CN113438074B - Decryption method of received mail based on quantum security key - Google Patents

Decryption method of received mail based on quantum security key Download PDF

Info

Publication number
CN113438074B
CN113438074B CN202110706118.6A CN202110706118A CN113438074B CN 113438074 B CN113438074 B CN 113438074B CN 202110706118 A CN202110706118 A CN 202110706118A CN 113438074 B CN113438074 B CN 113438074B
Authority
CN
China
Prior art keywords
quantum
mail
key
service system
management service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110706118.6A
Other languages
Chinese (zh)
Other versions
CN113438074A (en
Inventor
刘驰
李杏桃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Quantum Technology Co ltd
Original Assignee
China Telecom Quantum Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Quantum Technology Co ltd filed Critical China Telecom Quantum Technology Co ltd
Priority to CN202110706118.6A priority Critical patent/CN113438074B/en
Publication of CN113438074A publication Critical patent/CN113438074A/en
Application granted granted Critical
Publication of CN113438074B publication Critical patent/CN113438074B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention provides a decryption method for receiving mails based on a quantum security key, which is applied to mail receiving equipment and comprises the following steps: before receiving the mail, the mail receiving equipment performs identity verification through a quantum password management service system, reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to perform symmetric entity identity authentication, and finally returns an authentication result; when the mail needs to be received, the receiver uses the key preset in the quantum security chip to apply for obtaining the mail encryption key and decrypt the mail to the quantum password management service system. By adopting the technical scheme, the threat of the increasingly severe network attack environment to the mailbox transceiving environment is solved, the security threat brought by the future quantum computer and the quantum algorithm is prevented, and the scheme is easy to realize.

Description

Decryption method of received mail based on quantum security key
Technical Field
The application belongs to the field of safety application products, and particularly relates to a quantum safety key-based decryption method for receiving mails.
Background
At present, the increasingly severe environment of network attacks threatens the mailbox transceiving environment, which includes: the identity authentication problem of the mail receiving and sending entity, the problem that the mail content is stolen in the processes of mail transmission and storage, and the problems of tampering of a receiver and a sender and tampering of mail information possibly existing in the process of mail transmission.
The patent application with the application date of 2019.09.24 and the application number of CN201910904251.5 discloses a mail system and a transmitting and receiving method based on quantum digital signature, and in order to ensure the authenticity of transmitted information, the signature of the message is usually carried out through a specific signature algorithm (such as a Hash algorithm) before the information is transmitted. And attaching the calculated signature information to the message and sending the message to a server, then carrying out the same calculation on the content of the acquired message by a receiving end, and comparing the calculated result with the signature information carried behind the sending end. If the two are the same, the message content is not tampered, otherwise, the message is possibly tampered. The system in this application adopts three-layer structure: a physical layer, a key layer and an application layer; the physical layer is a key generation terminal and is responsible for generating a key string for signing in real time; the key layer is used for storing the key string generated by the physical layer and providing the required key to the upper application layer when required; the application layer is a software part for sending and receiving mail system, and encrypts the information to be sent by extracting the key generated by the physical layer from the key layer. The mail receiving and sending method comprises a quantum key distribution stage, a mail signature stage and a signature verification stage. Compared with the algorithm signature, the invention more powerfully guarantees the safety of the mail encrypted by the sub-digital signature. But the method omits a complex signature cryptographic algorithm, uses a quantum digital signature mode, improves the authenticity and non-repudiation of the mail according to the quantum mechanics principle, but does not improve the encryption security of the mail. Meanwhile, the quantum key is required to be exchanged between terminals of an application layer, the exchange process of the quantum key is not described in detail, and the key is exposed in the exchange process.
An application date is 2019.04.24, and an application number is CN201910331987.8, and discloses a mail secure transmission method based on a quantum key public cloud service platform, which relates to the technical field of quantum secret communication and comprises the following steps: the quantum key public cloud service platform acquires and stores a quantum key from the quantum key distribution QKD equipment; negotiating between a client A and a client B which are to be subjected to mail transmission to generate a pairing verification code; the client A and the client B send a request message for downloading the quantum key to the quantum key public cloud service platform; the quantum key public cloud service platform receives request messages for downloading the quantum keys, sent by a middle client A and a client B, matches verification codes, distributes the quantum keys if the pairing is successful, enters the next step, and prompts pairing errors if the pairing is failed; the client A encrypts and sends the mail to the public mail server, and the client B receives and decrypts the encrypted mail from the public mail server. The invention realizes the absolute safety of the transmission of the encrypted information of the e-mail in the network. The patent uses the random method in JAVA to generate pseudo random numbers, i.e. its random number is generated by a pseudo random number generator. In the method, the quantum key is generated into a quantum key compression package, the receiving and sending part carries out downloading and decompression to obtain the quantum key, and the security of the compression and sending process is not credible. In addition, the client AB both sides send verification codes, and the platform compares the verification codes, so that the security risk is extremely high, and the client AB can be attacked by a man-in-the-middle.
Future quantum computers and quantum algorithms may also pose security threats, including: the public key cryptographic algorithm based on the large factorization problem is broken, and the security threat brought by a quantum computer and the threat of the quantum algorithm to the existing cryptographic system are solved.
And the existing mail transmission system also needs a large amount of participation of a third party, which can increase the labor cost.
Disclosure of Invention
The invention aims to solve the technical problem of how to solve the threat of the increasingly severe environment of network attack to the mailbox receiving environment.
The invention solves the technical problems through the following technical means: a decryption method of received mails based on quantum security keys is applied to mail receiving equipment and comprises the following steps:
s1', before receiving an email, an email receiving device carries out identity verification through a quantum password management service system, reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result;
and S2 'after the user finishes login authentication in the step S1' and needs to receive the mail, the receiver uses a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system and decrypts the mail.
By adopting the technical scheme, the threat of the increasingly severe environment of network attack to the mailbox receiving and sending environment is solved, and particularly the identity authentication problem of the entity of the mail receiving and sending party is solved: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
By adopting the technical scheme, the security threat brought by future quantum computers and quantum algorithms is prevented, and particularly the problem that the public key cryptographic algorithm based on the factorization problem is decoded is prevented: using quantum symmetric keys, cannot be deciphered by factorization;
the technical scheme is easy to realize, the quantum security chip is a feasible existing technology, and the security authentication based on the quantum symmetric key is also a realizable technology.
As an optimized technical scheme, in step S1 ″, after the symmetric entity identity authentication is that a mailbox program of the mail receiving device is started, a quantum security chip is automatically invoked to complete the identity authentication of the symmetric key based on the quantum security key.
As an optimized technical scheme, the step S1 "the specific process of symmetric entity identity authentication is as follows:
s11', a user opens a mailbox application on the mail receiving equipment, inputs an account number and a password to carry out login authorization of the mailbox application, and logs in a mailbox;
and S12 ', the mail receiving equipment performs entity authentication based on a symmetric key through a built-in quantum security chip and a quantum password management service system, and the user enters the step S2' after login authentication.
As an optimized technical solution, the step S12 ″ specifically includes:
step S121', after the user finishes logging in, the mail receiving equipment automatically sends an authentication request to the vector sub security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving device;
step S123', the mail receiving equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail receiving device receives a contract scheme which is sent by the quantum password management service system and is encrypted by a key corresponding to the quantum key sequence Z-1, and the contract scheme is used for verifying that the quantum password management service system is the person;
step S125', the mail receiving equipment adopts a good scheme, and uses the key encryption corresponding to the quantum key sequence Z-1 to send to a quantum password management service system for verifying that the mail receiving equipment is the user and is not an application for resending after others intercept information;
and step S126', after both parties pass verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving equipment.
As an optimized technical scheme, in the step S1 ″, a login validity period is set, and entity authentication is not required for multiple logins within the login validity period, and the specific steps are as follows:
s12, detecting whether a quantum security chip built in the mail receiving equipment is in the login validity period of the quantum password management service system, and directly entering the step S2 in the validity period, wherein the mail receiving equipment does not perform entity authentication based on a symmetric key through the built-in quantum security chip and the quantum password management service system;
and S12, completing the login authentication process of the user, wherein the login validity period of the quantum password management service system after each authentication is preset time.
As an optimized technical solution, in the step S12 ″ a, if the quantum security chip built in the mail receiving device is bound with the mail user one by one, it is detected whether the mail user is in the validity period.
As an optimized technical solution, the step S2 ″ specifically includes:
s221': the mail receiving equipment receives the encrypted mail from the mailbox system, wherein the encrypted mail comprises an encrypted mail packet, sender receiving information and a mail number;
s222': the mail receiving equipment generates a sender verification code alpha according to the sender information and the mail number;
s223': the mail receiving equipment selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224': the mail receiving equipment receives a mail encryption password M and a mail message digest gamma ' which are encrypted by a quantum password management service system by using a symmetric key D ' of a key D, and a sender verification code alpha ';
s225': the mail receiving device decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma'. Decrypting the encrypted mail content by using the mail encryption password M to obtain a mail body and a mail message digest gamma encrypted together with the mail body;
s226': comparing the mail message digest gamma ', the sender verification code alpha ' with the mail message digest gamma decrypted from the mail packet and the sender verification code alpha generated in the step S222 by the receiver, if the mail message digest gamma ' and the sender verification code alpha ' are not consistent, indicating that the encrypted mail is possibly tampered, or the sender is not credible, and if the mail message digest gamma ' and the sender verification code alpha are consistent, indicating that the mail is credible;
s230': and the receiver obtains the decrypted trusted mail.
As an optimized technical scheme, the safety key in the quantum safety chip is pre-built, the quantum safety chip is filled in advance through a quantum key filling machine when the quantum safety chip issues a card, the used quantum safety chips are all provided with preset quantum passwords, each quantum safety chip is provided with a serial number, each quantum key is provided with a serial number, the serial numbers of the quantum safety chips and the serial numbers of the quantum keys are provided, and the corresponding keys can be found in a quantum exchange password.
As an optimized technical solution, the mail receiving apparatus includes: cell-phone, fixed equipment.
As an optimized technical scheme, mailbox users are pre-bound with the quantum security chip, and one mailbox user is bound with one quantum security chip.
The invention has the advantages that:
1. the invention uses the quantum password management service system to carry out identity authentication and distribute the mail encryption password, thereby increasing the security.
(1) The threat of the increasingly severe environment of network attack to the mailbox receiving and sending environment is solved:
(1) the identity authentication problem of the mail receiving and sending entity is solved: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
(2) The problem that the mail content is stolen in the mail transmission and storage processes is solved: the mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key which is generated by a quantum password management service system and is safely issued through a quantum password technology. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
(3) The problems of sender and receiver tampering and mail content tampering possibly existing in the mail transmission process are solved: the quantum password management service system can carry out verification code authentication on the sender and the receiver, so as to ensure the authenticity of the sender and the receiver. The entities use a Hash algorithm (such as a national secret SM 3) to digest the message of the mail content, use the mail encryption password to encrypt, transmit and store in a one-time pad mode, and check after decrypting the mail to avoid the risk of tampering the content.
(2) The security threat brought by future quantum computers and quantum algorithms is prevented;
(1) the method can prevent the problem that the public key cryptographic algorithm based on the big factorization problem is decoded: using quantum symmetric keys, it cannot be deciphered by large-factor factorization;
(2) the method can prevent the security threat brought by the quantum computer appearing in the future: the quantum security password is used for encryption transmission, and the transmission process is completely safe and credible theoretically;
(3) the method prevents the threat of quantum algorithm which possibly appears in the future to the existing cryptosystem: the quantum security password is used for encrypted transmission, and the quantum security key is a true random number generated by a quantum random number generator and cannot be deciphered through an algorithm.
(3) Third party issuance and certification without digital certificates;
(1) the certificateless authentication method is provided, and the participation of a third party is reduced: and the entity authentication of both users is carried out by using an entity authentication protocol based on the symmetric password without a third party issuing a certificate. The number of the participators in the process is reduced, and the risk of the three-party agreement is reduced.
2. Easy to realize, strong universality and good ductility
(1) The development technology is easy to realize
The quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the mail encryption password for encrypting the mail can be generated by using a quantum random number, the technology is mature, and the security is high.
(2) Strong universality and good ductility
The invention has few places for reforming the mailbox system, mainly improves the safety by adding a quantum key service system and has strong universality. The invention can be integrated on a quantum security service platform, provides a functional interface for the outside and has good ductility.
3. Economic benefits
(1) The network security capability is obviously improved
The method can defend against the existing attack mode and possible future quantum computing threat, and can greatly reduce economic loss caused by information leakage.
(2) Mailbox security service upgrade
The invention can greatly enhance the safety of the mail and provide a better and safer mail communication service. If the mail system of the existing 3W user (10 Yuan/month) is modified, the income revenue before modification is 30 Yuan/month, the service upgrade monthly lease after modification is 15 Yuan/month, and the income revenue after modification is 45W/month.
(3) Low transformation cost
The invention can be modified on the existing system, the platform side has almost no modification amount, the application end is only needed to be butted, and the modification cost is low.
Drawings
FIG. 1 is a system architecture diagram for authenticating and encrypting mailboxes based on quantum secure keys according to an embodiment of the present invention;
FIG. 2 is a timing diagram illustrating the operation of a system for authenticating and encrypting a mailbox based on a quantum security key according to an embodiment of the present invention;
FIG. 3 is a flow diagram of login authentication in an embodiment of the invention;
FIG. 4 is a detailed flowchart of identity authentication according to an embodiment of the present invention;
FIG. 5 is a flow chart of transmit encryption in an embodiment of the present invention;
fig. 6 is a storage flow diagram of a quantum key management service system in an embodiment of the present invention;
FIG. 7 is a storage flow diagram of a mail system in an embodiment of the present invention;
fig. 8 is a reception decryption flow chart in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The embodiment discloses a decryption method of a received mail based on a quantum security key, which is applied to mail receiving equipment
The embodiment discloses a quantum security key-based decryption method for receiving an email, which is applied to email receiving equipment.
And the mail receiving equipment is used for receiving mails and internally or externally connected with a quantum security chip.
Quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, the quantum security chip can be forms such as SIM card or USB flash disk, the security key in the quantum security chip is built-in advance, just fill in advance through quantum key filler when the quantum security chip hairpin, the quantum security chip of use all has preset quantum password, the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cryptograph as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail receiving apparatus includes: the mailbox users need to be bound with the quantum security chip in advance, only the mailbox binding users can receive mails by using the mail receiving device with the built-in quantum security chip, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for safety, it is preferable that a mailbox user is bound with a quantum security chip, that is, the mailbox user is not available after replacing the mail receiving device, or the mail receiving device is not available after replacing the mail user.
A decryption method of a received mail based on a quantum security key is applied to a mail receiving device and comprises the following steps:
s1', before receiving the mail, the mail receiving equipment carries out identity verification through a quantum password management service system, reads a quantum security key preset in a quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result.
The identity authentication of the symmetric entity can be started by using a mailbox program of mail receiving equipment, and then the quantum security chip is automatically called to finish the identity authentication of the symmetric key based on the quantum security key.
The specific process of the identity authentication of the symmetric entity comprises the following steps:
s11', a user opens a mailbox application on a mail receiving device, inputs an account password to perform login authorization of the mailbox application, and logs in a mailbox;
s12 ', the mail receiving equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and enters the step S2' after the user logs in and authenticates;
in actual operation, if entity authentication is performed again in each login, the entity authentication process is complex and long-consuming, and user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required in multiple logins within the login validity period, and the specific steps are as follows:
s12, a, detecting whether a quantum security chip built in a mail receiving device is in a login validity period of a quantum password management service system, and directly entering the step S2 in the validity period, wherein the mail receiving device does not exist in the validity period, and the mail receiving device performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through the built-in quantum security chip and the quantum password management service system;
and S12 'b', the user login authentication process is completed, and the login validity period of the quantum password management service system can be set to be one month after each authentication.
In the step S12"a, if the quantum security chip built in the mail receiving device is bound to the mail user one by one, it may also be detected whether the mail user is in the validity period.
The mail receiving equipment performs entity authentication by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system based on a symmetric key, and the specific steps are as follows:
step S121', after the user finishes logging in, the mail receiving equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving device;
step S123', the mail receiving equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail receiving device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and a device physical address, and is used for verifying that the quantum cipher management service system is the person himself;
step S125', the mail receiving device adopts a certain good scheme such as a time stamp and a device physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum secret key management service system, so as to verify that the mail receiving device is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving equipment.
The quantum symmetric key preset by the quantum security chip is used for identity authentication, the quantum symmetric key is initially filled and preset when the quantum security chip is sent by a quantum key filling machine, and one key is authenticated at one time, so that the identity authentication problem of a mail receiving and sending entity is solved, and a third party for issuing a certificate is not needed. The number of participants in the process is reduced, and the risk of the three-party protocol is reduced;
and S2 'after the user finishes the login authentication in the step S1' and needs to receive the mail, the receiver needs to apply for obtaining a mail encryption key and decrypt the mail to the quantum password management service system by using a key preset in the quantum security chip.
Specifically, the receiving decryption process is as follows:
after a receiver logs in a mailbox by using mail receiving equipment and finishes identity authentication, the receiver clicks to receive a mail, receives an encrypted mail sent by other people and triggers a key acquisition flow, and the mail receiving equipment receives the key and then carries out decryption reading locally.
The method comprises the following specific steps:
s221': the mail receiving equipment receives the encrypted mail from the mailbox system, wherein the encrypted mail comprises an encrypted mail packet, sender receiving information and a mail number;
s222': the mail receiving equipment generates a sender verification code alpha according to the sender information and the mail number;
s223': the mail receiving equipment selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224': the mail receiving equipment receives a mail encryption password M and a mail message digest gamma ' which are encrypted by a quantum password management service system by using a symmetric key D ' of a key D, and a sender verification code alpha ';
s225': the mail receiving device decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma'. Decrypting the encrypted mail content by using the mail encryption password M to obtain a mail body and a mail message digest gamma encrypted together with the mail body;
s226': the recipient compares the mail message digest γ ', the sender verification code α' and the mail message digest γ decrypted from the mail package, and the sender verification code α generated in step S222 ". If not, the encrypted mail is possible to be tampered or the sender is not credible. If the mail is consistent with the mail, the mail is credible;
s230': and the receiver obtains the decrypted trusted mail.
Embodiment two mail transmission method based on quantum security key
This embodiment is a mail transmission method that employs the decryption method of the received mail of the first embodiment, including the transmission and reception processes.
As shown in fig. 1, this embodiment discloses a quantum security key-based mail transmission method, and a quantum security key-based mail transmission system is used, the system including:
the mailbox system is used for providing the function of sending and receiving mails;
the quantum random number generator is used for generating a quantum key;
the quantum exchange cipher machine is used for receiving a quantum key sent by the quantum random number generator and providing key service, wherein the quantum exchange cipher machine is internally pre-stored with a key which is pre-generated by the quantum random number generator and is stored in the quantum exchange cipher machine, and the key in the quantum security chip is a symmetric key;
the quantum key charging machine is connected with the output end of the quantum exchange cipher machine and is used for charging the quantum key;
the quantum password management service system is respectively in data interaction with the mailbox system and the quantum security chip through a network, is directly connected with the quantum password switch and is used for providing a mail encryption key and an identity authentication function;
quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, the quantum security chip can be forms such as SIM card or USB flash disk, the security key in the quantum security chip is built-in advance, just fill in advance through quantum key filler when the quantum security chip hairpin, the quantum security chip of use all has preset quantum password, the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cryptograph as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail receiving and sending device is used for receiving and sending mails, the quantum security chip is internally or externally connected with the mail receiving and sending device, and the mail receiving and sending device comprises: the mailbox user needs to be bound with the quantum security chip in advance, only the mailbox binding user can send mails by using the mail receiving and sending device with the quantum security chip built in, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for safety, it is preferable that a mailbox user is bound to a quantum security chip, that is, the mailbox user cannot use the mailbox after replacing the mail receiving and sending device, or the mailbox user cannot use the mailbox after replacing the mail receiving and sending device.
As shown in fig. 2, the method for transmitting the mail based on the quantum security key comprises the following steps:
s1, before sending or receiving the mail, the mail receiving and sending equipment carries out identity verification through a quantum password management service system, reads a quantum security key preset in a quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result.
And after the symmetric entity identity authentication can be started by using a mailbox program of the mail receiving and sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
As shown in fig. 3, the specific process of symmetric entity identity authentication is as follows:
s11, a user opens a mailbox application on the mail receiving and sending device, inputs an account password to carry out login authorization of the mailbox application, and logs in a mailbox;
s12, the mail receiving and sending equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and the step S2 is performed after the user logs in and authenticates;
in actual operation, if entity authentication is performed again in each login, the entity authentication process is complex and long-consuming, and user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required in multiple logins within the login validity period, and the specific steps are as follows:
s12a, detecting whether a quantum security chip built in the mail receiving and sending equipment is in a login validity period of a quantum password management service system, directly entering the step S2 in the validity period, and if not, using a GB/T15843.2 standard to perform entity authentication based on a symmetric key by the mail receiving and sending equipment through the built-in quantum security chip and the quantum password management service system;
and S12b, completing the login authentication process of the user, wherein the login valid period of the quantum password management service system can be set to be one month after each authentication.
In the step S12a, if the quantum security chip built in the e-mail receiving and sending device is bound with the e-mail user one by one, it may also be detected whether the e-mail user is in the validity period.
Referring to fig. 4, the mail receiving and sending device performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum cryptography management service system, which specifically includes the following steps:
step S121, after the user logs in, the mail receiving and sending device automatically sends an authentication request to the sub-security chip;
s122, the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving and sending equipment;
step S123, the mail receiving and sending device sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124, the quantum cipher management service system searches a cipher key corresponding to the quantum cipher key sequence Z-1 through a quantum cipher key exchange cipher machine;
step S125, the quantum key exchange cipher machine returns a key corresponding to the quantum key sequence Z-1, namely a symmetric key to the quantum key management service system;
step S126, the quantum password management service system adopts a certain good scheme such as a timestamp and an equipment physical address, encrypts and sends a key corresponding to the quantum key sequence Z-1 to the mail receiving and sending equipment for verifying that the quantum password management service system is the person;
step S127, the mail receiving and sending device adopts a certain good scheme such as a time stamp and a device physical address, and uses the key encryption corresponding to the quantum key sequence Z-1 to send to a quantum password management service system for verifying that the mail receiving and sending device is the user and is not an application for resending after others intercept information;
and S128, after the two parties pass the verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving and sending device.
The quantum symmetric key preset by the quantum security chip is used for identity authentication, the quantum symmetric key is initially filled and preset when the quantum security chip is sent by a quantum key filling machine, and one key is authenticated at one time, so that the identity authentication problem of a mail receiving and sending entity is solved, and a third party for issuing a certificate is not needed. The number of the participators in the process is reduced, and the risk of the three-party agreement is reduced;
s2, after the user finishes login authentication in the step S1 and needs to send and receive mails, the sender needs to use a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system, the quantum password management service system encrypts the mail encryption key by using a preset symmetric key with the key preset in the quantum security chip and sends the encrypted mail encryption key to the receiver, the mail system receives the mails encrypted by the mail encryption key and stores the mails in a platform, and the receiver can decrypt the mail encryption key by using the quantum security key built in the mail sending and receiving equipment to obtain the mail encryption key.
Specifically, as shown in fig. 5 to 7, the transmission encryption process is:
s211, the sender uses the sending end mail receiving and sending equipment to edit the local mail locally;
s212, supposing that the sent email is sent for the first time after authentication, the email sending and receiving equipment of the sending party selects a secret key B with a password sequence Z in a quantum security chip, sends the email number and the password sequence Z together to a quantum password management service system, applies for obtaining an email encryption secret key, wherein the secret key is used as an optional rule, the secret keys in all the quantum security chips are used according to the secret key sequence, if the sequence used during authentication is a secret key of Z-1, the secret key with the sequence Z is selected for the current time, the sequence of the secret key selected for the next time is Z +1, the used secret key is discarded, of course, other sequences can be adopted, and if the sent email is sent for the first time after non-authentication, the secret keys of the password sequences in corresponding sequences can be used;
s213, the quantum cipher management service system uses a quantum random number generator to generate a safe random mail encryption cipher M, finds a symmetric cipher key B 'with a cipher sequence Z by using a quantum secure cipher key stored in a quantum exchange cipher machine, encrypts the mail encryption cipher M by using the symmetric cipher key B', and generates an encrypted mail encryption cipher M B’
S214, the quantum cryptography management service system encrypts the data by using the symmetric key BMail encryption password M B’ Sending the information to a mail receiving and sending device of a mail sender;
s215, the mail sending and receiving device of the sender receives the encrypted mail encryption password M B’ Decrypting by using a key B which is symmetrical to the symmetrical key B' to obtain an E-mail encryption password M;
s216, the sender uses a Hash algorithm to generate a message digest gamma for the encrypted mail, so that the content tampering risk is avoided;
s217: the mail receiving and sending equipment of the sender encrypts the local mail and the message digest gamma into an encrypted mail packet by using the mail encryption password M, and encrypts, transmits and stores the local mail and the message digest gamma by using the mail encryption password M so as to further avoid the risk of content tampering;
s218: the sender-side mail receiving and sending device encrypts and sends a mail number, recipient information, a recipient verification code beta and a message digest gamma to a quantum secret key symmetric C with the sequence of Z +1 and sends the encrypted mail number, the recipient verification code, as shown in FIG. 5, is stored in the quantum secret key management service system, the recipient verification code stored in the quantum secret key management service system is represented as beta ', the recipient verification code is used for preventing the recipient information from being tampered in the plaintext transmission process (the recipient information needs plaintext transmission), the recipient verification code is generated by the recipient information and the mail number through a Hash algorithm and is sent to the quantum secret key management service system, when the identity of the recipient is verified, the quantum secret key management system can enable the recipient information (the recipient requesting the recipient) and the mail number to generate the recipient verification code again through the same algorithm, the verification codes stored in the past are compared, the identity of the recipient is verified, the relation between beta and beta' is that beta is stored after the sender is stored in the quantum secret key management service system, the relation between the sender information and the recipient verification code is the same, the recipient verification code is set in the sending and receiving information, but the account number/receiving information is also set as a binding account number of the sender/receiving and the sending-side device, so that the sender-side mail can be bound by the sender-side mail;
s219: the quantum password management service system generates a sender verification code alpha' according to the mail number and the information of the sender authenticated in the step S1;
s220: the sender email transceiver sends the encrypted email packet, the sender receiving information and the email number to the email system, the email system receives the encrypted email and stores the encrypted email, the email system can receive the non-encrypted email and also receive the encrypted email, as shown in fig. 5, the email system stores the encrypted email packet, the sender receiving information and the email number.
The mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key generated by the quantum password management service system. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
As can be seen from the above mail sending process, the whole mail sending process always consumes three keys. (1) Is used for identity authentication; (2) used for obtaining the mail encryption key; (3) the system is used for sending the mail information to the quantum password management service system.
As shown in fig. 8, the receiving decryption process is:
after the user logs in the mailbox by using the mail receiving and sending equipment of the receiving party and finishes identity authentication, clicking the receiving mail, receiving the encrypted mail sent by other people and triggering a key acquisition process. If the receiving party e-mail receiving and sending equipment has passed the identity authentication process of step S1, the receiving party e-mail can be directly clicked to receive the e-mail, if not, the identity authentication is required to be completed according to steps S11-S13, the quantum password management service system sends the encryption of the e-mail to the receiving party e-mail receiving and sending equipment by using the secret key stored in the quantum exchange password machine by the receiving party e-mail receiving and sending equipment, and the receiving party e-mail receiving and sending equipment carries out decryption reading locally.
The method comprises the following specific steps:
s221: the mail receiving and sending equipment of the receiving party receives the encrypted mail from the mailbox system, wherein the encrypted mail comprises an encrypted mail packet, information of a receiving party and a sender and a mail number;
s222: the mail receiving and sending equipment of the receiving party generates a sender verification code alpha according to the sender information and the mail number;
s223: the mail receiving and sending equipment of the receiver selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224: the quantum password management service system searches a mail encryption password M, a sender verification code alpha' and a mail message abstract gamma through the mail number;
s225: the quantum password management service system generates a receiver verification code beta by using the receiver information and the mail number provided by the receiver mail receiving and sending equipment, and compares whether the verification beta 'is consistent with a receiver verification code beta' stored in the quantum password management service system or not;
s226: the quantum cipher management service system finds a corresponding key D ' with a cipher sequence Z through a quantum security key stored in a quantum exchange cipher machine, encrypts a mail encryption cipher M, a mail message digest gamma ' and a sender verification code alpha ' stored in the quantum cipher management service system by using the key D ', and records the numerical values stored in the quantum cipher management service system as ' corresponding to the mail message digest gamma for the convenience of identification;
s227: the quantum password management service system sends the mail encryption password M and the mail message digest gamma ' which are encrypted by using the secret key D ' and the sender verification code alpha ' to the mail receiving and sending equipment of the receiving party;
s228: the mail receiving and sending device of the receiving party decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma'. Decrypting the encrypted mail content by using the mail encryption password M to obtain a mail body and a mail message digest gamma encrypted together with the mail body;
s229: the receiver compares the mail message digest γ ', the sender verification code α', the mail message digest γ decrypted from the mail packet, and the sender verification code α ″ generated in step S222. If the two are not consistent, the encrypted mail is possible to be tampered or the sender is not trusted. If the mail is consistent with the mail, the mail is credible;
s230: and the receiver obtains the decrypted trusted mail.
The verification mode of the verification code is adopted:
1. the sender and the receiver do not need to send verification codes, and only the sender verification code is generated again according to the sender information and the mail number and compared with the sender verification code stored before, so that the sender is verified, and the sender information is prevented from being forged by others; or regenerating a recipient verification code according to the recipient information and the mail number, comparing the recipient verification code with the previously stored recipient verification code, verifying the recipient, and preventing an unauthorized user from obtaining the mail information; verifying the mail content to prevent the mail content from being tampered; therefore, the sender, the receiver and the mail can be verified, and the mail and the identity forgery can be prevented.
2. Meanwhile, the verification modes of the verification code are encrypted transmission, the transmission process is safe, the risk that the verification code is attacked by a man-in-the-middle is avoided, and the safety of mail receiving and sending is guaranteed.
3. The verification code at the platform side is generated according to the information, so that the risk of man-in-the-middle attack can be prevented.
4. The certificate code is automatically generated by the platform and the receiving and sending party without modifying and adapting the mailbox system, so the verification method has high applicability.
The above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (9)

1. A decryption method of received mails based on quantum secure keys is applied to mail receiving equipment and is characterized in that: the method comprises the following steps:
s1', before receiving a mail, mail receiving equipment carries out identity verification through a quantum password management service system, the mail receiving equipment reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally an authentication result is returned;
s2' after the user finishes the login authentication in the step S1 and needs to receive the mail, the receiver uses the key preset in the quantum security chip to apply for obtaining the mail encryption key and decrypting the mail to the quantum password management service system, which specifically comprises the following steps:
s221': the mail receiving equipment receives the encrypted mail from the mailbox system, wherein the encrypted mail comprises an encrypted mail packet, sender receiving information and a mail number;
s222': the mail receiving equipment generates a sender verification code alpha according to the sender information and the mail number;
s223': the mail receiving equipment selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224': the mail receiving equipment receives a mail encryption password M and a mail message digest gamma ' which are encrypted by a quantum password management service system by using a symmetric key D ' of a key D, and a sender verification code alpha ';
s225': the mail receiving device decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma', and decrypts the encrypted mail content by using the mail encryption password M to obtain the mail body and the mail message digest gamma encrypted together with the mail body;
s226': the receiver compares the email message digest γ ', the sender verification code α' with the email message digest γ decrypted from the email packet, and the sender verification code α generated in step S222", if they are not consistent, it indicates that the encrypted email is possibly tampered, or the sender is not trusted, and if they are consistent, it indicates that the email is trusted;
s230': and the receiver obtains the decrypted trusted mail.
2. The method for decrypting the received mail based on the quantum security key of claim 1, wherein: in step S1 ″, after the symmetric entity authentication is the opening of the mailbox program of the mail receiving device, the quantum security chip is automatically invoked to complete the authentication of the symmetric key based on the quantum security key.
3. The method for decrypting the received mail based on the quantum security key of claim 1, wherein: step S1' the specific process of symmetric entity identity authentication is as follows:
s11', a user opens a mailbox application on the mail receiving equipment, inputs an account number and a password to carry out login authorization of the mailbox application, and logs in a mailbox;
and S12 ', the mail receiving equipment performs entity authentication based on a symmetric key through a built-in quantum security chip and a quantum password management service system, and the user enters the step S2' after login authentication.
4. A method for decrypting a received email based on a quantum secure key as claimed in claim 3, wherein: the step S12 ″ specifically includes:
step S121', after the user finishes logging in, the mail receiving equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving device;
step S123', the mail receiving equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124 ″, the mail receiving device receives the scheme that is sent by the quantum cryptography management service system and encrypted by the key corresponding to the quantum key sequence Z-1: the time stamp and the equipment physical address are used for verifying that the quantum password management service system is the person;
step S125', the mail receiving equipment adopts a good scheme, and uses the key encryption corresponding to the quantum key sequence Z-1 to send to a quantum password management service system for verifying that the mail receiving equipment is the user and is not an application for resending after others intercept information;
and step S126', after both sides pass verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving equipment.
5. A method for decrypting a received e-mail based on a quantum secure key as claimed in claim 1, characterized in that: in the step S1', a login validity period is set, and entity authentication is not required for multiple logins within the login validity period, and the specific steps are as follows:
s12 ' a ', detecting whether a quantum security chip built in a mail receiving device is in the login validity period of a quantum password management service system, directly entering the step S2 ' in the validity period, and if not, carrying out entity authentication on the mail receiving device based on a symmetric key through the built-in quantum security chip and the quantum password management service system;
and S12, completing the login authentication process of the user, wherein the login validity period of the quantum password management service system after each authentication is preset time.
6. A method of decrypting a received e-mail based on a quantum secure key as claimed in claim 5, characterized in that: in the step S12"a, if the quantum security chip built in the mail receiving device and the mail user are bound one by one, it is detected whether the mail user is in the validity period.
7. A method for decrypting a received e-mail based on a quantum secure key as claimed in claim 1, characterized in that: the safety key in the quantum safety chip is pre-built, the quantum safety chip is filled in advance through a quantum key filling machine when the quantum safety chip sends a card, the used quantum safety chips are all provided with preset quantum passwords, each quantum safety chip is provided with a serial number, each quantum key is provided with a serial number, the serial number of the quantum safety chip and the serial number of the quantum key are provided, and the corresponding key can be found in the quantum exchange password machine.
8. A method for decrypting a received e-mail based on a quantum secure key as claimed in claim 1, characterized in that: the mail receiving apparatus includes: cell-phone, fixed equipment.
9. The method for decrypting the received mail based on the quantum security key of claim 1, wherein: mailbox users are pre-bound with the quantum security chips, and one mailbox user is bound with one quantum security chip.
CN202110706118.6A 2021-06-24 2021-06-24 Decryption method of received mail based on quantum security key Active CN113438074B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110706118.6A CN113438074B (en) 2021-06-24 2021-06-24 Decryption method of received mail based on quantum security key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110706118.6A CN113438074B (en) 2021-06-24 2021-06-24 Decryption method of received mail based on quantum security key

Publications (2)

Publication Number Publication Date
CN113438074A CN113438074A (en) 2021-09-24
CN113438074B true CN113438074B (en) 2022-11-11

Family

ID=77754142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110706118.6A Active CN113438074B (en) 2021-06-24 2021-06-24 Decryption method of received mail based on quantum security key

Country Status (1)

Country Link
CN (1) CN113438074B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095167A (en) * 2021-11-24 2022-02-25 安徽国盾量子云数据技术有限公司 Quantum key filling method of communication terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1503562A2 (en) * 2003-07-30 2005-02-02 Deutsche Telekom AG Method for encrypting, decrypting or signing of emails using an email server
CN102118381A (en) * 2010-09-20 2011-07-06 中科方德软件有限公司 Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method
CN102387162A (en) * 2011-12-14 2012-03-21 广州杰赛科技股份有限公司 Mail server access method and system based on digital certificate
CN105471584A (en) * 2015-12-04 2016-04-06 长春大学 Identity authentication method based on quantum key encryption
CN107809314A (en) * 2017-12-01 2018-03-16 浙江九州量子信息技术股份有限公司 One kind is based on quantum shared key data ciphering method
CN109951381A (en) * 2019-04-24 2019-06-28 长春大学 A kind of mail security transmission method based on the public cloud service platform of quantum key
CN110493010A (en) * 2019-09-24 2019-11-22 南京邮电大学 Mailing system and receiving/transmission method based on Quantum Digital Signature Research
CN111490871A (en) * 2020-03-13 2020-08-04 南京南瑞国盾量子技术有限公司 SM9 key authentication method and system based on quantum key cloud and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468478A (en) * 2013-09-17 2015-03-25 上海俊悦光纤网络科技有限公司 Mail encryption method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1503562A2 (en) * 2003-07-30 2005-02-02 Deutsche Telekom AG Method for encrypting, decrypting or signing of emails using an email server
CN102118381A (en) * 2010-09-20 2011-07-06 中科方德软件有限公司 Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method
CN102387162A (en) * 2011-12-14 2012-03-21 广州杰赛科技股份有限公司 Mail server access method and system based on digital certificate
CN105471584A (en) * 2015-12-04 2016-04-06 长春大学 Identity authentication method based on quantum key encryption
CN107809314A (en) * 2017-12-01 2018-03-16 浙江九州量子信息技术股份有限公司 One kind is based on quantum shared key data ciphering method
CN109951381A (en) * 2019-04-24 2019-06-28 长春大学 A kind of mail security transmission method based on the public cloud service platform of quantum key
CN110493010A (en) * 2019-09-24 2019-11-22 南京邮电大学 Mailing system and receiving/transmission method based on Quantum Digital Signature Research
CN111490871A (en) * 2020-03-13 2020-08-04 南京南瑞国盾量子技术有限公司 SM9 key authentication method and system based on quantum key cloud and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SM9及其PKI在电子政务邮件系统中的应用;闻庆峰等;《计算机应用与软件》;20170415(第04期);全文 *

Also Published As

Publication number Publication date
CN113438074A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
CN109962784B (en) Data encryption, decryption and recovery method based on multiple digital envelope certificates
CN113346995B (en) Method and system for preventing falsification in mail transmission process based on quantum security key
CN113285803B (en) Mail transmission system and transmission method based on quantum security key
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN113452687B (en) Method and system for encrypting sent mail based on quantum security key
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
CN105553654B (en) Key information processing method and device, key information management system
CN113630407B (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN101631305B (en) Encryption method and system
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
JP2010522488A (en) Secure electronic messaging system requiring key retrieval to distribute decryption key
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN108809633B (en) Identity authentication method, device and system
CN113806772A (en) Information encryption transmission method and device based on block chain
US7660987B2 (en) Method of establishing a secure e-mail transmission link
CN113079022B (en) Secure transmission method and system based on SM2 key negotiation mechanism
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN113204760B (en) Method and system for establishing secure channel for software cryptographic module
CN112020038A (en) Domestic encryption terminal suitable for rail transit mobile application
EP1079565A2 (en) Method of securely establishing a secure communication link via an unsecured communication network
CN111917543A (en) User access cloud platform security access authentication system and application method thereof
CN113438074B (en) Decryption method of received mail based on quantum security key
CN116743470A (en) Service data encryption processing method and device
CN114928503A (en) Method for realizing secure channel and data transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant