CN109412794B - Quantum key automatic charging method and system suitable for power business - Google Patents
Quantum key automatic charging method and system suitable for power business Download PDFInfo
- Publication number
- CN109412794B CN109412794B CN201810960449.0A CN201810960449A CN109412794B CN 109412794 B CN109412794 B CN 109412794B CN 201810960449 A CN201810960449 A CN 201810960449A CN 109412794 B CN109412794 B CN 109412794B
- Authority
- CN
- China
- Prior art keywords
- quantum
- key
- random number
- authentication
- ukey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
The invention discloses a quantum key automatic charging method and a quantum key automatic charging system suitable for electric power service, wherein a quantum key is divided into a quantum authentication key, a quantum encryption key and a quantum updating key according to a deployment framework of electric power service master station convergence and electric power service terminal access, the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encrypting and decrypting data during communication interaction, and the quantum updating key is used for encrypting and decrypting a new quantum key during communication interaction when updating the quantum authentication key, the quantum encryption key and/or the quantum updating key. The quantum authentication, encryption and/or updating key is updated through the quantum updating key, so that the automatic charging and updating of the quantum key are realized.
Description
Technical Field
The invention relates to a quantum key automatic charging method and system suitable for electric power business, and belongs to the technical field of quantum mechanics and information science.
Background
Currently, the important services of the power system mainly adopt optical fiber private networks and national commercial cryptographic algorithms for encryption transmission, and the security of the encryption transmission mainly depends on secret key privacy and computational complexity. However, with the development of attack technology and the enhancement of human computing power, lossless eavesdropping and disguising attack means aiming at the optical cable have appeared, and meanwhile, with the gradual maturity of quantum computing technology, the difficulty and time of cracking of the traditional encryption algorithm based on computing complexity are exponentially reduced, and the risk and the daily increase of the cracked traditional encryption system are greatly increased.
The quantum key distribution is based on the fundamental principle of quantum mechanics, so that once eavesdropping exists, the eavesdropping is inevitably discovered in principle, the eavesdropping cannot be threatened by continuous improvement of computing capacity and mathematical level, the quantum key distribution has long-term safety, and can realize safe and confidential communication which cannot be decoded theoretically, and the quantum key distribution becomes a development and application trend for guaranteeing data transmission safety at home and abroad.
In order to improve the information security protection level of the power system, based on own optical fiber resources, the national grid company builds quantum secure communication demonstration engineering in multiple places and verifies the adaptability of the quantum secure communication technology power business. However, because the optical quantum has the characteristics of unclonable, inseparable and the like, the quantum channel can only adopt the bare fiber as a transmission medium, and can not split, amplify or regenerate in the midway, thereby occupying a large amount of bare fiber resources. Meanwhile, the current power communication network adopts various communication modes such as optical fiber, wireless and power line carrier, and adopts a large number of optical amplifier and electric relay modes for prolonging the transmission distance, so that the requirements are difficult to be met, and the practical popularization of the quantum secret communication technology in the power system is limited to a certain extent.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, provides an automatic quantum key charging method, and realizes the automatic charging and updating of a quantum key.
In order to solve the technical problem, the invention provides an automatic quantum key charging method, which comprises the following steps:
dividing the quantum key into a quantum authentication key, a quantum encryption key and a quantum updating key, wherein the quantum authentication key, the quantum encryption key and the quantum updating key all adopt a one-time pad mode; wherein the content of the first and second substances,
the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encryption and decryption of data during communication interaction, and the quantum update key is used for encryption and decryption of a new quantum key during communication interaction when the quantum authentication key, the quantum encryption key and/or the quantum update key are/is updated.
Preferably, the quantum authentication key is of a fixed length, and the lengths of the quantum update key and the quantum encryption key are determined according to requirements.
Meanwhile, the invention also provides a quantum key automatic charging method and a quantum key automatic charging system which are suitable for the power service, the deployment architecture of power service master station convergence and power service terminal access is followed, meanwhile, the updating of the quantum key at the power service terminal side does not depend on the traditional bare optical fiber quantum channel, the construction cost is reduced, the application scene is expanded, and the practical level of the power system of the quantum secret communication technology is improved.
In order to solve the technical problem, the invention discloses an automatic quantum key charging method suitable for electric power services, which is characterized by comprising 1 or more quantum random number generators, a quantum key charging manager, a quantum secure access gateway and a plurality of quantum Ukey/TF cards, wherein the 1 or more quantum random number generators, the quantum key charging manager and the quantum secure access gateway are arranged on a service master station side, the quantum Ukey/TF cards are arranged on a service terminal side, the service master station is connected with each service terminal through the quantum secure access gateway, each quantum random number generator is respectively connected with the quantum key charging manager, and the quantum key charging manager is connected with each quantum Ukey/TF card through the quantum secure access gateway, and the method comprises the following steps:
step S1, initial key filling phase: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
step 2: dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key, a quantum encryption key and a quantum update key, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode;
step S3, when there is service data interaction between the service terminal and the service master station, the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used to realize the authentication between the service terminal and the service master station, and after the authentication is successful, the quantum encryption key is used to realize the encryption and decryption of the service data in the interaction process;
step S4, quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
Preferably, when the information electric power service is managed, the number of the quantum random number generators is two or more; when the control type electric power business is produced, the number of the quantum random number generators is three or more.
Preferably, in the initial key charging stage, the quantum key charging management machine is temporarily and directly connected with the quantum Ukey/TF card through the USB port/TF card slot to complete the initial key charging of the quantum Ukey/TF card.
Preferably, the quantum authentication key is of a fixed length, the quantum update key and the quantum encryption key are determined according to the type of the power service, and for the power production control service, the quantum update key amount is far larger than the quantum encryption key amount; for power management information type services, quantum encryption keys are much larger than quantum update keys.
Preferably, for the power management information service, when the traffic flow is large, the quantum update key is amplified by several times.
Correspondingly, the invention also provides an automatic quantum key charging system suitable for the electric power service, which is characterized by comprising 1 or more quantum random number generators, a quantum key charging manager, a quantum secure access gateway and a plurality of quantum Ukey/TF cards, wherein the 1 or more quantum random number generators, the quantum key charging manager and the quantum secure access gateway are arranged on the side of a service master station, the quantum Ukey/TF cards are arranged on the side of a service terminal, the service master station is connected with each service terminal through the quantum secure access gateway, each quantum random number generator is respectively connected with the quantum key charging manager, the quantum key charging manager is connected with each quantum Ukey/TF card through the quantum secure access gateway, and the working process of the system comprises an initial key charging stage, a service data interaction stage and a quantum key updating stage;
initial key filling stage: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key, a quantum encryption key and a quantum update key, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode;
and (3) service data interaction stage: when service data interaction exists between the service terminal and the service master station, authentication between the service terminal and the service master station is realized by using a quantum Ukey/TF card and a quantum authentication key in a quantum security access gateway, and after the authentication is successful, encryption and decryption of the service data in the interaction process are realized by using a quantum encryption key;
quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
Compared with the prior art, the invention has the following beneficial effects: the quantum key automatic charging method updates the quantum authentication, encryption and/or key updating through the quantum key updating, and realizes the automatic charging and updating of the quantum key. The quantum key automatic filling method and system suitable for the power service obeys the deployment architecture of power service master station convergence and power service terminal access, meanwhile, the updating of the quantum key at the power service terminal side does not depend on the traditional bare optical fiber quantum channel, the construction cost is reduced, the application scene is expanded, and the practical level of the power system of the quantum secret communication technology is improved.
Drawings
FIG. 1 is a schematic diagram of a communication method of a power communication network in the prior art;
FIG. 2 is a block diagram of an embodiment of a method for quantum key auto-population;
FIG. 3 is a quantum key division diagram of a power generation control class service quantum Ukey/TF card in an embodiment;
FIG. 4 is a quantum key division diagram of a power management information service quantum Ukey/TF card in the embodiment.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The invention discloses an automatic quantum key filling method, which comprises the following steps:
dividing the quantum key into a quantum authentication key, a quantum encryption key and a quantum updating key, wherein the quantum authentication key, the quantum encryption key and the quantum updating key all adopt a one-time pad mode; wherein the content of the first and second substances,
the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encryption and decryption of data during communication interaction, and the quantum update key is used for encryption and decryption of a new quantum key during communication interaction when the quantum authentication key, the quantum encryption key and/or the quantum update key are/is updated.
The invention updates the quantum authentication, encryption and/or key updating through the quantum key updating, and realizes the automatic charging and updating of the quantum key.
The invention aims to provide a quantum key automatic charging system and a method suitable for electric power service, which conform to the problems of a point-to-multipoint convergence type deployment architecture (one service master station is connected with a plurality of service terminals through a safety access gateway and is a point-to-multipoint architecture) of electric power service master station convergence and electric power service terminal access, and conform to the network architecture with a plurality of communication links of the electric power system coexisting. According to the method provided by the invention, the updating of the quantum key at the side of the power service terminal does not depend on the traditional bare optical fiber quantum channel, the construction cost is reduced, the application scene is expanded, and the practical level of the power system of the quantum secret communication technology is improved.
The existing power communication network adopts a plurality of communication modes, as shown in fig. 1, wherein an optical fiber communication mode (such as an SDH/OTN communication mode) is mainly a power backbone network, and full coverage of sites of 35kV or more is realized; the wireless communication mode is mainly distributed in a power terminal communication access network, such as an EPON/industrial Ethernet, a wireless private network/a wireless public network, and is a main communication mode of a power distribution and utilization communication network; the power line carrier mode is mainly distributed in areas which are difficult to lay optical cables and coverage of wireless signals, and is a supplement mode of optical fibers and wireless.
On the basis of understanding multiple communication modes of a power communication network, the structure of the quantum key automatic charging system suitable for power services is shown in fig. 2, wherein a service master station is provided with N quantum random number generators, a quantum key charging manager and a quantum secure access gateway, each service terminal is provided with a quantum Ukey or a quantum TF card, the service master station is connected with N service terminals through the quantum secure access gateway to transmit service data, each quantum random number generator is respectively connected with the quantum key charging manager, and the quantum key charging manager is connected with each quantum Ukey/TF card through the quantum secure access gateway to charge and update quantum keys.
The quantum random number generator is used for generating a quantum random number key and transmitting the quantum random number key to the quantum key filling management machine. The embodiment deploys a plurality of quantum random number generators on the master station side, and has the following characteristics: firstly, the multiple quantum random number generators are true random numbers which are generated by adopting a physical means and are strictly proved by a physical entropy theory, are mutually independent and mutually unrelated, and the randomness of a quantum random number key is further enhanced. Secondly, the specific number of the multiple quantum random number generators is determined according to the safety level of the electric power service supported by the quantum key automatic charging system, two management information electric power services are defaulted, a load sharing and hot backup working mode is constructed, and the multiple quantum random number generators can be expanded into multiple quantum random number generators according to the consumption of the quantum keys; the number of the production control type power services is three or more, the first two comprise a load sharing mode, and the third one is used as a hot backup. Thirdly, a load sharing mode is adopted by the multiple quantum random number generators, and the generation of quantum random number keys with enough quantity can be guaranteed. Fourthly, a hot backup mechanism is adopted among the plurality of quantum random number generators, and the reliability of quantum random number key supply can be ensured.
The quantum key charging management machine is used for identity authentication and quantum key supply of the quantum secure access gateway and the quantum Ukey/TF card. The quantum key charging management machine is permanently and directly connected with the quantum security access gateway, and is permanently and directly connected with a service terminal containing a quantum Ukey/TF card through the quantum security access gateway. And in the initial key charging stage, the initial key charging of the quantum Ukey/TF card is completed through the temporary direct connection of the USB port/TF card slot and the quantum Ukey/TF card, and the same initial key is sent to the quantum secure access gateway for storage. In the quantum key updating stage, firstly, a quantum Ukey/TF card and a quantum authentication key in a quantum security access gateway are adopted to realize the authentication of the quantum key/TF card and the quantum authentication key and a quantum key charging management machine, and a quantum random number key is applied to be obtained; and then, encrypting the quantum random number key by adopting the same quantum update key in the quantum Ukey/TF card and the quantum secure access gateway to realize the charging and updating of the quantum key in the quantum Ukey/TF card, and sending the same key to the quantum secure access gateway for storage.
The quantum secure access gateway can smoothly upgrade the existing secure access gateway of the power system by adding a quantum key storage module and adopting a one-time pad symmetric encryption algorithm and other functions, wherein the quantum key storage module is used for storing a quantum key which is provided by a quantum key charging management machine and is the same as a quantum Ukey/TF card, and identity authentication and service data encryption and decryption of a service terminal containing the quantum Ukey/TF card are realized.
The quantum Ukey/TF card has the main function of storing a key, is combined with a quantum key charging management machine to complete the charging of the key, and is combined with a quantum secure access gateway to complete the use, destruction and updating of the key.
Service master station side: communication links between the quantum random number generator and the quantum key charging manager, between the quantum key charging manager and the quantum secure access gateway, and between the quantum secure access gateway and the service master station are short-distance credible communication links; the service terminal side: and a communication link between the quantum secure access gateway and the service terminal containing the quantum Ukey/TF card is a long-distance non-trusted communication link. The short-distance credible communication link corresponds to a scene that the communication distance between two communication entities is short, the communication environment is closed and the external attack is not easy to happen, and mainly adopts a wired connection mode such as an optical fiber and a copper cable or a wireless communication mode with safety protection, and data transmitted in the link is not encrypted by a quantum key. The latter corresponds to a scene that the communication distance between two communication entities is long, the communication environment is open and the external attack is easy to be suffered, and the data transmitted in the link is encrypted by adopting a quantum key.
The quantum key automatic charging method adaptive to the power service based on the system structure comprises the following steps:
step S1, initial key filling phase: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
in the embodiment, the quantum key charging management machine acquires the quantum random number keys from the multiple quantum random number generators through the short-distance trusted communication link and stores the quantum random number keys in the local. The quantum key fills the supervisor and carries out authentication to quantum Ukey/TF card, quantum secure access gateway at first, specifically includes: presetting a certificate, a dynamic password and other modes; after the authentication is passed, the quantum key filling management machine temporarily and directly connects the quantum Ukey/TF card through the USB port/TF card slot according to the capacity of the quantum Ukey/TF card, and fills part of locally stored quantum random number keys into the quantum Ukey/TF card to serve as initial keys; and simultaneously, the same key is transmitted to the quantum security access gateway for storage through a short-distance trusted communication link. The capacity of the quantum Ukey/TF card needs to comprehensively consider various factors such as cost, power service data volume and the like, and the default minimum value can be set to be 1G.
Step 2: dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key Ka, a quantum encryption key Ke and a quantum update key Ku, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode; wherein the content of the first and second substances,
the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encryption and decryption of data during communication interaction, and the quantum update key is used for encryption and decryption of a new quantum key during communication interaction when the quantum authentication key, the quantum encryption key and/or the quantum update key are/is updated.
In the embodiment, the quantum authentication key in the initial key of the quantum Ukey/TF card is of a fixed length, the quantum updating key and the quantum encryption key are determined according to the type of the accessed power service, for the power production control service, the quantum updating key amount is far larger than the quantum encryption key amount, and the security of the key is ensured by quickly updating the key; for the electric power management information service, the quantum encryption key is far larger than the quantum updating key, and the quantum updating key is amplified, so that certain safety is sacrificed, but the high availability of the service is ensured.
In this embodiment, for the electricity production control service, the updating speed (i.e., the length) of the quantum updating key is set to be N times (N is greater than or equal to 2, and a proper value is selected according to the size of the service traffic) of the consumption speed of the quantum authentication key and the quantum encryption key, for example, when N =2, the key division is as shown in fig. 3, the quantum updating key is used to update the quantum authentication key and the quantum encryption key, and is used to update the consumed quantum updating key, so as to implement real-time charging and remote updating of the quantum authentication key, the quantum encryption key, and the quantum updating key; and after the quantum updating key is used, the quantum updating key is destroyed immediately.
In this embodiment, for the power management information service, the quantum update key is amplified by M times (M ≧ 1) according to the size of the service traffic, for example: m =6, the key division is shown in fig. 4, the quantum update key is used to update the quantum authentication key and the quantum encryption key, and is used to update the consumed quantum update key, so as to implement real-time charging and remote updating of the quantum authentication key, the quantum encryption key, and the quantum update key.
Step S3, when there is service data interaction between the service terminal and the service master station, the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used to realize the authentication between the service terminal and the service master station, and after the authentication is successful, the quantum encryption key is used to realize the encryption and decryption of the service data in the interaction process.
And (3) service data interaction process:
in the embodiment, the quantum authentication key and the quantum encryption key both adopt a one-time pad mode, when a service terminal uploads service data to a service master station, authentication between the quantum authentication key and the quantum authentication key in the quantum secure access gateway is realized by using the quantum Ukey/TF card, after the authentication is passed, the service terminal encrypts the service data by using the quantum encryption key, the encrypted service data reaches the quantum secure access gateway through a remote untrusted communication link, then the quantum secure access gateway decrypts the service data by using the quantum encryption key, the decrypted service data is uploaded to the service master station, and when the service data is large, the service data can be uploaded for multiple times; when the service master station transmits the service data to the service terminal, the process of encrypting and decrypting the service data is opposite to the process.
The service data after quantum encryption is transmitted in the remote untrusted communication link, so that the transmission reliability of the service data is ensured.
In the service data interaction process, the quantum authentication key and the quantum encryption key are destroyed immediately after being used. Because quantum Ukey, quantum TF card and quantum secure access gateway all have certain capacity, quantum authentication key and quantum encryption key are consumed when business data is encrypted and decrypted, and charging is needed. If the key capacity in the quantum Ukey and the quantum TF card is not enough, the updating process of the quantum key is a charging process; and if the key capacity in the quantum Ukey and the quantum TF card is full, the updating process of the quantum key is the updating process. Namely, the quantum Ukey and quantum TF card key capacity is firstly ensured to be full, and then the safety is ensured through real-time updating.
Step S4, quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
And when the quantum authentication key, the quantum encryption key or the quantum updating key is consumed or the quantum key in the quantum Ukey/TF card needs to be updated, the quantum Ukey/TF card applies for acquiring a new quantum random number key to the quantum key filling management machine at the service master station side. The specific process comprises the following steps: firstly, authentication between a quantum Ukey/TF card and a quantum authentication key in a quantum security access gateway is realized by adopting the quantum authentication key and the quantum key and a quantum key charging management machine, and the quantum key charging management machine applies for obtaining a quantum random number key; the quantum key filling management machine obtains quantum random number keys with required quantity from each quantum random number generator, then the quantum random number keys are transmitted to a quantum secure access gateway, the quantum secure access gateway stores the quantum random number keys, the quantum random number keys are encrypted by using quantum update keys, the encrypted quantum random number keys are transmitted to a quantum Ukey/TF card of a service terminal through a remote untrusted communication link, the quantum Ukey/TF card decrypts by using the same quantum update keys in the quantum Ukey/TF card, and filling and updating of the quantum keys in the quantum Ukey/TF card are achieved. And after the quantum updating key is used, the quantum updating key is destroyed immediately.
Quantum random number keys after quantum encryption are transmitted in the remote untrusted communication link, so that the transmission reliability of the quantum keys is ensured.
There is no restriction on the sequence between step S3 and step S4, and when there is no service data interaction for a long time, the quantum key in the quantum secure access gateway and the quantum Ukey/TF card may also be updated.
And continuously repeating the processes of the steps 3 and 4 to realize the automatic charging and remote updating of the quantum key in the quantum Ukey/TF card.
The current common practice is that the key in the quantum Ukey or quantum TF card is used up and then the master station filling machine is required to fill. The invention updates the quantum authentication, encryption and/or key updating through the quantum key updating, thereby realizing the automatic charging and remote updating of the quantum key in the quantum Ukey/TF card.
Correspondingly, based on the same invention concept as the method, the invention also provides an automatic quantum key charging system suitable for electric power services, which is characterized by comprising 1 or more quantum random number generators, a quantum key charging management machine, a quantum secure access gateway and a plurality of quantum Ukey/TF cards, wherein the quantum random number generators, the quantum key charging management machine and the quantum secure access gateway are arranged on the side of a service master station, the quantum Ukey/TF cards are arranged on the side of a service terminal, the service master station is connected with each service terminal through the quantum secure access gateway, each quantum random number generator is respectively connected with the quantum key charging management machine, the quantum key charging management machine is connected with each quantum Ukey/TF card through the quantum secure access gateway, and the working process of the system comprises an initial key charging stage, a service data interaction stage and a quantum key updating stage;
initial key filling stage: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key, a quantum encryption key and a quantum update key, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode;
and (3) service data interaction stage: when service data interaction exists between the service terminal and the service master station, authentication between the service terminal and the service master station is realized by using a quantum Ukey/TF card and a quantum authentication key in a quantum security access gateway, and after the authentication is successful, encryption and decryption of the service data in the interaction process are realized by using a quantum encryption key;
quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (7)
1. A quantum key automatic charging method adapting to electric power service is characterized by comprising 1 or more quantum random number generators, a quantum key charging management machine, a quantum secure access gateway and a plurality of quantum Ukey/TF cards, wherein the 1 or more quantum random number generators, the quantum key charging management machine and the quantum secure access gateway are arranged on a service master station side, the quantum Ukey/TF cards are arranged on a service terminal side, the service master station is connected with each service terminal through the quantum secure access gateway, each quantum random number generator is respectively connected with the quantum key charging management machine, and the quantum key charging management machine is connected with each quantum Ukey/TF card through the quantum secure access gateway, and the method comprises the following steps:
dividing the quantum key into a quantum authentication key, a quantum encryption key and a quantum updating key, wherein the quantum authentication key, the quantum encryption key and the quantum updating key all adopt a one-time pad mode; wherein the content of the first and second substances,
the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encryption and decryption of data during communication interaction, and the quantum update key is used for encryption and decryption of a new quantum key during communication interaction when the quantum authentication key, the quantum encryption key and/or the quantum update key are/is updated;
step S1, initial key filling phase: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
step 2: dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key, a quantum encryption key and a quantum update key, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode;
step S3, when there is service data interaction between the service terminal and the service master station, the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used to realize the authentication between the service terminal and the service master station, and after the authentication is successful, the quantum encryption key is used to realize the encryption and decryption of the service data in the interaction process;
step S4, quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
2. The method as claimed in claim 1, wherein the quantum key is of a fixed length, and the lengths of the quantum key and the quantum key are determined according to the requirement.
3. The method for automatically charging quantum key adapted to electric power service of claim 1, wherein when managing information type electric power service, the number of quantum random number generators is two or more; when the control type electric power business is produced, the number of the quantum random number generators is three or more.
4. The method for automatically charging the quantum key adapting to the power service as claimed in claim 1, wherein in the initial key charging stage, the quantum key charging manager is temporarily and directly connected with the quantum Ukey/TF card through the USB port/TF card slot to complete the initial key charging of the quantum Ukey/TF card.
5. The method for automatically charging the quantum key suitable for the power service as claimed in claim 1, wherein the quantum authentication key has a fixed length, the quantum update key and the quantum encryption key are determined according to the type of the power service, and for the power production control service, the quantum update key amount is much larger than the quantum encryption key amount; for the electric power management information service, the quantum encryption key quantity is far larger than the quantum updating key quantity.
6. The method as claimed in claim 1, wherein the quantum key is amplified by several times when traffic flow is large.
7. A quantum key automatic charging system adapting to electric power service is characterized by comprising 1 or more quantum random number generators, a quantum key charging manager, a quantum secure access gateway and a plurality of quantum Ukey/TF cards, wherein the 1 or more quantum random number generators, the quantum key charging manager and the quantum secure access gateway are arranged on a service master station side, the quantum Ukey/TF cards are arranged on a service terminal side, the service master station is connected with each service terminal through the quantum secure access gateway, each quantum random number generator is respectively connected with the quantum key charging manager, the quantum key charging manager is connected with each quantum Ukey/TF card through the quantum secure access gateway,
the quantum key is divided into a quantum authentication key, a quantum encryption key and a quantum updating key, and the quantum authentication key, the quantum encryption key and the quantum updating key all adopt a one-time pad mode; wherein the content of the first and second substances,
the quantum authentication key is used for identity authentication during communication interaction, the quantum encryption key is used for encryption and decryption of data during communication interaction, and the quantum update key is used for encryption and decryption of a new quantum key during communication interaction when the quantum authentication key, the quantum encryption key and/or the quantum update key are/is updated;
the system working process comprises an initial key filling stage, a service data interaction stage and a quantum key updating stage;
initial key filling stage: the quantum key filling management machine acquires quantum random number keys from each quantum random number generator, fills the quantum random number keys into a quantum Ukey/TF card as an initial key, and simultaneously transmits the same quantum random number keys to a quantum secure access gateway for storage;
dividing initial keys in the quantum secure access gateway and the quantum Ukey/TF card into a quantum authentication key, a quantum encryption key and a quantum update key, wherein the quantum authentication key, the quantum encryption key and the quantum update key all adopt a one-time pad mode;
and (3) service data interaction stage: when service data interaction exists between the service terminal and the service master station, authentication between the service terminal and the service master station is realized by using a quantum Ukey/TF card and a quantum authentication key in a quantum security access gateway, and after the authentication is successful, encryption and decryption of the service data in the interaction process are realized by using a quantum encryption key;
quantum key updating stage: the quantum authentication key in the quantum Ukey/TF card and the quantum security access gateway is used for realizing authentication between the quantum authentication key and the quantum key charging manager, the quantum key charging manager acquires a quantum random number key from each quantum random number generator and transmits the quantum random number key to the quantum Ukey/TF card through the quantum security access gateway; and the quantum random number key is encrypted and decrypted in the interaction process by utilizing the quantum secure access gateway and the quantum update key in the quantum Ukey/TF card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810960449.0A CN109412794B (en) | 2018-08-22 | 2018-08-22 | Quantum key automatic charging method and system suitable for power business |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810960449.0A CN109412794B (en) | 2018-08-22 | 2018-08-22 | Quantum key automatic charging method and system suitable for power business |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109412794A CN109412794A (en) | 2019-03-01 |
| CN109412794B true CN109412794B (en) | 2021-10-22 |
Family
ID=65464344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810960449.0A Active CN109412794B (en) | 2018-08-22 | 2018-08-22 | Quantum key automatic charging method and system suitable for power business |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109412794B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109728908B (en) * | 2019-03-18 | 2021-10-15 | 南方电网调峰调频发电有限公司信息通信分公司 | Secret key management method based on quantum secure mobile storage medium |
| CN110535637A (en) * | 2019-08-15 | 2019-12-03 | 国网安徽省电力有限公司信息通信分公司 | A kind of the wireless dispatch method, apparatus and system of quantum key |
| CN110572265B (en) * | 2019-10-24 | 2022-04-05 | 国网山东省电力公司信息通信公司 | Terminal security access gateway method, device and system based on quantum communication |
| RU2736870C1 (en) * | 2019-12-27 | 2020-11-23 | Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Complex for secure data transmission in digital data network using single-pass quantum key distribution system and method of keys adjustment during operation of system |
| CN111917543B (en) * | 2020-08-14 | 2023-08-29 | 国科量子通信网络有限公司 | User access cloud platform security access authentication system and application method thereof |
| CN112737781B (en) * | 2021-03-29 | 2021-06-18 | 南京易科腾信息技术有限公司 | Quantum key management service method, system and storage medium |
| CN113872762B (en) * | 2021-11-29 | 2022-03-25 | 国网浙江省电力有限公司金华供电公司 | Quantum encryption communication system based on power distribution terminal equipment and use method thereof |
| CN113904769B (en) * | 2021-12-08 | 2022-03-18 | 浙江九州量子信息技术股份有限公司 | Quantum encryption-based power distribution automation reinforcement implementation method |
| CN114553404A (en) * | 2022-01-28 | 2022-05-27 | 国电南瑞南京控制系统有限公司 | Power distribution longitudinal encryption method and system based on quantum encryption |
| CN114499853B (en) * | 2022-02-11 | 2022-11-15 | 浙江国盾量子电力科技有限公司 | Power distribution station video transmission communication system and method based on 5G and quantum encryption |
| CN114531238B (en) * | 2022-04-24 | 2022-07-19 | 中电信量子科技有限公司 | Secret key safe filling method and system based on quantum secret key distribution |
| CN115694816B (en) * | 2023-01-04 | 2023-03-17 | 南京中科齐信科技有限公司 | Quantum key pair filling method based on UDS protocol |
| CN116208333B (en) * | 2023-03-01 | 2024-02-06 | 国网浙江杭州市萧山区供电有限公司 | Quantum key regulation and control method and system for remote control terminal of intelligent substation |
| CN117220878A (en) * | 2023-10-20 | 2023-12-12 | 合肥合燃华润燃气有限公司 | Remote online quantum key management method and system for gas meter |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
| US8897449B1 (en) * | 2011-09-12 | 2014-11-25 | Quantum Valley Investment Fund LP | Quantum computing on encrypted data |
| CN105515780A (en) * | 2016-01-12 | 2016-04-20 | 浙江神州量子网络科技有限公司 | System and method for authenticating identity based on quantum key |
| CN106452739A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum network service station and quantum communication network |
| CN108134669A (en) * | 2018-01-11 | 2018-06-08 | 北京国电通网络技术有限公司 | Towards the quantum key dynamic supply method of power scheduling business and management system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780040A (en) * | 2015-04-06 | 2015-07-15 | 安徽问天量子科技股份有限公司 | Handheld device encryption method and system based on quantum cryptography |
-
2018
- 2018-08-22 CN CN201810960449.0A patent/CN109412794B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8897449B1 (en) * | 2011-09-12 | 2014-11-25 | Quantum Valley Investment Fund LP | Quantum computing on encrypted data |
| CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
| CN105515780A (en) * | 2016-01-12 | 2016-04-20 | 浙江神州量子网络科技有限公司 | System and method for authenticating identity based on quantum key |
| CN106452739A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum network service station and quantum communication network |
| CN108134669A (en) * | 2018-01-11 | 2018-06-08 | 北京国电通网络技术有限公司 | Towards the quantum key dynamic supply method of power scheduling business and management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109412794A (en) | 2019-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109412794B (en) | Quantum key automatic charging method and system suitable for power business | |
| CN108880800B (en) | Power distribution and utilization communication system and method based on quantum secret communication | |
| WO2023082599A1 (en) | Blockchain network security communication method based on quantum key | |
| WO2023082600A1 (en) | Quantum key-based blockchain network and data secure transmission method | |
| CN103795533A (en) | Id-based encryption and decryption method, and apparatus for executing same | |
| CN103491531A (en) | Method for using quantum keys to improve safety of electric power information transmission in power system WiMAX wireless communication network | |
| CN110880972A (en) | Block chain key management system based on safe multiparty calculation | |
| CN113037478B (en) | Quantum key distribution system and method | |
| CN110430053B (en) | Quantum key distribution method, device and system | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| CN110611572A (en) | Asymmetric password terminal based on quantum random number, communication system and method | |
| CN110620660A (en) | Key distribution method for data communication based on block chain | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN113612608A (en) | Method and system for realizing cluster encryption of dual-mode interphone based on public network | |
| CN113207121A (en) | Key management method and system for intelligent power distribution network communication system | |
| CN105681253B (en) | Data encryption and transmission method, equipment, gateway in centralized network | |
| CN111953487B (en) | Key management system | |
| CN114070579A (en) | Industrial control service authentication method and system based on quantum key | |
| CN109040120A (en) | A kind of SV message encryption and decryption method based on IEC61850 standard | |
| CN117014139A (en) | Virtual power plant business fusion system and method based on quantum encryption | |
| KR20130034770A (en) | System and method for security of scada communication network | |
| CN103384233B (en) | A kind of methods, devices and systems for acting on behalf of conversion | |
| CN116567624A (en) | 5G feeder terminal communication safety protection method, device and storage medium | |
| KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
| CN111740941A (en) | Industrial scene real-time data file encryption transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |