from the stored association relationship according to the identity information in the decryption request, and decrypt the ciphertext data using the quantum key.
In an example, if the edge security domain 102 to which the sending terminal belongs and the edge security domain 102 of the receiving terminal are different security domains, the edge security domain 102 to which the receiving terminal belongs is configured to send a second acquisition request to the cloud quantum key center 101 to which the receiving terminal belongs after receiving the decryption request, where the acquisition request carries the identity information of the sending terminal; the cloud quantum key center 101 is configured to, after receiving the second acquisition request, search a quantum key corresponding to the identity information based on the association relationship, and return to the edge security domain 102 to which the receiving terminal belongs.
In this example, if the edge security domain 102 to which the transmitting terminal belongs and the edge security domain 102 of the receiving terminal are different security domains from each other. The two edge security domains 102 that are non-equal security domains do not perform data communication, i.e. the edge security domain 102 to which the receiving terminal belongs is not synchronized to the quantum key and the corresponding association relationship in the edge security domain 102 to which the sending terminal belongs. Therefore, after receiving the decryption request, the edge security domain 102 to which the receiving terminal belongs sends a second acquisition request to the cloud quantum key center 101 to which the receiving terminal belongs, based on the identification information of the sending terminal in the decryption request, where the acquisition request carries the identification information.
All quantum keys and corresponding association relations are synchronized among the cloud quantum key centers 101, so that after the cloud quantum key center 101 to which the edge security domain 102 belongs receives a second acquisition request, the cloud quantum key center searches a quantum key corresponding to the identity information from the stored association relation according to the identity information in the second acquisition request, and returns the quantum key to the edge security domain 102 to which the receiving terminal belongs, so that the edge security domain 102 decrypts ciphertext data by using the quantum key.
In one example, referring to fig. 3, the flow of quantum key management of the above-described quantum key distribution management system is explained by illustrating a process of transmitting video data by a video capture device. The video acquisition device serves as a sending terminal and is used for acquiring video data (plaintext data), and the video processing device serves as a receiving terminal and is used for receiving ciphertext data and decrypting the ciphertext data. The specific flow is as follows:
The video acquisition equipment acquires video data and sends an encryption request to the edge security domain A after the video data acquisition is completed.
The edge security domain A responds to an encryption request of the video acquisition equipment, distributes a quantum key to the video acquisition equipment according to the serial number of the video acquisition equipment in the encryption request, encrypts the acquired video data by using the quantum key, and returns encrypted ciphertext data to the video acquisition equipment.
After receiving the ciphertext data, the video acquisition equipment sends the ciphertext data to the video processing equipment through the cloud center of the Internet of things.
After receiving the ciphertext data, the video processing device sends a decryption request to the edge security domain B according to the serial number of the video acquisition device carried in the ciphertext data.
Because the edge security domain A and the edge security domain B are the same security domain, the edge security domain B responds to a decryption request of the video processing equipment, searches a quantum key corresponding to the serial number from the stored association relation according to the serial number of the video acquisition equipment, decrypts ciphertext data by using the quantum key, and returns the decrypted plaintext data to the video processing equipment.
In one example, referring to fig. 4, a process of transmitting instruction data to a video processing apparatus is illustrated by way of example to explain the quantum key management flow of the quantum key distribution management system described above. The video processing device is used as a sending terminal to send instruction data (plaintext data), and the instruction data can be device parameters such as deflection angle, amplification factor and the like of the video acquisition device in response to operation of a user. The video acquisition equipment is used as a receiving terminal to receive the ciphertext data and decrypt the ciphertext data. The specific flow is as follows:
The video processing device obtains instruction data of the user and sends an encryption request to the edge security domain B.
The edge security domain B responds to an encryption request of the video processing equipment, distributes a quantum key for the video processing equipment according to the serial number of the video processing equipment in the encryption request, encrypts instruction data of a user by utilizing the quantum key, and returns encrypted ciphertext data to the video processing equipment.
After receiving the ciphertext data, the video processing equipment sends the ciphertext data to the video acquisition equipment through the cloud center of the Internet of things.
After receiving the ciphertext data, the video acquisition device sends a decryption request to the edge security domain A according to the serial number of the video processing device carried in the ciphertext data.
The edge security domain a and the edge security domain B are non-equal security domains to each other. Therefore, the edge security domain a responds to the request of the video acquisition device, and sends a second acquisition request to the cloud quantum key center a to which the edge security domain a belongs according to the serial number of the video processing device.
And the cloud quantum key center A responds to a second acquisition request of the edge security domain A, searches a quantum key corresponding to the serial number from the stored association relation according to the serial number of the video processing equipment, and returns the quantum key to the edge security domain A.
The edge security domain A decrypts the ciphertext data based on the quantum key, and returns instruction data obtained after decryption to the video acquisition equipment so that the video acquisition equipment adjusts equipment parameters according to the instruction data.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present disclosure, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
The foregoing is merely specific embodiments of the disclosure, but the protection scope of the disclosure is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the disclosure, and it is intended to cover the scope of the disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (7)
1. A quantum key distribution management system, the system comprising: cloud quantum key center, edge safety domain and terminal equipment;
The cloud quantum key center is used for acquiring a plurality of quantum keys from a quantum key distribution network for storage and distributing the quantum keys to the edge security domain;
the edge security domain is used for acquiring a plurality of quantum keys from the cloud quantum key center for storage, distributing the quantum keys for terminal equipment in the jurisdiction area and providing password service; the cryptographic service includes: encrypting and decrypting;
the terminal equipment is used for requesting quantum keys from the edge security domain and calling the edge security domain to finish corresponding password service;
The edge security domain is used for collecting the identity information of the terminal equipment in the jurisdiction area of the edge security domain and sending a first acquisition request to the cloud quantum key center to which the edge security domain belongs according to the identity information so as to request to acquire the quantum key;
The cloud quantum key center is used for responding to a first acquisition request of the edge security domain, issuing a quantum key to the edge security domain according to the identity information, and recording the association relation between each quantum key and the corresponding identity information;
the cloud quantity sub-key center is used for defining two edge security domains in the jurisdiction area to be equal security domains;
And the cloud quantum key center is used for synchronizing the quantum key and the association relationship into corresponding equivalent security domains when the quantum key is distributed.
2. The system of claim 1, wherein the system comprises a plurality of cloud quantum key centers, all quantum keys being shared among the plurality of cloud quantum key centers;
Each cloud sub-key center manages at least one edge security domain, and each edge security domain belongs to one cloud sub-key center management;
Each edge security domain manages at least one terminal device, each terminal device belonging to one edge security domain.
3. The system of claim 1, wherein the edge security domain is configured to send a validation request to another edge security domain managed by the cloud sub-key center to which it belongs;
The cloud quantum subkey center is used for feeding back verification passing information of the other edge security domain and defining that the two edge security domains are equal security domains.
4. The system of claim 1, wherein, when the terminal device is a transmitting terminal,
The sending terminal is used for sending an encryption request to an edge security domain to which the sending terminal belongs according to the identity information of the sending terminal, wherein the encryption request carries the identity information and plaintext data;
The edge security domain to which the sending terminal belongs is used for responding to the encryption request of the sending terminal, distributing a corresponding quantum key for the sending terminal according to the association relation, encrypting the plaintext data by utilizing the quantum key, and returning the encrypted ciphertext data to the sending terminal;
the sending terminal is also used for receiving the ciphertext data and sending the ciphertext data.
5. The system of claim 4, wherein, when the terminal device is a receiving terminal,
The receiving terminal is used for receiving the ciphertext data sent by the sending terminal and sending a decryption request to an edge security domain to which the receiving terminal belongs, wherein the decryption request carries the identity information and the ciphertext data of the sending terminal;
And the edge security domain to which the receiving terminal belongs is used for responding to the decryption request of the receiving terminal, acquiring a quantum key corresponding to the identity information to decrypt the ciphertext data, and returning the decrypted plaintext data to the receiving terminal.
6. The system of claim 5, wherein if the edge security domain to which the transmitting terminal belongs and the edge security domain of the receiving terminal are equal security domains, the edge security domain to which the receiving terminal belongs is configured to search for the quantum key corresponding to the identity information based on the association relationship after receiving the decryption request.
7. The system of claim 5, wherein if the edge security domain to which the sending terminal belongs and the edge security domain of the receiving terminal are different from each other, the edge security domain to which the receiving terminal belongs is configured to send a second acquisition request to the cloud quantum subkey center to which the receiving terminal belongs after receiving the decryption request, where the acquisition request carries the identity information of the sending terminal;
and the cloud quantum key center is used for searching the quantum key corresponding to the identity information based on the association relation after receiving the second acquisition request and returning the quantum key to the edge security domain to which the receiving terminal belongs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310952640.1A CN116980122B (en) | 2023-07-31 | 2023-07-31 | Quantum key distribution management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310952640.1A CN116980122B (en) | 2023-07-31 | 2023-07-31 | Quantum key distribution management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116980122A CN116980122A (en) | 2023-10-31 |
| CN116980122B true CN116980122B (en) | 2024-05-24 |
Family
ID=88482758
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310952640.1A Active CN116980122B (en) | 2023-07-31 | 2023-07-31 | Quantum key distribution management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980122B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430266A (en) * | 2019-08-06 | 2019-11-08 | 腾讯科技(深圳)有限公司 | A kind of side cloud synergistic data transmission method, device, equipment and storage medium |
| KR102128945B1 (en) * | 2019-12-26 | 2020-07-01 | 주식회사엔클라우드 | Video transmission system based on edge cloud |
| CN114553883A (en) * | 2022-03-02 | 2022-05-27 | 北京中科锐链科技有限公司 | Cloud edge terminal cooperative data acquisition and privacy protection method and system based on block chain |
| CN115225339A (en) * | 2022-06-28 | 2022-10-21 | 国网电力科学研究院有限公司 | Secure access and data transmission method and system for power transmission Internet of things sensing terminal |
| WO2023037973A1 (en) * | 2021-09-10 | 2023-03-16 | 株式会社 東芝 | Cloud key management service platform system |
| CN116208330A (en) * | 2023-02-23 | 2023-06-02 | 浙江大学 | Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230132485A1 (en) * | 2021-11-02 | 2023-05-04 | Synamedia Limited | System for Thin Client Devices in Hybrid Edge Cloud Systems |
-
2023
- 2023-07-31 CN CN202310952640.1A patent/CN116980122B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430266A (en) * | 2019-08-06 | 2019-11-08 | 腾讯科技(深圳)有限公司 | A kind of side cloud synergistic data transmission method, device, equipment and storage medium |
| KR102128945B1 (en) * | 2019-12-26 | 2020-07-01 | 주식회사엔클라우드 | Video transmission system based on edge cloud |
| WO2023037973A1 (en) * | 2021-09-10 | 2023-03-16 | 株式会社 東芝 | Cloud key management service platform system |
| CN114553883A (en) * | 2022-03-02 | 2022-05-27 | 北京中科锐链科技有限公司 | Cloud edge terminal cooperative data acquisition and privacy protection method and system based on block chain |
| CN115225339A (en) * | 2022-06-28 | 2022-10-21 | 国网电力科学研究院有限公司 | Secure access and data transmission method and system for power transmission Internet of things sensing terminal |
| CN116208330A (en) * | 2023-02-23 | 2023-06-02 | 浙江大学 | Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption |
Non-Patent Citations (1)
| Title |
|---|
| 云边协同光量子物联网架构及资源分配;郁小松 等;北京邮电大学学报;20220131;第45卷(第3期);50-56 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116980122A (en) | 2023-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7119040B2 (en) | Data transmission method, device and system | |
| US11316677B2 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
| TWI748853B (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| KR100734162B1 (en) | Method and apparatus for secure distribution of public/private key pairs | |
| WO2017185692A1 (en) | Key distribution and authentication method, apparatus and system | |
| US6215878B1 (en) | Group key distribution | |
| US8694783B2 (en) | Lightweight secure authentication channel | |
| CN113037478B (en) | Quantum key distribution system and method | |
| CN110650009B (en) | Mobile network and communication method | |
| KR101351110B1 (en) | Apparatus and method of transmitting/receiving encrypted data in a communication system | |
| CN109995723B (en) | Method, device and system for DNS information interaction of domain name resolution system | |
| JP7208383B2 (en) | Video data transmission system, method and apparatus | |
| JP4924943B2 (en) | Authenticated key exchange system, authenticated key exchange method and program | |
| CN116980122B (en) | Quantum key distribution management system | |
| JP2001344214A (en) | Method for certifying terminal and cipher communication system | |
| CN112019553B (en) | Data sharing method based on IBE/IBBE | |
| CN113676330B (en) | Digital certificate application system and method based on secondary secret key | |
| CN105791301B (en) | A kind of facing multiple users group believes close isolated key distribution management method | |
| AU2012311701B2 (en) | System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers | |
| CN111431846A (en) | Data transmission method, device and system | |
| RU2693192C1 (en) | Computer-implemented method of providing secure group communications with failure properties, perfect direct privacy and correspondence of text of correspondence | |
| JPH0373633A (en) | Cryptographic communication system | |
| JP3721176B2 (en) | Authentication system and encrypted communication system | |
| JP2893775B2 (en) | Key management method for cryptographic communication system for mobile communication | |
| CN116684169A (en) | Application layer data security transmission method and system based on network identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |