CN114268435B - Cloud password service communication method and device, electronic equipment and storage medium - Google Patents
Cloud password service communication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114268435B CN114268435B CN202210200559.3A CN202210200559A CN114268435B CN 114268435 B CN114268435 B CN 114268435B CN 202210200559 A CN202210200559 A CN 202210200559A CN 114268435 B CN114268435 B CN 114268435B
- Authority
- CN
- China
- Prior art keywords
- service
- cloud
- session
- cloud password
- quantum key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The application discloses a cloud password service communication method and device, electronic equipment and a computer readable storage medium. According to the cloud password service pairing method and device, the cloud password service proxy is paired with the cloud password service, and the security of remote communication is achieved through the quantum key, so that security gains can be brought to the cloud password service.
Description
Technical Field
The application relates to the technical field of communication, in particular to a cloud password service communication method and device, electronic equipment and a computer readable storage medium.
Background
With the continuous development of cloud computing, more and more applications can swiftly deploy systems and dynamically provide services through cloud computing resources. Meanwhile, the password industry also conforms to the requirements of the times and continuously carries out deep and upgrading. The servitization and clouding of cryptographic capabilities has gradually become an important direction and practice for cryptographic supply-side innovation.
Therefore, how to effectively combine the cloud service and the password service becomes an important research topic for relevant researchers and developers.
Disclosure of Invention
An object of the present application is to provide a cloud cryptographic service communication method, apparatus, electronic device, and computer-readable storage medium, which pair a cloud cryptographic service with a cloud cryptographic service through a cloud cryptographic service proxy, and implement security of remote communication using a quantum key, thereby being capable of bringing security gains to the cloud cryptographic service. In addition, for the cloud native key service, through the improvement of security, the utilization rate of password resources can be further improved, and the construction cost is reduced, so that the cloud concept is more met.
According to a first aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication method, used for a terminal device, the method including: sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent; and receiving a cloud password service result.
Optionally, before sending the cloud password service request to the preset service agent, the method further includes: sending a cloud password service registration request to the cloud password service platform; and receiving a cloud password service registration result from the cloud password service platform, wherein the cloud password service registration result comprises a service access certificate when the cloud password service platform judges that the cloud password service registration request meets a preset condition.
Optionally, after receiving a cloud cryptographic service registration result from the cloud cryptographic service platform, the method further includes: deploying a service agent; and configuring the service access credential to the service agent.
Optionally, after configuring the service access credential to the service agent, the method further includes: invoking the service agent, wherein the service agent is further used for performing request authentication to the quantum key distribution network based on the configured service access credential to allow access to the quantum key distribution network and the cloud cryptographic service platform.
Optionally, after the invoking the service agent, the method further includes: providing a function ID corresponding to a function used in a calling session of a service application, wherein the function ID is used for identifying the corresponding function; acquiring a quantum key related to the function ID from a quantum key distribution network; and determining the mapping relation between the function ID and the quantum key based on the function ID and the obtained quantum key.
Optionally, the mapping relationship includes one of the following relationships: all function IDs correspond to the same quantum key, each function ID corresponds to a quantum key, and each function ID corresponds to a quantum key at each invocation.
Optionally, the call session includes at least one communication interaction, and each communication interaction includes at least one function.
According to a second aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication method for a service broker, the method including: receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application; based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result; receiving a cloud password service result fed back by the cloud password service platform; and based on the cloud password service result, decrypting by using a quantum key so as to send the decrypted cloud password service result to the terminal equipment.
Optionally, the encrypting the calling session based on the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to the cloud cryptographic service platform includes: generating serialized data based on the call session; obtaining a quantum key related to a call session; encrypting the serialized data based on the quantum key; and sending the encrypted serialized data to a cloud password service platform.
Optionally, the serialized data includes header information, version information, plaintext data, and an end symbol; the quantum key comprises a key ID and key data; the encrypted serialized data includes header information, version information, key ID, ciphertext data, and an end character.
According to a third aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication method, used for a cloud cryptographic service platform, the method including: receiving an encrypted call session sent by a service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application; executing a corresponding service based on the received encrypted call session to generate a cloud password service result; and feeding back a cloud password service result to the service agent.
Optionally, the executing, based on the received encrypted call session, a corresponding service to generate a cloud password service result includes: decrypting the encrypted invocation session using the quantum key based on the received encrypted invocation session; analyzing a corresponding calling session based on the decrypted calling session; and executing corresponding services according to the calling session to obtain a cloud password service result.
According to a fourth aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication apparatus, the apparatus including: the cloud password service request comprises a first sending unit, a second sending unit and a service agent, wherein the first sending unit is used for sending the cloud password service request to a preset service agent, and the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent; the first receiving unit is used for receiving the cloud password service result.
According to a fifth aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication apparatus, the apparatus including: the second receiving unit is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application; an encryption unit configured to encrypt the call session based on the call session by using a quantum key associated with the call session; the second sending unit is used for sending the encrypted calling session to a cloud password service platform, wherein the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result; the third receiving unit is used for receiving a cloud password service result fed back by the cloud password service platform; the decryption unit is used for decrypting based on the cloud password service result by using a quantum key; and the third sending unit is used for sending the decrypted cloud password service result to the terminal equipment.
According to a sixth aspect of the present application, an embodiment of the present application provides a cloud cryptographic service communication apparatus, the apparatus including: a fourth receiving unit, configured to receive the encrypted invoking session sent by the service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application; an execution unit, configured to execute a corresponding service based on the received encrypted call session to generate a cloud password service result; and the fourth sending unit is used for feeding back the cloud password service result to the service agent.
According to a seventh aspect of the present application, an embodiment of the present application provides an electronic device comprising a memory and a processor; the memory stores a computer program, and the processor is configured to run the computer program in the memory to execute the cloud cryptographic service communication method according to any embodiment of the present application.
According to an eighth aspect of the present application, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, where the computer program is suitable for being loaded by a processor to execute the cloud cryptographic service communication method according to any embodiment of the present application.
The embodiment of the application provides a cloud password service communication method and device, electronic equipment and a computer readable storage medium. The method comprises the steps of sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent; and receiving a cloud password service result. According to the cloud password service pairing method and device, the cloud password service agent is paired with the cloud password service, and the quantum key is used for achieving the safety of remote communication, so that the safety gain can be brought to the cloud password service. In addition, for the cloud native key service, through the improvement of security, the utilization rate of password resources can be further improved, and the construction cost is reduced, so that the cloud concept is more met.
Drawings
The technical solution and other advantages of the present application will become apparent from the detailed description of the embodiments of the present application with reference to the accompanying drawings.
Fig. 1 is a scene schematic diagram of a cloud cryptographic service communication method provided in an embodiment of the present application.
Fig. 2 is another scene schematic diagram of a cloud cryptographic service communication method provided in an embodiment of the present application.
Fig. 3 is a schematic flow chart of a cloud cryptographic service communication method provided in an embodiment of the present application.
Fig. 4 is another schematic flow chart of a cloud cryptographic service communication method according to an embodiment of the present application.
Fig. 5 is a flowchart illustrating the sub-steps of step S220 shown in fig. 4.
FIG. 6 is a schematic diagram of the present application forming encrypted serialized data.
Fig. 7 is a schematic flowchart of another cloud cryptographic service communication method according to an embodiment of the present application.
Fig. 8 is a flowchart illustrating the sub-steps of step S320 shown in fig. 7.
Fig. 9 is a signaling flowchart of a cloud cryptographic service communication method provided in an embodiment of the present application.
Fig. 10 is a flowchart illustrating a cloud cryptographic service communication method according to an embodiment of the present application.
Fig. 11 to 13 are respectively block diagrams of structures of a cloud cryptographic service communication device according to an embodiment of the present application.
Fig. 14 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a cloud password service communication method and related equipment. The cloud password service communication device may be specifically integrated in an electronic device, and the electronic device may be a terminal device or a server device.
It can be understood that the cloud password service communication method of the embodiment may be executed on the terminal device, may also be executed on the server device, and may also be executed by the terminal device and the server device together. The above examples should not be construed as limiting the present application. It should be noted that the platform (e.g., cloud cryptographic service platform) described below may be a server cluster or a distributed system formed by a plurality of physical servers.
For example, a method in which a terminal device and a server device execute cloud password service communication together is taken as an example. The cloud password service communication method provided by the embodiment of the application comprises the terminal equipment and the server equipment. The terminal device and the server device may be connected through a network, such as a wired network connection or a wireless network connection, wherein the cloud password service communication apparatus may be integrated in the terminal device or the server device.
Wherein the terminal device may be configured to: sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent; and receiving a cloud password service result. The terminal device may include a tablet Computer, a notebook Computer, a Personal Computer (PC), or the like. The terminal device can also be provided with a client, and the client can be an application program client or a browser client and the like.
Wherein the server device may be configured to: and sending a corresponding cloud password service result to the terminal equipment. The server device may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like. In the cloud cryptographic service communication method or device disclosed by the application, a plurality of servers can be combined into a block chain, and the servers are nodes on the block chain.
The Cloud cryptographic service communication method or apparatus disclosed herein supports Cloud technology (Cloud technology).
The Cloud technology (Cloud technology) is a hosting technology for unifying series resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data. The cloud technology is a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied based on a cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
The cloud cryptographic service communication method provided by the embodiment of the application can be applied to the scenarios shown in fig. 1 and fig. 2, such as the independent cloud cryptographic service scenario shown in fig. 1 and the cloud native cryptographic service scenario shown in fig. 2. In the independent cloud password service, a password manufacturer usually constructs various password infrastructures by itself to provide services to the outside. According to the business scope, the service provided by the password manufacturer can be oriented to the Internet and the public. The cloud native password service mainly refers to the fact that a cloud computing manufacturer further provides basic password resource services on the cloud on the basis of providing cloud computing resources, and elastic and tightly-coupled password services are provided for cloud applications on demand by pooling a large number of password devices.
The business application (i.e., the cloud cryptographic service user) shown in fig. 1 and fig. 2 may be run on the terminal device, and the cloud cryptographic service (i.e., the cloud cryptographic service platform) may be run on the server device. Moreover, the terminal device is connected with a client (QKD-C) of a Quantum Key Distribution (QKD) network, the server device is connected with a server (QKD-S) of the QKD network, and the Quantum Key of the client and the Quantum Key of the server can be always kept consistent by the QKD network. Furthermore, the cloud cryptographic service agent (hereinafter, simply referred to as a service agent) described herein may also be run in the terminal device. Further, the service agent may be deployed in the same terminal device as the service application, but is not limited thereto.
As shown in fig. 3 and fig. 9, an embodiment of the present application provides a cloud password service communication method, which is used for a terminal device. The method comprises the following steps: step S110, sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent; and step S120, receiving a cloud password service result.
Further, in this embodiment of the application, before performing step S110 "sending a cloud password service request to a preset service agent", the method may further include: step S101, a cloud password service registration request is sent to the cloud password service platform; step S102, receiving a cloud password service registration result from the cloud password service platform, wherein when the cloud password service platform judges that the cloud password service registration request meets a preset condition, the cloud password service registration result contains a service access certificate.
Further, in this embodiment of the application, after performing step S102 "receiving a cloud cryptographic service registration result from the cloud cryptographic service platform", the method may further include: step S103, deploying a service agent; step S104, configuring the service access credential to the service agent.
Further, in this embodiment of the application, after performing step S104 "configuring the service access credential to the service agent", the method may further include: step S105, the service agent is called, wherein the service agent is further used for performing request authentication to the quantum key distribution network based on the configured service access credential so as to allow access to the quantum key distribution network and the cloud password service platform.
Further, in this embodiment of the application, after performing step S105 "call the service agent", the method may further include: step S106, providing a function ID corresponding to a function used in a calling session of a service application, wherein the function ID is used for identifying the corresponding function; step S107, obtaining a quantum key related to the function ID from a quantum key distribution network; and step S108, determining the mapping relation between the function ID and the quantum key based on the function ID and the obtained quantum key.
Each step of the cloud password service communication method of the present application will be described in detail below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.
As shown in fig. 3 and 9, a specific flow of the cloud cryptographic service communication method is as follows:
step S101, a cloud password service registration request is sent to the cloud password service platform.
Step S102, receiving a cloud password service registration result from the cloud password service platform, wherein when the cloud password service platform judges that the cloud password service registration request meets a preset condition, the cloud password service registration result contains a service access certificate.
Through implementation of steps S101 and S102, a cloud password service user may obtain a service access credential of the cloud password service on the terminal device.
The cloud password service manufacturer can audit the registration request of the cloud password service user on the cloud password service platform. If the registration request of the cloud password service user meets the preset condition, the cloud password service manufacturer can add the service access certificate into the cloud password service registration result to be returned through the cloud password service platform so as to provide the cloud password service user. And if the registration request of the cloud password service user does not accord with the preset condition, the service access certificate is not added into the cloud password service registration result to be returned. Therefore, the cloud password service user can use the specific cloud password service, the required security level is provided for the cloud password service user, and the service quality of the cloud password service is guaranteed. Of course, in other embodiments, when the terminal device has the service access credential in advance, the above steps S101 and S102 may not be performed.
Step S103, deploying the service agent.
Step S104, configuring the service access credential to the service agent.
By executing step S103 and step S104, a corresponding operating environment can be configured on the terminal device executing the service application (or referred to as application service software, the same applies hereinafter), and the service agent is integrated in the environment. After the service agent is configured, the service access certificate is configured to the service agent.
Step S105, when the service agent receives the calling request, the service agent sends a request authentication to the QKD network according to the configured service access certificate. When the QKD network detects the service access certificate and passes the verification, the service agent is allowed to access the QKD network and a cloud password service platform connected with the QKD network. Of course, in some other embodiments, when the service agent has the right to access the QKD network and the cloud cryptographic service platform in advance, the step S105 may not be performed.
Step S106, providing the function ID corresponding to the function used in the calling session of the service application.
In step S107, a quantum key associated with the function ID is acquired from the quantum key distribution network.
And step S108, determining the mapping relation between the function ID and the quantum key based on the function ID and the obtained quantum key.
Since there may be multiple functions in the call session, each function call is a remote call, and the remote call needs to be cryptographically protected by a quantum key, in order to cryptographically protect each function call, the quantum key may be associated by using a function ID for identifying the function. When the function is called, a quantum key related to the function ID can be obtained from the QKD network according to the function ID corresponding to the function and through negotiation of the service agent and the cloud password service platform, and the quantum key is used for carrying out encryption protection on calling of the function, so that the security of a subsequent calling session in network transmission is improved.
By performing steps S106 to S108, the mapping relationship between the function ID and the quantum key may be determined, so that the subsequent function can use the corresponding quantum key when being called.
It should be noted that the mapping relationship includes one of the following relationships: all function IDs correspond to the same quantum key, each function ID corresponds to a quantum key, and each function ID corresponds to a quantum key at each invocation. Specifically, if the security level required by the service application is relatively low, the mapping relationship between all the function IDs and the same quantum key may be used. If the security level required by the service application is relatively high, a mapping relation between each function ID and one quantum key can be used, that is, each function ID corresponds to the same quantum key during each calling. If the security level required by the business application is extremely high, a mapping relationship corresponding to one quantum key for each call of each function ID can be used, and the quantum keys are different for each call. In other words, if the security level required by the service application is extremely high, a quantum key can be obtained from the QKD network in real time during each function call, so that the update frequency of the quantum key and the call frequency of the function are kept synchronous. In this case, by performing encryption protection using the updated quantum key, the security of encryption can be further improved.
Step S110, sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent.
And step S120, receiving a cloud password service result.
Specifically, in step S110, when the terminal device runs a specific service application, the terminal device needs to obtain a corresponding service based on the cloud computing resource. In order to improve the security of cloud computing and corresponding services, a cloud password service request is sent to a preset service agent in the process. The cloud password service request comprises a calling session of the business application. It is noted that the call session described herein may be a collection of multiple communication interactions. That is, the invoking session includes at least one communication interaction. Each communication interaction may include at least one function. In this way, the call session may be formed in units of communication interactions, or may be formed in units of functions.
The service agent is used for encrypting the calling session based on the calling session by using a quantum key related to the calling session; and after the encryption is completed, sending the encrypted calling session to the cloud password service platform. As described above, the invoking session may include at least one communication interaction. Each communication interaction may include at least one function. Thus, in some embodiments of the present application, encryption of the call session may refer to encryption of the communication interaction, and in other embodiments, encryption of the call session may also refer to encryption of the function. The specific object to be encrypted is determined based on a preset security level. In this embodiment, encryption of the call session is accomplished by an encryption function.
The cloud password service platform is used for decrypting the encrypted calling session and executing corresponding cloud password service; and after the cloud password service is executed, generating a corresponding cloud password service result, and feeding back the cloud password service result to the service agent.
In step S120, the terminal device receives the cloud password service result fed back from the cloud password service platform and forwarded via the service agent. The terminal equipment can complete corresponding business application based on the cloud password service result, and can also perform subsequent business application based on the cloud password service result.
As shown in fig. 4 and fig. 9, an embodiment of the present application provides a cloud cryptographic service communication method for a service broker, where the method includes: step S210, receiving a cloud password service request sent by a terminal device, wherein the cloud password service request comprises a calling session of a business application; step S220, based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to a cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result; step S230, receiving a cloud password service result fed back by the cloud password service platform; and step S240, based on the cloud password service result, decrypting by using the quantum key so as to send the decrypted cloud password service result to the terminal equipment.
In this embodiment, the service agent may run in the same terminal device where the service application is located, but is not limited to this, and may also run in other terminal devices.
As shown in fig. 4 and 9, the specific flow of the cloud cryptographic service communication method is as follows:
step S210, receiving a cloud password service request sent by a terminal device, where the cloud password service request includes a call session of a service application.
In step S210, the service agent may receive a cloud password service request sent by the terminal device, where the cloud password service request includes a call session of the business application. The call session may include at least one communication interaction, each of which includes at least one function.
Step S220, based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to a cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result.
In this embodiment, as shown in fig. 5, step S220 may further include: step S221, generating serialized data based on the calling session; step S222, obtaining a quantum key related to the calling session; step S223, encrypting the serialized data based on the quantum key; step S224, the encrypted serialized data is sent to a cloud password service platform.
Specifically, as shown in fig. 6, the serialized data includes header information, version information, plaintext data, and an end character. The header herein may be referred to as a magic number, which has a certain number of bytes, used to identify the beginning of the message. The quantum key includes a key ID and key data. And the quantum key is a key in a mapping relation with the calling session. In this embodiment, the first N bytes (e.g., 16 bytes, but not limited thereto) of the quantum key are used as the key ID, and the remaining bytes of the quantum key are used as the key data for encryption. The encrypted serialized data includes header information, version information, key ID, ciphertext data, and an end character. The ciphertext data is data obtained by encrypting plaintext data through key data.
In addition, it should be noted that, since remote invocation is required when the invocation session is executed, and network transmission is required during the remote invocation, the invocation session is converted into serialized data (i.e. binary data) so as to facilitate network transmission when the invocation session is executed. Further, the serialization operation is executed at the sending end (such as a service agent) and the deserialization operation is executed at the receiving end (such as a cloud password service platform). Of course, in some other embodiments, the following may be the case: the transmitting end (such as a cloud password service platform) executes serialization operation, and the receiving end (such as a service agent) executes deserialization operation.
Step S230, receiving a cloud password service result fed back by the cloud password service platform.
And the service agent receives the cloud password service result fed back by the cloud password service platform. The cloud cryptographic service result is encrypted and serialized data.
And step S240, based on the cloud password service result, decrypting by using the quantum key so as to send the decrypted cloud password service result to the terminal equipment.
The service agent may decrypt the encrypted cloud cryptographic service result by using the quantum key. Further, after decryption, deserialization operation is performed on the serialized (and decrypted) data to obtain a cloud password service result, and the cloud password service result is provided to the terminal device.
As shown in fig. 7 and fig. 9, an embodiment of the present application provides a cloud cryptographic service communication method, which is used for a cloud cryptographic service platform, and the method includes: step S310, receiving the encrypted calling session sent by the service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application; step S320, executing a corresponding service based on the received encrypted call session to generate a cloud password service result; step S330, a cloud password service result is fed back to the service agent.
In this embodiment, the cloud cryptographic service platform may be a server cluster or a distributed system formed by a plurality of physical servers.
As shown in fig. 7 and 9, a specific flow of the cloud cryptographic service communication method is as follows:
step S310, receiving the encrypted calling session sent by the service agent; the service agent is used for receiving a cloud password service request sent by a terminal device, wherein the cloud password service request comprises a calling session of a business application.
In step S320, based on the received encrypted call session, a corresponding service is executed to generate a cloud password service result.
Step S330, a cloud password service result is fed back to the service agent.
In this embodiment, as shown in fig. 8, step S320 may further include: step S321 of decrypting the encrypted call session using the quantum key based on the received encrypted call session; step S322, analyzing out the corresponding calling session based on the decrypted calling session; step S323, according to the call session, executing a corresponding service to obtain a cloud password service result.
Specifically, the cloud cryptographic service platform utilizes the characteristics of the QKD network (the quantum keys of the client and the server of the QKD network are synchronized) after receiving the encrypted call session sent by the service agent, and then the cloud cryptographic service platform uses the same quantum key as the encrypted call session to decrypt the encrypted call session. After decryption, the deserialization operation is performed and the corresponding call session is parsed out. Then, the corresponding service is executed based on the calling session, and a corresponding cloud password service result is obtained. Further, after the cloud cryptographic service platform generates the cloud cryptographic service result, the cloud cryptographic service platform may perform a serialization operation on the cloud cryptographic service result, and encrypt the serialized cloud cryptographic service result using the quantum key. It is to be understood that the quantum key used for encryption herein may use the same quantum key as used for previous decryption, or may use a different quantum key than used for previous decryption. And after encrypting the cloud password service result, the cloud password service platform feeds the cloud password service result back to the service agent. The service agent can decrypt the encrypted cloud password service result by utilizing the characteristics of the QKD network, execute deserialization operation and return the deserialized cloud password service result to the service application positioned in the terminal equipment.
According to the cloud password service pairing method and device, the cloud password service agent is paired with the cloud password service, and the quantum key is used for achieving the safety of remote communication, so that the safety gain can be brought to the cloud password service. In addition, the updating frequency of the quantum key can be correspondingly adjusted according to the security level required by the service application, so that the security of the service application can be guaranteed, and the utilization rate of the password resource can be effectively improved.
With reference to fig. 1, a specific flow of a cloud cryptographic service communication method is described in detail by taking an independent cloud cryptographic service scenario as an example.
As shown in fig. 1, there is a cloud cryptographic service user and a cloud cryptographic service platform. The cloud password service user uses the relevant business application on the terminal equipment. Cloud password service vendors provide relevant password services on a cloud password service platform (i.e., server devices). Both parties can access the QKD network, and the QKD devices of both parties need to pass mutual authentication to allow distribution of the corresponding quantum keys through quantum key technology.
As shown in fig. 10 in conjunction with fig. 9, in step S501, the terminal device sends a cloud cryptographic service registration request to the cloud cryptographic service platform.
When a cloud password service user (namely a business application user) needs to use the cloud password service, an account is registered on a cloud password service manufacturer developer platform, and a corresponding password service is selected.
Step S502, the terminal device receives a cloud password service registration result from the cloud password service platform, wherein when the cloud password service platform judges that the cloud password service registration request meets a preset condition, the cloud password service registration result contains a service access certificate.
And after the cloud password service manufacturer receives the cloud password service registration request, the cloud password service manufacturer audits the cloud password service registration request, returns a cloud password service registration result after the cloud password service registration request is approved, and the cloud password service registration result contains the service access certificate. Accordingly, the cloud cryptographic service user can obtain the corresponding cloud cryptographic service agent and the service access credential.
Step S503, deploying the service agent through the terminal device.
Step S504, configure the service access credential to the service agent.
The cloud password service user installs application business software on the terminal equipment, integrates a service agent on an environment corresponding to the application business software, and configures the service access certificate to the service agent.
Step S505, when receiving the call request through the service agent, sends a request authentication to the QKD network according to the configured service access credential. When the QKD network detects the service access certificate and passes the verification, the service agent is allowed to access the QKD network and a cloud password service platform connected with the QKD network.
And when the service agent is initialized every time, the service agent completes the request authentication by sending a calling request and the cloud password service platform. Meanwhile, the two parties are synchronously connected to the QKD equipment (namely the client and the server of the QKD network) through the service access certificate so as to realize authentication intercommunication between the QKD equipment.
Step S506, the terminal device provides a function ID corresponding to a function used in the call session of the service application.
In step S507, a quantum key related to the function ID is acquired from the quantum key distribution network.
Step S508, determining a mapping relationship between the function ID and the quantum key based on the function ID and the obtained quantum key.
The service agent can obtain the quantum key same as that of the cloud password service platform through the QKD equipment, and determine the mapping relation between the function ID corresponding to the password service function and the quantum key.
Step S510, the terminal equipment sends a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent.
When the business application needs to call the password service, a cloud password service request is sent to the service agent. After receiving a cloud password service request comprising a call session, a service agent carries out serialization operation on the call session to generate serialized data, and then carries out data encryption by using a quantum key related to the call session so as to ensure that related data has safety in the network transmission process. After receiving the encrypted call session, the cloud password service platform decrypts and executes deserialization operation, executes corresponding cloud password service based on the parameters (or functions) of the call session, and generates corresponding cloud password service results. And then, the cloud password service platform serializes the cloud password service result, encrypts the cloud password service result by using the quantum key, and sends the encrypted serialized cloud password service result to the service agent. After receiving the encrypted serialized cloud password service result, the service agent decrypts the encrypted cloud password service result and executes deserialization operation to obtain the cloud password service result.
Step S520, the terminal device receives the cloud password service result.
And the service agent returns the cloud password service result to the service application party. Namely, the terminal device can receive the cloud password service result.
Through the implementation of the steps, the problem that in the prior art, under an independent cloud password service scene, as a password user and a password service provider are not in a security domain, the user needs to cross the Internet for remote calling, and the access security and the communication security are not easy to guarantee can be effectively solved.
As shown in fig. 2, taking a cloud-native password service scenario as an example, a specific process of the entire cloud password service communication method is similar to a specific process of the cloud password service communication method in an independent cloud password service scenario, and therefore, no further description is provided herein. The specific processes of the cloud password service communication method under the two different scenes are mainly different in that the specific processes under the cloud native password service scene occur among different cloud computing centers (IDC machine rooms) provided by cloud password service manufacturers, and integrated or redundant password resources are uniformly accessed and used by application service software distributed in the different cloud service centers, so that the safe sharing of the password resources is realized. Therefore, the problems in the prior art as follows can be effectively solved: in the cloud native password service scene, cloud computing is constructed in a distributed mode, the actual IDC machine room is constructed according to regions, and password services provided by existing cloud password service manufacturers cannot be communicated when facing the cross-region situation.
Therefore, the cloud cryptographic service agent is paired with the cloud cryptographic service, and the security of remote communication is realized by using the quantum key, so that the security gain can be brought to the cloud cryptographic service. In addition, for the cloud native key service, through the improvement of security, the utilization rate of password resources can be further improved, and the construction cost is reduced, so that the cloud concept is more met.
To better implement the above method, an embodiment of the present application provides a cloud cryptographic service communication apparatus 1000, as shown in fig. 11, the apparatus 1000 including: a first transmitting unit 1100 and a first receiving unit 1200.
In this embodiment, the first transmitting unit 1100 and the first receiving unit 1200 may be provided in a terminal device. Of course, these units (or modules) may also not be limited to being integrated in the terminal device.
The first sending unit 1100 is configured to send a cloud password service request to a preset service agent, where the cloud password service request includes a call session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent.
Specifically, when a terminal device runs a specific business application, the terminal device needs to be based on cloud computing resources to obtain a corresponding service. In order to improve the security of the cloud computing and the corresponding service, in the process, the cloud password service request is sent to the preset service agent through the first sending unit 1100. The cloud password service request comprises a calling session of the business application. It is noted that the call session described herein may be a collection of multiple communication interactions. That is, the invoking session includes at least one communication interaction. Each communication interaction may include at least one function. In this way, the call session may be formed in units of communication interactions, or may be formed in units of functions.
The service agent is used for encrypting the calling session based on the calling session by using a quantum key related to the calling session; and after the encryption is completed, sending the encrypted calling session to the cloud password service platform. As described above, the invoking session may include at least one communication interaction. Each communication interaction may include at least one function. Thus, in some embodiments of the present application, encryption of the call session may refer to encryption of the communication interaction, and in other embodiments, encryption of the call session may also refer to encryption of the function. What kind of object is to be encrypted is determined based on a preset security level. In this embodiment, encryption of the call session is accomplished by an encryption function.
The cloud password service platform is used for decrypting the encrypted calling session and executing corresponding cloud password service; and after the cloud password service is executed, generating a corresponding cloud password service result, and feeding back the cloud password service result to the service agent.
The first receiving unit 1200 is configured to receive a cloud password service result.
Specifically, the cloud cryptographic service result fed back from the cloud cryptographic service platform and forwarded via the service agent is received by the first receiving unit 1200. The terminal equipment can complete corresponding business application based on the cloud password service result, and can also perform subsequent business application based on the cloud password service result.
Another embodiment of the present application further provides a cloud cryptographic service communication apparatus 2000, as shown in fig. 12, where the apparatus 2000 includes: second receiving section 2100, encryption section 2200, second transmitting section 2300, third receiving section 2400, decryption section 2500, and third transmitting section 2600.
In this embodiment, the second receiving unit 2100, the encrypting unit 2200, the second sending unit 2300, the third receiving unit 2400, the decrypting unit 2500, and the third sending unit 2600 may be provided in the same terminal device where the service agent is located. Of course, these units (or modules) may not be limited to being provided in the terminal device.
A second receiving unit 2100, configured to receive a cloud password service request sent by a terminal device, where the cloud password service request includes a call session of a business application. Specifically, through the second receiving unit 2100, the service agent may be caused to receive a cloud password service request sent by a terminal device, where the cloud password service request includes a call session of a business application, and the call session may include at least one communication interaction, where each communication interaction includes at least one function.
An encrypting unit 2200 is configured to encrypt the call session based on the call session by using a quantum key associated with the call session.
The second sending unit 2300 is configured to send the encrypted call session to a cloud cryptographic service platform, where the cloud cryptographic service platform is configured to decrypt the encrypted call session and execute a corresponding cloud cryptographic service, and feed back a corresponding cloud cryptographic service result.
A third receiving unit 2400, configured to receive a cloud cryptographic service result fed back by the cloud cryptographic service platform.
And a decryption unit 2500, configured to perform decryption using a quantum key based on the cloud cryptographic service result. Specifically, the encrypted cloud cryptographic service result is decrypted by the decryption unit 2500 using a quantum key corresponding to that provided by the QKD network.
A third sending unit 2600, configured to send the decrypted cloud password service result to the terminal device.
Another embodiment of the present application further provides a cloud cryptographic service communication apparatus 3000, as shown in fig. 13, where the apparatus 3000 includes: a fourth receiving unit 3100, an execution unit 3200, and a fourth transmitting unit 3300.
In this embodiment, the fourth receiving unit 3100, the executing unit 3200, and the fourth transmitting unit 3300 may be disposed in the server device, but are not limited thereto.
A fourth receiving unit 3100, configured to receive the encrypted invoking session sent by the service agent. The service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application.
The execution unit 3200 is configured to execute a corresponding service based on the received encrypted call session to generate a cloud cryptographic service result. Specifically, after receiving the encrypted call session sent by the service agent through the fourth receiving unit 3100, the encrypted call session may be decrypted by a quantum key provided by the QKD network, and the decrypted call session is subjected to a corresponding service through the executing unit 3200, and a cloud cryptographic service result is generated.
A fourth sending unit 3300, configured to feed back a cloud cryptographic service result to the service broker.
The cloud password service communication device can realize pairing of the cloud password service agent and the cloud password service through the matching use of the modules or the units, and realizes the safety of remote communication through the quantum key, so that the safety gain can be brought to the cloud password service.
Furthermore, in an embodiment of the present application, an electronic device 5000 is also provided. The cloud password service communication apparatus as shown in fig. 11 to 13 may be integrated into the electronic device 5000. When the electronic device 5000 is a terminal device, a cloud password service communication apparatus as shown in fig. 11 and 12 may be integrated in the terminal device. When the electronic device 5000 is a server device, a cloud password service communication apparatus as shown in fig. 13 may be integrated in the server device. The specific functions of the electronic device 5000 can refer to the description of the cloud cryptographic service communication apparatus, and are not described herein again.
Further, the electronic device 5000 may include at least one processor 5100 and at least one memory 5200. Those skilled in the art will appreciate that the electronic device 5000 shown in fig. 14 does not constitute a limitation of the electronic device 5000, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components. Wherein:
the processor 5100 is a control center of the electronic device 5000, and performs various functions of the electronic device 5000 and processes data by running or executing software programs and/or modules stored in the memory 5200 and calling data stored in the memory 5200, thereby monitoring the electronic device 5000 as a whole. Optionally, processor 5100 may include one or more processing cores. Alternatively, the processor 5100 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It is to be appreciated that the modem processor described above may not be integrated into the processor 5100.
The memory 5200 may be used to store software programs and modules, and the processor 5100 executes various functional applications and data processing by executing the software programs and modules stored in the memory 5200 to implement various functions, such as:
sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent;
and receiving a cloud password service result.
For another example:
receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result;
receiving a cloud password service result fed back by the cloud password service platform;
and based on the cloud password service result, decrypting by using a quantum key so as to send the decrypted cloud password service result to the terminal equipment.
For another example:
receiving an encrypted call session sent by a service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
executing a corresponding service based on the received encrypted call session to generate a cloud password service result;
and feeding back a cloud password service result to the service agent.
It will be understood by those skilled in the art that all or part of the steps of the method of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by the processor 5100.
To this end, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program is suitable for being loaded by a processor to execute the cloud cryptographic service communication method described in any embodiment of the present application. For example, the computer program may perform the steps of:
sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent;
and receiving a cloud password service result.
Alternatively, the computer program may perform the steps of:
receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result;
receiving a cloud password service result fed back by the cloud password service platform;
and based on the cloud password service result, decrypting by using a quantum key so as to send the decrypted cloud password service result to the terminal equipment.
Alternatively, the computer program may perform the steps of:
receiving an encrypted call session sent by a service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
executing a corresponding service based on the received encrypted call session to generate a cloud password service result;
and feeding back a cloud password service result to the service agent.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein. Wherein the computer-readable storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the computer-readable storage medium may execute the steps in the cloud cryptographic service communication method provided in any embodiment of the present application, beneficial effects that can be achieved by the cloud cryptographic service communication method provided in any embodiment of the present application may be achieved, for details, see the foregoing embodiments, and are not described herein again.
The cloud cryptographic service communication method, the cloud cryptographic service communication device, the electronic device and the computer-readable storage medium provided by the embodiments of the present application are described in detail above, and a specific example is applied in the description to explain the principle and the implementation of the present application, and the description of the embodiments is only used to help understanding the technical scheme and the core idea of the present application; those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications or substitutions do not depart from the spirit and scope of the present disclosure as defined by the appended claims.
Claims (16)
1. A cloud password service communication method is used for a terminal device, and is characterized by comprising the following steps:
sending a cloud password service request to a preset service agent, wherein the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent;
receiving a cloud password service result;
the method further comprises the following steps:
providing a function ID corresponding to a function used in a calling session of a service application, wherein the function ID is used for identifying the corresponding function;
acquiring a quantum key related to the function ID from a quantum key distribution network;
determining a mapping relation between the function ID and the quantum key based on the function ID and the obtained quantum key; when the function is called, the corresponding quantum key is obtained according to the function ID corresponding to the function, and the quantum key is used for carrying out encryption protection on the calling of the function so as to finish the encryption of the calling session.
2. The cloud cryptographic service communication method of claim 1, wherein before sending the cloud cryptographic service request to a preset service agent, the method further comprises:
sending a cloud password service registration request to the cloud password service platform;
and receiving a cloud password service registration result from the cloud password service platform, wherein the cloud password service registration result comprises a service access certificate when the cloud password service platform judges that the cloud password service registration request meets a preset condition.
3. The cloud cryptographic service communication method of claim 2, wherein after receiving the cloud cryptographic service registration result from the cloud cryptographic service platform, the method further comprises:
deploying a service agent;
and configuring the service access credential to the service agent.
4. The cloud cryptographic service communication method of claim 3, wherein the configuring the service access credentials is subsequent to the service proxy, the method further comprising:
invoking the service agent, wherein the service agent is further used for performing request authentication to the quantum key distribution network based on the configured service access credential to allow access to the quantum key distribution network and the cloud cryptographic service platform.
5. The cloud cryptographic service communication method of claim 1, wherein said mapping relationship comprises one of: all function IDs correspond to the same quantum key, each function ID corresponds to a quantum key, and each function ID corresponds to a quantum key at each invocation.
6. The cloud cryptographic service communication method of any of claims 1 to 5, wherein said invoking session comprises at least one communication interaction, each said communication interaction comprising at least one function.
7. A cloud password service communication method for a service agent, the method comprising:
receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
based on the calling session, encrypting the calling session by using a quantum key related to the calling session, and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result;
receiving a cloud password service result fed back by the cloud password service platform;
based on the cloud password service result, the quantum key is used for decryption, so that the decrypted cloud password service result is sent to the terminal equipment;
the encrypting the call session using the quantum key associated with the call session includes: when the function used in the calling session is called, the corresponding quantum key is obtained from the quantum key distribution network according to the function ID corresponding to the function, and the calling of the function is encrypted by using the quantum key so as to finish the encryption of the calling session.
8. The cloud cryptographic service communication method of claim 7, wherein the based on the call session, encrypting the call session by using a quantum key related to the call session, and sending the encrypted call session to the cloud cryptographic service platform comprises:
generating serialized data based on the call session;
obtaining a quantum key related to a call session;
encrypting the serialized data based on the quantum key;
and sending the encrypted serialized data to a cloud password service platform.
9. The cloud cryptographic service communication method of claim 8, wherein said serialized data includes header information, version information, plaintext data, and a terminator; the quantum key comprises a key ID and key data; the encrypted serialized data includes header information, version information, key ID, ciphertext data, and an end character.
10. A cloud password service communication method is used for a cloud password service platform, and is characterized by comprising the following steps:
receiving an encrypted call session sent by a service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
executing a corresponding service based on the received encrypted call session to generate a cloud password service result;
feeding back a cloud password service result to a service agent;
the encrypted invocation session is obtained by: when the function used in the calling session is called, the corresponding quantum key is obtained from the quantum key distribution network according to the function ID corresponding to the function, and the calling of the function is encrypted by using the quantum key so as to finish the encryption of the calling session.
11. The cloud cryptographic service communication method of claim 10, wherein said executing a corresponding service based on the received encrypted call session to generate a cloud cryptographic service result comprises:
decrypting the encrypted invocation session using the quantum key based on the received encrypted invocation session;
analyzing a corresponding calling session based on the decrypted calling session;
and executing corresponding services according to the calling session to obtain a cloud password service result.
12. A cloud cryptographic service communication apparatus, the apparatus comprising:
the cloud password service request comprises a first sending unit, a second sending unit and a service agent, wherein the first sending unit is used for sending the cloud password service request to a preset service agent, and the cloud password service request comprises a calling session of a business application; the service agent is used for encrypting the calling session by using a quantum key related to the calling session based on the calling session and sending the encrypted calling session to the cloud password service platform; the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result to the service agent;
a first receiving unit, configured to receive a cloud password service result;
wherein said encrypting the invocation session using the quantum key associated with the invocation session comprises: when the function used in the calling session is called, the corresponding quantum key is obtained from the quantum key distribution network according to the function ID corresponding to the function, and the calling of the function is encrypted by using the quantum key so as to encrypt the calling session.
13. A cloud cryptographic service communication apparatus, the apparatus comprising:
the second receiving unit is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
an encryption unit configured to encrypt the call session based on the call session by using a quantum key associated with the call session;
the second sending unit is used for sending the encrypted calling session to a cloud password service platform, wherein the cloud password service platform is used for decrypting the encrypted calling session, executing corresponding cloud password service and feeding back a corresponding cloud password service result;
the third receiving unit is used for receiving a cloud password service result fed back by the cloud password service platform;
the decryption unit is used for decrypting based on the cloud password service result by using a quantum key;
the third sending unit is used for sending the decrypted cloud password service result to the terminal equipment;
wherein said encrypting the invocation session using the quantum key associated with the invocation session comprises: when the function used in the calling session is called, the corresponding quantum key is obtained from the quantum key distribution network according to the function ID corresponding to the function, and the calling of the function is encrypted by using the quantum key so as to finish the encryption of the calling session.
14. A cloud cryptographic service communication apparatus, the apparatus comprising:
a fourth receiving unit, configured to receive the encrypted invoking session sent by the service agent; the service agent is used for receiving a cloud password service request sent by terminal equipment, wherein the cloud password service request comprises a calling session of a business application;
an execution unit, configured to execute a corresponding service based on the received encrypted call session to generate a cloud password service result;
the fourth sending unit is used for feeding back a cloud password service result to the service agent;
wherein the encrypted invocation session comprises that obtained by: when the function used in the calling session is called, the corresponding quantum key is obtained from the quantum key distribution network according to the function ID corresponding to the function, and the calling of the function is encrypted by using the quantum key so as to finish the encryption of the calling session.
15. An electronic device comprising a memory and a processor; the memory stores a computer program, and the processor is configured to execute the computer program in the memory to execute the cloud cryptographic service communication method according to any one of claims 1 to 6, the cloud cryptographic service communication method according to any one of claims 7 to 9, or the cloud cryptographic service communication method according to any one of claims 10 to 11.
16. A computer-readable storage medium, wherein a computer program is stored, the computer program being adapted to be loaded by a processor to perform the cloud cryptographic service communication method of any one of claims 1 to 6, or the cloud cryptographic service communication method of any one of claims 7 to 9, or the cloud cryptographic service communication method of any one of claims 10 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200559.3A CN114268435B (en) | 2022-03-03 | 2022-03-03 | Cloud password service communication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200559.3A CN114268435B (en) | 2022-03-03 | 2022-03-03 | Cloud password service communication method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114268435A CN114268435A (en) | 2022-04-01 |
| CN114268435B true CN114268435B (en) | 2022-05-13 |
Family
ID=80833778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210200559.3A Active CN114268435B (en) | 2022-03-03 | 2022-03-03 | Cloud password service communication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114268435B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601571A (en) * | 2015-01-14 | 2015-05-06 | 浪潮电子信息产业股份有限公司 | Data encryption system and method for interaction between tenants and cloud server memory |
| CN105429752A (en) * | 2015-11-10 | 2016-03-23 | 中国电子科技集团公司第三十研究所 | Processing method and system of user key in cloud environment |
| CN110336800A (en) * | 2019-06-19 | 2019-10-15 | 茂名市群英网络有限公司 | A kind of management control system of cloud service |
| CN111262866A (en) * | 2020-01-17 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Cloud service access method, device, equipment and medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959567B (en) * | 2016-10-14 | 2021-07-27 | 阿里巴巴集团控股有限公司 | Data storage method, data acquisition method, device and system |
| CN109150835B (en) * | 2018-07-20 | 2021-05-04 | 国科量子通信网络有限公司 | Cloud data access method, device, equipment and computer readable storage medium |
| CN109150519B (en) * | 2018-09-20 | 2021-11-16 | 如般量子科技有限公司 | Anti-quantum computing cloud storage security control method and system based on public key pool |
-
2022
- 2022-03-03 CN CN202210200559.3A patent/CN114268435B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601571A (en) * | 2015-01-14 | 2015-05-06 | 浪潮电子信息产业股份有限公司 | Data encryption system and method for interaction between tenants and cloud server memory |
| CN105429752A (en) * | 2015-11-10 | 2016-03-23 | 中国电子科技集团公司第三十研究所 | Processing method and system of user key in cloud environment |
| CN110336800A (en) * | 2019-06-19 | 2019-10-15 | 茂名市群英网络有限公司 | A kind of management control system of cloud service |
| CN111262866A (en) * | 2020-01-17 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Cloud service access method, device, equipment and medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于QKD的量子密码云平台研究;张莹;《中国优秀硕士学位论文全文数据库(基础科学辑)》;20220215(第02期);第3.2、5.1章 * |
| 基于量子保密通信的国产密码服务云平台建设思路;王栋;《电信科学》;20180720;第34卷(第7期);第4节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114268435A (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3484125B1 (en) | Method and device for scheduling interface of hybrid cloud | |
| US8656037B2 (en) | Web service simple object access protocol request response processing | |
| US11676133B2 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| US8539231B1 (en) | Encryption key management | |
| US10735186B2 (en) | Revocable stream ciphers for upgrading encryption in a shared resource environment | |
| US11323546B2 (en) | Executing remote commands | |
| CN113556359B (en) | Communication protocol conversion method, device, system and gateway device | |
| US8321925B1 (en) | Distributed encryption key management | |
| CN112954050B (en) | Distributed management method and device, management equipment and computer storage medium | |
| CN109697370A (en) | Database data encipher-decipher method, device, computer equipment and storage medium | |
| CN108768928A (en) | A kind of information acquisition method, terminal and server | |
| CN111193704A (en) | HTTP communication method and device | |
| CN114338682A (en) | Flow identity mark transmission method and device, electronic equipment and storage medium | |
| CN114268435B (en) | Cloud password service communication method and device, electronic equipment and storage medium | |
| US10708269B1 (en) | Hosted application access management | |
| CN116248268A (en) | Method and device for processing national encryption handshake request and readable storage medium | |
| CN113852624A (en) | Data cross-network transmission method, device and computer medium thereof | |
| CN110569138B (en) | Remote service calling method, response method, device, electronic equipment and server | |
| CN111737725A (en) | User marking method, device, server and storage medium | |
| CN114124508B (en) | Application login method and system | |
| CN112822152B (en) | Directional information display processing method and related equipment | |
| CN113821805B (en) | Data encryption method and device | |
| CN116980115A (en) | Message processing method, device, product, equipment and medium | |
| CN113918980A (en) | Product authorization management method, device, equipment and medium | |
| CN113904778A (en) | Authentication implementation method and system for mqtt protocol access Internet of things equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20220401 Assignee: Suzhou Heyu Finance Leasing Co.,Ltd. Assignor: Nanjing yiketeng Information Technology Co.,Ltd. Contract record no.: X2022320010029 Denomination of invention: Cloud password service communication method, device, electronic equipment and storage medium Granted publication date: 20220513 License type: Exclusive License Record date: 20221209 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Cloud password service communication method, device, electronic equipment and storage medium Effective date of registration: 20221210 Granted publication date: 20220513 Pledgee: Suzhou Heyu Finance Leasing Co.,Ltd. Pledgor: Nanjing yiketeng Information Technology Co.,Ltd. Registration number: Y2022320010788 |