CN115150076A - Encryption system and method based on quantum random number - Google Patents

Encryption system and method based on quantum random number Download PDF

Info

Publication number
CN115150076A
CN115150076A CN202210745366.6A CN202210745366A CN115150076A CN 115150076 A CN115150076 A CN 115150076A CN 202210745366 A CN202210745366 A CN 202210745366A CN 115150076 A CN115150076 A CN 115150076A
Authority
CN
China
Prior art keywords
transmitted
information
client
data
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210745366.6A
Other languages
Chinese (zh)
Inventor
樊杰
宋斌
钟有为
安伟
李钰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Trustmobi Software Beijing Co ltd
Original Assignee
Trustmobi Software Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trustmobi Software Beijing Co ltd filed Critical Trustmobi Software Beijing Co ltd
Priority to CN202210745366.6A priority Critical patent/CN115150076A/en
Publication of CN115150076A publication Critical patent/CN115150076A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention relates to an encryption system and method based on quantum random numbers. The encryption system includes at least: at least two clients, a server, and a quantum random number generator. The client can act as a sender or receiver of information to be transmitted. The server can receive a public key corresponding to the client sent by the client, and send the public key of the client as a receiver of the information to be transmitted to the client as a sender of the information to be transmitted. The quantum random number generator is capable of sending a quantum random key corresponding to the information to be transmitted to the server. And the client serving as a sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key and sends the data to be transmitted including the information to be transmitted to the client serving as a receiver of the information to be transmitted. And the client serving as a receiver of the information to be transmitted acquires the information to be transmitted through the quantum random key. The encryption method can be applied to the encryption system.

Description

Encryption system and method based on quantum random number
Technical Field
The invention relates to the technical field of quantum encryption, in particular to an encryption system and method based on quantum random numbers.
Background
In recent years, the development of instant messaging software has been rapidly advanced. In short years, network instant messaging software has a great potential to replace the traditional communication mode. The instant messaging software is not only a simple chat tool, but also is developed into a comprehensive information platform integrating communication, information, electronic commerce, office cooperation and enterprise customer service. With the development of mobile internet, the internet instant messaging software is also expanding to the mobility, that is, the instant messaging software is gradually developed from the original application of personal living chat to an information platform integrating enterprise office communication, customer service communication, electronic commerce and the like. However, when an enterprise builds a platform related to internal instant messaging, the data security is often the most important problem to be ignored most easily; the above data security problem is more troublesome especially for some units with higher security requirements in the country. For example, when a citizen uses a mobile phone to make a call or send and receive a short message, lawless persons can perform wireless signal filtering, monitoring, signal decryption and the like on communication contents transmitted by the citizen through fixed equipment or an unmanned aerial vehicle. If the instant messaging software or the related platform cannot ensure the safety of encrypted transmission of data, users can communicate only in a face-to-face communication mode, so that the working efficiency is greatly reduced. Therefore, the instant messaging software or related platform used by the unit or person with higher security requirement or security needs to satisfy the basic functions required by instant messaging and ensure the security of encrypted transmission of data in the communication process, so that the data cannot be deciphered even if being monitored/intercepted in the transmission process.
Existing applications/clients for instant messaging typically employ an encryption mechanism combining asymmetric encryption and symmetric encryption, i.e., a user generates two keys when installing an application/client for instant messaging. The two keys are respectively a public key and a private key. And one public key corresponds one-to-one to one private key. An application/client for instant messaging uses a public key (public key) to encrypt data and uses a corresponding private key (private key) to decrypt. When the application program/client for instant messaging transmits data, the application program/client generates a new secret key to encrypt the data, so that one-time encryption is realized, and the safe transmission of the data is ensured.
However, the above prior art still has the following technical disadvantages: existing applications/clients for instant messaging are typically encrypted by means of pseudo-random numbers generated by soft algorithms, i.e. by means of some mathematical algorithm to generate random numbers, which are not true random numbers. This is because cryptographically secure pseudo-random numbers are incompressible, whereas the corresponding true random numbers can usually only be generated by a physical system. Existing techniques for encrypting pseudo-random numbers generated by soft algorithms therefore present a certain security risk. If the setting of the soft algorithm is lack of rigor, the soft algorithm will generate repeated random keys, so that the storage medium may be attacked and cracked, and finally, security events such as key leakage may occur. For example, the existing RSA public key cryptographic algorithm is the most widely used algorithm for secure communication and digital signature over the current network. The security of the RSA public key cryptographic algorithm is based on the difficulty of prime number decomposition in the number theory, so the RSA public key cryptographic algorithm needs to use a large enough integer. In short, if factoring is more difficult, the more difficult it is for a password to be deciphered, the more secure the password is. If one finds an algorithm that can decompose the factors quickly, the reliability of the information encrypted by the RSA public key cryptographic algorithm drops dramatically. For example, with the advent of the SHOR algorithm and the deep research of the quantum computer, a large number of prime factors can be quickly decomposed by utilizing the parallelism of the quantum computer, so that the quantum computer can easily crack the encryption algorithm (such as the RSA public key encryption algorithm) widely used at present and seriously threaten the information security in the fields of banks, networks, electronic commerce and the like. The existing password encryption and decryption system comprises symmetric and asymmetric encryption, and if a supercomputer is used for cracking the existing password encryption and decryption system, the supercomputer only has a time problem of decoding plaintext (such as encryption information) in transmission. Therefore, improvement is necessary to overcome the disadvantages of the prior art.
Furthermore, on the one hand, due to the differences in understanding to those skilled in the art; on the other hand, since the applicant has studied a great deal of literature and patents when making the present invention, but the disclosure is not limited thereto and the details and contents thereof are not listed in detail, it is by no means the present invention has these prior art features, but the present invention has all the features of the prior art, and the applicant reserves the right to increase the related prior art in the background.
Disclosure of Invention
Existing applications/clients for instant messaging are typically encrypted by means of pseudo-random numbers generated by soft algorithms, i.e. by means of some mathematical algorithm to generate random numbers, which are not true random numbers. This is because cryptographically secure pseudo-random numbers are incompressible, whereas the corresponding true random numbers can usually only be generated by a physical system. Therefore, the existing technology for encrypting the information to be transmitted by using the pseudo random number generated by the soft algorithm has certain safety risk.
Aiming at the defects of the prior art, the invention provides an encryption system and method based on quantum random numbers.
The method at least comprises the following steps:
at least two clients send public keys corresponding to the clients to a server, and the clients can be used as a sender or a receiver of information to be transmitted;
the server receives a public key which is sent by the client and corresponds to the client, and the server sends the public key of the client which is used as a receiver of the information to be transmitted to the client which is used as a sender of the information to be transmitted;
the quantum random number generator sends a quantum random key corresponding to the information to be transmitted to the server, and the server receives the quantum random key;
the server sends the quantum random key to a client serving as a sender of the information to be transmitted;
the client side serving as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, encrypts the quantum random key by using a public key of the client side serving as the receiver of the information to be transmitted, and then sends data to be transmitted at least comprising the information to be transmitted and the quantum random key to the client side serving as the receiver of the information to be transmitted;
and after receiving the information to be transmitted, the client serving as the receiver of the information to be transmitted decrypts the quantum random key to obtain the quantum random key, and then decrypts the information to be transmitted by using the quantum random key to obtain the information to be transmitted.
However, the structure, the traffic rate, the access address, and the like of the data packets (for example, information to be transmitted) in the data transmission channel between the clients are usually fixed or regularly circulated, and the data traffic of the data packets participating in other applications is not confused in the data transmission channel, so that the data packets are easily analyzed and/or positioned by some lawless persons, thereby presenting a security risk of information leakage. Therefore, the client serving as the sender of the information to be transmitted sends the data to be transmitted containing the information to be transmitted and the quantum random key to the client serving as the receiver of the information to be transmitted based on the confusion protocol. The confusion protocol is mainly used for realizing the protection of the information to be transmitted by the client by confusing the information to be transmitted in the data transmission channel.
According to a preferred embodiment, the step of sending the data to be transmitted, which includes the information to be transmitted and the quantum random key, to the client as the receiver of the information to be transmitted includes:
the client serving as the sender of the information to be transmitted at least disguises the information to be transmitted in the data to be transmitted based on an obfuscation protocol and forms first disguised data;
the server acquires the first disguised data and analyzes the first disguised data according to the confusion protocol to acquire a real request in the information to be transmitted;
the server forwards the first disguised data to the client corresponding to the real request, which is a receiver of the information to be transmitted, based on the real request;
the client serving as the receiver of the information to be transmitted acquires the first disguised data forwarded by the server;
and the client of the receiver as the information to be transmitted analyzes the first disguised data forwarded by the server based on the confusion protocol and acquires the data to be transmitted from the first disguised data.
According to a preferred embodiment, the first disguised data comprises at least information to be transmitted, a quantum random key, a disguise request and an identifier. The masquerading request corresponding to a real request in the information to be transmitted is generated by the client as a sender of the information to be transmitted based on the obfuscation protocol. The identifier is used to identify a masquerading algorithm used by the client in generating the masquerading request. In a case where a plurality of the servers can form a server group, the client as a sender of the information to be transmitted can transmit the first masquerading data to at least one server corresponding to the masquerading request in the server group based on the masquerading request.
According to a preferred embodiment, the method for disguising information to be transmitted comprises:
the client side serving as a sender of the information to be transmitted generates the disguised request through the disguised algorithm so as to hide a real request corresponding to the information to be transmitted;
and the client serving as the sender of the information to be transmitted combines the information to be transmitted, the quantum random key, the disguise request and the identifier corresponding to the disguise algorithm into the first disguise data.
Through the configuration mode, the client can utilize various algorithms to disguise the real request in the information to be transmitted, and can add the disguise request randomly generated by the disguise algorithm into the first disguise data, so that the randomness of the server accessed by the client/the client as the receiver of the information to be transmitted is ensured, and the real request corresponding to the information to be transmitted and the client corresponding to the real request as the receiver of the information to be transmitted, which are obtained by the analysis of the information to be transmitted by a lawbreaker, are avoided; meanwhile, both the client and the server can disguise the real request in the information to be transmitted based on the confusion protocol, and forward the first disguised data to the client which is the receiver of the information to be transmitted and corresponds to the real request through the server corresponding to the disguised request through the randomly generated disguised request, so that the real request of the information to be transmitted is hidden and the information to be transmitted is prevented from being leaked.
In the prior art, the access address of data transmitted by a client is often fixed. The information to be transmitted sent by the client in the invention is transmitted to the client as the receiver of the information to be transmitted through any one or more servers in the server group. Because the first disguised data corresponding to the information to be transmitted can be forwarded to the client serving as the receiver of the information to be transmitted corresponding to the real request through one random server, the data transmission channel for transmitting the information to be transmitted is constantly changing and irregularly circulated, so that lawless persons are prevented from acquiring the information to be transmitted (such as the real request) and/or acquiring related information of the information to be transmitted from a fixed data transmission channel.
According to a preferred embodiment, the method for disguising information to be transmitted further comprises:
and the client serving as the sender of the information to be transmitted carries out random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being decoded by lawless persons.
In the prior art, data traffic of other application programs and the like cannot be mixed in the information to be transmitted in the transmission of the information to be transmitted, and the structure, the traffic rate and the like of the information to be transmitted in the transmission process are regular and can be followed, so that the information to be transmitted is easy to analyze the relevant rules of the information to be transmitted by a lawbreaker, and further the information to be transmitted is leaked. The invention adds multi-node flow confusion, namely random filling and/or multi-frequency Bit flow camouflage transmission are/is carried out on the information to be transmitted in the data to be transmitted, so that the characteristics of the structure, the flow rate and the like of the information to be transmitted in the transmission process are irregular and can be circulated, and the information to be transmitted is further confused to prevent the information to be transmitted from being decoded by lawless persons.
Through the configuration mode, the client randomly participates the real information to be transmitted into the data packets of other application programs, and forwards the first disguised data to one or more servers in batches without timing (for example, the sending time of the first disguised data is randomly set through a random algorithm), so that the characteristics of the structure, the flow rate and the like of the transmitted data packets of the first disguised data are irregular and can be circulated, and the purpose of confusing a data eavesdropper is achieved. When the client and the server transmit the information to be transmitted or the first disguised data, the client disguises the encrypted information to be transmitted or the data packet of the first disguised data into a data packet with the same/similar structure as other application programs and/or hides the encrypted information to be transmitted or the data packet of the first disguised data in the data packets of other application programs, and forwards the data packets to the server in batches to achieve the purpose of confusing a data eavesdropper.
According to a preferred embodiment, the quantum random number generator is capable of sending the quantum random key to the server when the information to be transmitted is generated, and the server is capable of numbering the quantum random key and receiving the quantum random key according to the number.
According to a preferred embodiment, the client, which is the sender of the information to be transmitted, can send a request to the server when generating the information to be transmitted, where the request is used to request the server for a quantum random key corresponding to the information to be transmitted. The server can acquire the request in real time and send the quantum random key corresponding to the information to be transmitted to the client sending the request.
According to a preferred embodiment, the client as the receiver of the information to be transmitted can send the second masquerading data to the server when the client as the receiver of the information to be transmitted has acquired the information to be transmitted. The second masquerading data at least comprises response data corresponding to the information to be transmitted in the first masquerading data.
The invention also provides an encryption system based on the quantum random number. The encryption system includes at least: at least two clients, a server, and a quantum random number generator.
At least two clients are configured to be able to act as senders or receivers of information to be transmitted.
The server is configured to be capable of receiving a public key corresponding to the client sent by the client, and sending the public key of the client as a receiver of the information to be transmitted to the client as a sender of the information to be transmitted.
The quantum random number generator is configured to be capable of sending a quantum random key corresponding to the information to be transmitted to the server.
Under the condition that the server sends the quantum random key to a client serving as a sender of the information to be transmitted, the client serving as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, and sends data to be transmitted at least comprising the information to be transmitted and the quantum random key to the client serving as a receiver of the information to be transmitted, and the client serving as the receiver of the information to be transmitted obtains the information to be transmitted through the quantum random key so as to realize safe communication between the clients.
The invention adopts the quantum random generator to generate the quantum random number/the quantum random key, namely the generated quantum random number/the quantum random key is a true random number and can be taken at any time. The security of quantum cryptography (such as quantum random numbers/quantum random keys) is ensured by the physical characteristics of quantum states, such as inaccuracy in measurement, inseparability, irreproducibility and the like. And the measurement of the quantum state according to the measurement collapse theory changes the initial quantum state, namely, the data eavesdropping behavior of a data eavesdropper can introduce additional error codes into the initial quantum state. For example, when no data eavesdropper exists in the data transmission channel, the bit error rate of the quantum cryptography is zero; and when a data eavesdropper exists in the data transmission channel, the bit error rate of the quantum cryptography is twenty-five percent. When the bit error rate of the quantum cryptography exceeds a threshold value, the existence of a data eavesdropper in the data transmission channel is indicated. At the moment, the early warning module in data connection with the quantum random generator can send out alarm information to the server, and the server can abandon the distributed quantum random key based on the alarm information. Through the configuration mode, the real quantum random number (such as a quantum random key) is used as the encryption key to encrypt the information content (such as the information to be transmitted) of the instant messaging, so that the indecipherability and uniqueness of the information content of the instant messaging are ensured, and the safe communication between the clients is further realized. In addition, the invention can also reduce the operation time consumed by the client to generate the pseudo random number by using the soft algorithm, thereby improving the efficiency; the invention can also combine with modern cryptographic algorithm (such as SM4, AES, etc.) to play a role in the confidentiality of information; the invention can also combine authentication and other cryptographic algorithms to play a role in the requirements of information authenticity and integrity, etc. outside confidentiality.
Drawings
Fig. 1 is a schematic diagram of a simplified module connection relationship according to a preferred embodiment of the present invention.
List of reference numerals
1: a client; 2: a server; 3: a quantum random number generator.
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
The invention also provides an encryption method based on the quantum random number. The encryption method at least comprises the following steps:
at least two clients 1 send public keys corresponding to the clients 1 to a server 2, wherein the clients 1 can be used as senders or receivers of information to be transmitted;
the server 2 receives the public key corresponding to the client 1 sent by the client 1, and the server 2 sends the public key of the client 1 which is a receiver of the information to be transmitted to the client 1 which is a sender of the information to be transmitted.
The quantum random number generator 3 sends a quantum random key corresponding to the information to be transmitted to the server 2. The server 2 receives the quantum random key.
The server 2 sends the quantum random key to the client 1, which is the sender of the information to be transmitted.
Preferably, the encryption method further includes:
the method comprises the steps that a client 1 serving as a sender of information to be transmitted encrypts information to be transmitted by using a quantum random key, encrypts the quantum random key by using a public key of the client 1 serving as a receiver of the information to be transmitted, and then sends data to be transmitted at least comprising the information to be transmitted and the quantum random key to the client 1 serving as the receiver of the information to be transmitted;
after receiving the information to be transmitted, the client 1 serving as the receiver of the information to be transmitted decrypts the quantum random key to obtain the quantum random key, and the client 1 serving as the receiver of the information to be transmitted decrypts the information to be transmitted by using the quantum random key to obtain the information to be transmitted.
The information to be transmitted is information transmitted between the client 1 as a sender of the information to be transmitted and the client 1 as a receiver of the information to be transmitted.
The quantum random number generator 3 can automatically generate a quantum random key.
Preferably, the quantum random key corresponding to the information to be transmitted, which is sent by the quantum random number generator 3 to the server 2, corresponds to the information to be transmitted one to one. Preferably, each piece of information to be transmitted corresponds to a new quantum random key.
Preferably, the server 2 sends the quantum random key to the client 1, which is the sender of the information to be transmitted, through a bidirectional HTTPS transmission channel.
Preferably, the client 1, which is the sender of the information to be transmitted, encrypts the information to be transmitted by using a quantum random key and by using a symmetric encryption mechanism.
Preferably, the client 1 as a sender of the information to be transmitted transmits the data to be transmitted including the information to be transmitted to the client 1 as a receiver of the information to be transmitted based on the obfuscation protocol.
The data to be transmitted at least comprises information to be transmitted and a quantum random key.
Preferably, a private key used by the client 1 as a recipient of the information to be transmitted is stored within the client 1.
Preferably, after receiving the information to be transmitted, the client 1, which is a receiver of the information to be transmitted, decrypts the quantum random key encrypted by the public key in the data to be transmitted by using the private key corresponding to the public key to obtain the quantum random key.
Preferably, the client 1, which is a receiver of the information to be transmitted, decrypts the information to be transmitted, which is encrypted by the quantum random key, using the quantum random key to obtain the information to be transmitted.
Preferably, the step of sending the data to be transmitted containing the information to be transmitted to the client 1 as the receiver of the information to be transmitted includes:
a client 1 serving as a sender of information to be transmitted disguises at least the information to be transmitted in the data to be transmitted based on an obfuscation protocol and forms first disguised data;
the server 2 acquires the first camouflage data and analyzes the first camouflage data according to the confusion protocol to acquire a real request in the information to be transmitted;
the server 2 forwards the first disguised data to the client 1 corresponding to the real request and serving as a receiver of the information to be transmitted based on the real request;
a client 1 serving as a receiver of information to be transmitted acquires first disguised data forwarded by a server 2;
the client 1 serving as a receiver of the information to be transmitted analyzes the first masquerading data forwarded by the server 2 based on the confusion protocol, and acquires the data to be transmitted from the first masquerading data.
Particularly preferably, the number of servers 2 is two or more.
The real request is the address of the client 1 as the recipient of the information to be transmitted.
The confusion protocol at least comprises a method for disguising the information to be transmitted and/or switching a data transmission channel for transmitting the information to be transmitted among the client 1, the server 2 and the client 1 serving as a receiver of the information to be transmitted, so that the information to be transmitted in the data transmission channel is confused to realize the protection of the information to be transmitted.
Because the security of the data transmission channel between the client 1 and the client 1 as the receiver of the information to be transmitted is not high enough, the invention provides a rule for protecting the information to be transmitted in the data transmission channel, namely an obfuscation protocol.
The purpose of switching the data transmission channel by the confusion protocol is to forward the information to be transmitted to the client 1, which is the receiver of the information to be transmitted, through the server 2 corresponding to the randomly generated masquerading request by using the masquerading request generated by the confusion protocol, i.e. the information to be transmitted is transmitted and confused by multiple nodes (such as a server 2 group). The server 2 group comprises a plurality of servers 2, and information to be transmitted can be forwarded to the client 1 serving as a receiver of the information to be transmitted by any one server 2 in the server 2 group, so that a data transmission channel formed in the process that the information to be transmitted is transmitted to the client 1 serving as the receiver of the information to be transmitted from the client 1 is changed randomly, and finally, the data transmission channel of the information to be transmitted can be continued without any rule to realize the protection of the information to be transmitted.
The obfuscation protocol can also include an encryption method that twice encrypts the information to be transmitted/the first disguised data. The encryption method may be asymmetric encryption and/or a symmetric encryption algorithm.
The data in the data transmission channel at least comprises information to be transmitted.
The data in the data transmission channel may further include first masquerading data.
Preferably, the first masquerading data at least comprises information to be transmitted, a quantum random key, a masquerading request and an identifier, the masquerading request corresponding to a real request in the information to be transmitted is generated by a client 1 serving as a sender of the information to be transmitted based on a confusion protocol, and the identifier is used for identifying a masquerading algorithm used by the client 1 serving as the sender of the information to be transmitted in a process of generating the masquerading request. In a case where a plurality of servers 2 can form a server 2 group, the client 1, which is a sender of information to be transmitted, can transmit the first masquerading data to at least one server 2 corresponding to the masquerading request in the server 2 group based on the masquerading request.
The information to be transmitted comprises at least a real request. The real request is the address of the client 1 to which the information to be transmitted needs to be transmitted as the receiver of the information to be transmitted.
The kind of information to be transmitted can be determined according to the needs of the user.
The masquerading request is an address corresponding to any one of the servers 2, which is randomly generated by the client 1 to masquerade a real request in the information to be transmitted.
The types of information to be transmitted can be added or deleted according to the actual application scene.
For example, the information to be transmitted may include the information to be transmitted and the real request; at this time, the first masquerading data includes information to be transmitted, a real request and a masquerading request.
The client 1, the server 2 and the client 1 as a receiver of the information to be transmitted can transmit the information to be transmitted based on the HTTPS protocol and the confusion protocol.
Preferably, the method for disguising the information to be transmitted includes:
a client 1 serving as a sender of information to be transmitted generates a disguised request through a disguised algorithm so as to hide a real request corresponding to the information to be transmitted;
the client 1, which is the sender of the information to be transmitted, merges the information to be transmitted, the masquerading request, and the identifier corresponding to the masquerading algorithm into first masquerading data.
Preferably, the method for disguising information to be transmitted further comprises:
the client 1 serving as a sender of the information to be transmitted performs random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being decoded by lawbreakers.
Preferably, the server 2 and the client 1, which is the recipient of the information to be transmitted, are both able to disguise the actual request in the information to be transmitted based on an obfuscation protocol.
In order to ensure the efficiency of data transmission, the HTTPS protocol uses symmetric encryption for data transmission after the certificate verification succeeds, that is, the HTTPS protocol uses asymmetric encryption only in the certificate verification stage. If the lawbreaker intercepts the information to be transmitted in the data transmission, because the keys used for symmetric encryption are all pseudo-random numbers and the current computer technology is in a stage of rapid development, the information to be transmitted is likely to be deciphered by the lawbreaker within a certain time after being intercepted.
Therefore, the invention carries out asymmetric encryption once again on the basis of carrying out symmetric encryption on the information to be transmitted. The operation not only does not obviously affect the efficiency of transmitting the information to be transmitted, but also can greatly improve the security of data transmission, namely, even if a lawbreaker intercepts the information to be transmitted which is symmetrically encrypted and asymmetrically encrypted, the information to be transmitted cannot be cracked.
Before the client 1 sends the information to be transmitted to the server 2, the client 1 encrypts the information to be transmitted through asymmetric encryption and a symmetric encryption algorithm, and then the client 1 rewrites a real request in the information to be transmitted so as to disguise/hide the real request and generate a disguised request.
The masquerading request is randomly generated by the client 1 using a masquerading algorithm.
The disguise algorithm described above has a specific identifier in the obfuscation protocol.
Particularly preferably, the first disguise data can further include: the client 1 disguises the identifier of the disguising algorithm used for the information to be transmitted at the current time.
The identifier may take the form of one or more of a number, letter, etc.
For example, if the identifier is "a", it indicates that the disguising algorithm used by the client 1 to disguise the information to be transmitted at the current time is the first disguising algorithm; if the identifier is "B", the disguising algorithm used by the client 1 to disguise the information to be transmitted at the current time is the second disguising algorithm, and so on.
The disguising algorithm can be flexibly selected according to the requirements of the actual application scenario. The disguising algorithm may be a message digest algorithm, a secure hash algorithm, a message authentication code algorithm, a cutting algorithm, a parallel concatenation algorithm, etc. After a masquerading request of a client 1 of a sender of information to be transmitted is masqueraded by using a masquerading algorithm and then is sent to a server 2 or a server in a server group, the server 2 finds the corresponding masquerading algorithm used by the client 1 of the sender of the information to be transmitted according to a masquerading algorithm identifier contained in first masquerading data, and then resolves a real address of the client 1 of a receiver of the information to be transmitted based on the masquerading algorithm. And then, the server 2 sends the first camouflage data to the corresponding client 1 of the information receiver to be transmitted according to the real address of the client 1 of the information receiver to be transmitted obtained through analysis.
For example, when the number of the clients 1 as the receivers of the information to be transmitted is only one, the masquerading request indicates which server 2 in the server 2 group the first masquerading data is forwarded to the client 1 as the receiver of the information to be transmitted; when the number of the clients 1 as the receivers of the information to be transmitted is more than one, the masquerading request indicates to which client 1 as the receiver of the information to be transmitted the first masquerading data is forwarded via which server 2.
The disguising of the client 1 to the real request in the information to be transmitted is achieved by rewriting the network request interface.
The client 1 transmits the first masquerading data to the server 2 corresponding to the masquerading request in the server 2 group based on the masquerading request. The server 2 corresponding to the masquerading request can parse the first masquerading data based on the obfuscation protocol to obtain a real request corresponding to the information to be transmitted.
For example, the address (i.e., the real request) of the client 1, which is the receiver of the information to be transmitted, corresponding to the information to be transmitted is www. And the masquerading request can adopt any one or more of masquerading addresses of a.com, b.net, c.org and the like.
After a server 2 corresponding to a masquerading request in a server 2 group receives first masquerading data sent by a client 1, the server 2 can obtain an identifier in the first masquerading data based on an obfuscation protocol, analyze a masquerading algorithm used by the client 1 corresponding to the current first masquerading data through the identifier, and analyze a real request corresponding to information to be transmitted from the first masquerading data (such as the masquerading request in the first masquerading data) based on the masquerading algorithm. Then, the one or more servers 2 forward the first masquerading data to the client 1, which is a receiver of the information to be transmitted and corresponds to the real request in batches based on the real request corresponding to the information to be transmitted.
Preferably, the server 2 and the client 1 as a recipient of the information to be transmitted may employ the same model of server 2.
Preferably, the work duties assumed by the server 2 and the client 1 as the recipient of the information to be transmitted can be switched over to each other. For example, the client 1, which is the recipient of the information to be transmitted, may act as a server 2 in the server 2 group; one server 2 in the server 2 group may also be a client 1 of a recipient of the information to be transmitted.
Through the configuration mode, the client 1 can use various algorithms to disguise the real request in the information to be transmitted, and can add the disguise request randomly generated by the disguise algorithm into the first disguise data, so that the randomness of the server 2 accessed by the client 1/the client 1 serving as the receiver of the information to be transmitted is ensured, and meanwhile, the fact that the information to be transmitted is analyzed by a lawless person to obtain the real request corresponding to the information to be transmitted and the client 1 serving as the receiver of the information to be transmitted corresponding to the real request are avoided; meanwhile, both the client 1 and the server 2 can disguise the real request in the information to be transmitted based on the confusion protocol, and forward the first disguised data to the client 1 which is the receiver of the information to be transmitted and corresponds to the real request through the server 2 corresponding to the disguised request by the randomly generated disguised request, so as to hide the real request of the information to be transmitted and prevent the information to be transmitted from being leaked.
In the prior art, the access address of the data transmitted by the client 1 is often fixed. The information to be transmitted sent by the client 1 in the present invention is transmitted to the client 1, which is a receiver of the information to be transmitted, through any one or more servers 2 in the server 2 group. Because the first masquerading data corresponding to the information to be transmitted can be forwarded to the client 1 which is a receiver of the information to be transmitted and corresponds to the real request through one random server 2, a data transmission channel for transmitting the information to be transmitted is constantly changed and irregularly circulated, so that lawless persons are prevented from acquiring the information to be transmitted (such as the real request) and/or acquiring related information of the information to be transmitted from a fixed data transmission channel.
In the case of only one server 2, although the transmission path of the information to be transmitted cannot be randomly changed, the traffic disguising and random packet filling method can be applied to the information to be transmitted to protect the information to be transmitted.
Preferably, the method for disguising information to be transmitted further comprises:
the client 1 carries out random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being decoded by lawbreakers.
The client 1 can disguise the information to be transmitted into a data packet (such as a data packet of a video music application program) with a corresponding script, wherein the data packet is different from the structure of the information to be transmitted, and the data packet and the server 2 interact with each other irregularly to form the illusion of multi-frequency Bit traffic disguising transmission. Meanwhile, the client 1 can also randomly incorporate data of other application programs into the information to be transmitted, that is, after the information to be transmitted is divided into a plurality of sub-packets, the plurality of sub-packets are hidden in the data packets of other application programs in batches, and the data packets of other application programs are transmitted to the server 2 in segments or the client 1 serving as a receiver of the information to be transmitted, so that the information to be transmitted is mixed and the information to be transmitted is prevented from being decoded by lawless persons.
In the prior art, data traffic of other application programs and the like cannot be mixed in the information to be transmitted in the transmission of the information to be transmitted, and the structure, the traffic rate and the like of the information to be transmitted in the transmission process are regular and can be followed, so that the information to be transmitted is easy to analyze the relevant rules of the information to be transmitted by a lawbreaker, and further the information to be transmitted is leaked. The invention adds multi-node flow confusion, namely random filling and/or multi-frequency Bit flow camouflage transmission are/is carried out on the information to be transmitted in the data to be transmitted, so that the characteristics of the structure, the flow rate and the like of the information to be transmitted in the transmission process are irregular and can be circulated, thereby realizing the confusion of the information to be transmitted and preventing the information to be transmitted from being decoded by lawless persons.
The step of randomly filling the information to be transmitted in the data to be transmitted by the client 1 comprises the following steps:
judging whether the information to be transmitted reaches a triggering condition for triggering random filling;
dividing information to be transmitted into a plurality of sub data packets randomly;
generating a filling data packet needing to be filled;
filling data packets are randomly mixed among a plurality of sub data packets;
the sub-packets containing the padding packets are sent in batches to the server 2 or the client 1 as the recipient of the information to be transmitted.
The client 1 determines whether the information to be transmitted meets the trigger condition for triggering random padding. The trigger condition can be artificially set according to the actual application scene. For example, the client 1 may add a specific trigger identifier to the information to be transmitted. If the client 1 identifies the information to be transmitted and finds that the first camouflage data has the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which meets the trigger condition of triggering random filling; if the client 1 identifies the information to be transmitted and finds that the first camouflage data does not have the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which does not meet the trigger condition for triggering random filling.
The above trigger condition may be randomly generated by a corresponding algorithm, that is, the operation of the client 1 to perform random packet filling transmission on the information to be transmitted is random.
The information to be transmitted is randomly divided into a plurality of sub-packets, so that the characteristics of the size, the number and the like of the sub-packets are irregular and can be circulated.
If the client 1 analyzes the information to be transmitted and judges that the information to be transmitted at the current time reaches the trigger condition preset by triggering, the client 1 generates a filling data packet for filling the information to be transmitted/the first camouflage data according to a corresponding algorithm. The padding packets may be structured as the same/similar packets as other applications (e.g., video, music, etc.). The structural identity/similarity means that the characteristics of the data packets, such as structure, flow rate, frequency, and the like, are the same or similar.
The number of padding packets padded between two subpackets is random.
The time when the client 1 sends the sub-packets containing the padding packets to the server 2 or the client 1, which is the recipient of the information to be transmitted, may also be random.
Preferably, the server 2 or the client 1, which is the recipient of the information to be transmitted, is able to receive a plurality of subpackets in a segmented reception manner, to reassemble the plurality of subpackets into the first masquerading data.
Through the configuration mode, real information to be transmitted is randomly mixed into data packets of other application programs, and the first masquerading data is forwarded to one or more servers 2 in batches without timing (for example, the sending time of the first masquerading data is randomly set through a random algorithm), so that the characteristics of the structure, the flow rate and the like of the transmitted data packets of the first masquerading data can be irregularly circulated, and the purpose of confusing a data eavesdropper is achieved.
The step that the client 1 conducts multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted comprises the following steps:
judging whether the information to be transmitted reaches a triggering condition for triggering multi-frequency Bit flow camouflage transmission;
analyzing the format of the data packet of the target application program;
disguising information to be transmitted into a data package of the target application program based on the format of the data package of the target application program;
and sending the disguised information to be transmitted to the server 2 or the client 1 serving as a receiver of the information to be transmitted.
The client 1 judges whether the current information to be transmitted reaches the trigger condition for triggering the Bit flow camouflage transmission. The trigger condition can be artificially set according to the actual application scene. For example, the client 1 may add a specific trigger identifier to the information to be transmitted. If the client 1 identifies the information to be transmitted and finds that the first camouflage data has the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which meets the trigger condition of camouflage transmission by using Bit flow; if the client 1 identifies the information to be transmitted and finds that the first masquerading data does not have the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which does not reach the trigger condition of the transmission by using the Bit flow masquerading.
The trigger condition may be randomly generated by a corresponding algorithm, that is, the operation of the client 1 performing Bit traffic camouflage transmission on the information to be transmitted is random.
The client 1 and the server 2 disguise the traffic of the data packets to be transmitted by adopting methods such as traffic filling, traffic normalization, traffic disguising and the like.
The client 1 and the server 2 disguise the flow of the data packets to be transmitted, and can also adopt methods such as rerouting, adding garbage packets, packet loss, packet merging, packet fragmentation, packet disordering, stream mixing, stream segmentation, stream merging and the like.
Particularly preferably, the client 1 and the server 2 disguise the information to be transmitted by disguising the encrypted information to be transmitted into a data packet with the same or similar format/structure as the data packet of other application programs (such as video, music and the like).
For example, the client 1 needs to disguise the information to be transmitted this time into a format of a data packet of a target application program (for example, a certain music application program), and then the client 1 may first analyze the format/structure of the data packet of the target application program and then disguise the information to be transmitted into the format/structure of the data packet of the music application program, so that a lawbreaker cannot identify the disguised information to be transmitted, and finally achieve the purpose of confusing a data eavesdropper.
Through the configuration mode, when the client 1 and the server 2 transmit the information to be transmitted or the first disguised data, the encrypted data packets of the information to be transmitted or the first disguised data are disguised into data packets with the same/similar structures as other application programs and/or the encrypted data packets of the information to be transmitted or the first disguised data are hidden in data packets of other application programs, and then the data packets are transmitted to the server 2 in batches, so that the purpose of confusing a data eavesdropper is achieved.
Preferably, the quantum random number generator 3 is capable of sending the quantum random key to the server 2 when the information to be transmitted is generated, and the server 2 is capable of numbering the quantum random key and receiving the quantum random key according to the numbering.
Preferably, the number may be determined according to a time sequence order of receiving the quantum random key. For example, the first quantum random key received by the server 2 on the same day is number one, the second quantum random key is number two, and so on.
Preferably, the client 1, which is a sender of the information to be transmitted, is capable of sending a request to the server 2 when generating the information to be transmitted, where the request is used to request the server 2 for a quantum random key corresponding to the information to be transmitted. The server 2 can obtain the request in real time and send the quantum random key corresponding to the information to be transmitted to the client 1 sending the request.
Preferably, the solicitation request may include an identification code of the client 1 that issued the solicitation request.
Preferably, the server 2 is able to send, based on the identification code, a quantum random key corresponding to the information to be transmitted to the client 1 corresponding to the identification code.
Preferably, in a case where the client 1 as the receiver of the information to be transmitted has acquired the information to be transmitted, the client 1 as the receiver of the information to be transmitted is able to transmit the second masquerading data to the server 2. The second disguise data includes at least response data corresponding to the information to be transmitted in the first disguise data.
The kind of the response data may be set according to the user's needs.
The server 2 can acquire the second masquerading data and masquerade the second masquerading data as third masquerading data based on an obfuscation protocol.
Preferably, the information to be transmitted is used to request the second masquerading data from the client 1, which is the receiver of the information to be transmitted.
The third camouflage data at least comprises response data corresponding to the information to be transmitted.
In the case of responding to the information to be transmitted, the client 1, which is the recipient of the information to be transmitted, can transmit the response data corresponding to the first masquerading data to the server 2.
The client 1, which is the receiver of the information to be transmitted, is also able to disguise the response data based on the obfuscation protocol to generate second disguised data.
The server 2 can acquire the second masquerading data and masquerade the second masquerading data as third masquerading data based on the obfuscation protocol.
The third masquerading data can be transmitted to the client 1 by the server 2.
Preferably, the second disguised data may further include, but is not limited to: the client side 1 is used for receiving the information to be transmitted, and the client side 1 is used for receiving the information to be transmitted.
Preferably, the information to be transmitted is used to request the second masquerading data from the client 1, which is the receiver of the information to be transmitted.
Preferably, the client 1, which is the recipient of the information to be transmitted, is also able to encrypt the second masquerading data in an asymmetric encryption and a symmetric encryption.
The third masquerading data at least comprises response data corresponding to the information to be transmitted in the first masquerading data.
Preferably, the third disguised data may further include, but is not limited to: the CA digital certificate signature public key, identity information, a pseudo-random number, a quantum random key, an identifier of the disguise algorithm used by the server 2 this time, and the like.
The disguising and transmission processes of the second disguised data and the third disguised data are the same as the disguising and transmission processes of the first disguised data, and therefore the disguising and transmission processes of the second disguised data and the third disguised data are not repeated herein.
Fig. 1 shows a quantum random number based encryption system. The encryption system includes at least: at least two clients 1, a server 2 and a quantum random number generator 3. The client 1 can act as a sender or receiver of information to be transmitted. The server 2 is capable of receiving the public key corresponding to the client 1 sent by the client 1 and sending the public key of the client 1 as a receiver of the information to be transmitted to the client 1 as a sender of the information to be transmitted. The quantum random number generator 3 is able to send a quantum random key corresponding to the information to be transmitted to the server 2.
The client 1 serving as a sender of the information to be transmitted encrypts the information to be transmitted by using a quantum random key, and sends the data to be transmitted including the information to be transmitted to the client 1 serving as a receiver of the information to be transmitted, and the client 1 serving as the receiver of the information to be transmitted acquires the information to be transmitted through the quantum random key so as to ensure safe communication between the clients 1.
The invention relies primarily on a quantum random number generator 3 to generate true random numbers. In the process of using the quantum random number/quantum random key, the client 1 of the user may have the situation that the quantum random number is already used and a new quantum random number is not timely distributed to the client 1. In order to ensure the normal communication of the client 1, under the condition that the quantum random number is already used and the new quantum random number is not issued in time when the client 1 appears, the client 1 can generate a pseudo-random number through a soft algorithm to temporarily replace the quantum random number/quantum random key which is not distributed in time at the present time.
Since the transmitted quantum random number/quantum random key only carries the information of the random bit string originally prepared for encryption, even if a data eavesdropper has stolen the transmitted quantum random number/quantum random key, the data eavesdropper still cannot acquire the real information (such as highly confidential information) to be transmitted. The present invention does not directly send or receive information to be transmitted (such as highly confidential information), but sends or receives a random bit string/quantum random key. Once the client 1 and/or the server 2 finds that the transmission of the random bit string/quantum random key is disturbed, the client 1 and/or the server 2 can immediately interrupt the transmission of the information to be transmitted and discard the random bit string/quantum random key, thereby ensuring the security of the information to be transmitted.
The server 2 is able to receive the quantum random key in real time.
Each client 1 is able to send a public key corresponding to the client 1 to the server 2.
Preferably, the client 1 as the sender of the information to be transmitted is able to encrypt the quantum random key using the public key of the client 1 as the receiver of the information to be transmitted.
Preferably, the client 1, which is the recipient of the information to be transmitted, is able to receive the information to be transmitted in real time.
Preferably, the client 1, which is a receiver of the information to be transmitted, decrypts the encrypted quantum random key using the public key to obtain the quantum random key. The public key comes from the client 1, which is the sender of the information to be transmitted.
Preferably, the client 1, which is a receiver of the information to be transmitted, decrypts the information to be transmitted encrypted by the quantum random key using the quantum random key to obtain the information to be transmitted.
For example, the main process of the client 1 as the sender of the information to be transmitted sending the information to be transmitted to the client 1 as the receiver of the information to be transmitted may be:
s1: after logging in through the client 1A, the user a uploads respective public keys (such as public keys of the client 1A and the client 1B) to the server 2, and the server 2 encrypts and stores the public keys after receiving the public keys (such as public keys of the client 1A and the client 1B);
s2: the server 2 sends the public key of the client 1B used by the friend B of the user A to the client 1A used by the user A, and the client 1A encrypts the public key of the client 1B and stores the public key into the local;
s3: the server 2 receives the quantum random key generated by the quantum random number generator 3 and stores the quantum random key to the server 2;
s4: the server 2 issues the quantum random key to each client 1 through a bidirectional HTTPS transmission channel;
s5: the client 1 encrypts information to be transmitted by using a quantum random key and adopting a symmetric encryption mechanism, encrypts the quantum random key by using a public key of the client 1B, and then sends data to be transmitted to a receiver (such as the client 1B);
s6: after receiving the data to be transmitted, the client 1 (for example, the client 1B) serving as a receiver of the data to be transmitted decrypts the encrypted quantum random key by using the locally stored private key to obtain the quantum random key. Then, the client 1 serving as the receiver decrypts the to-be-transmitted information encrypted by the quantum random key by using the quantum random key to obtain the to-be-transmitted information.
After the user logs in, the public key information of the client 1 used by the user is uploaded to the server 2. The uploading process adopts an asymmetric encryption algorithm. An asymmetric encryption algorithm requires two keys for encryption and decryption. The two keys are respectively a public key and a private key. If data is encrypted using a public key, the encrypted data can only be decrypted using a private key corresponding to the public key. In short, the client 1 can generate the above public key and private key locally and automatically when the user logs in through the client 1.
The client 1, which is the sender of the information to be transmitted, needs to upload the public key it generates to the server 2.
The private key is generated locally (namely the client 1 serving as a sender of the information to be transmitted) and is stored locally, and the private key cannot be transmitted through the Internet, so that the absolute security of the private key is ensured. The server 2 encrypts and stores the public key after obtaining the public key, so as to ensure the security of the public key.
When a user adds a friend of the user through a client 1 (such as the client 1A) (such as the client 1B used by the friend of the user), the server 2 will forward the previously stored public key of the client 1 used by the friend to the client 1 of the user. The client 1 of the current user encrypts and stores the public key of the friend locally (such as the client 1A).
By the setting mode, when the user communicates with the friends of the user through the client 1A and the client 1B, the public key of the friends of the user does not need to be called to the server 2, so that the possibility of leakage of the public key is reduced, even if the server 2 is attacked and data is leaked, an attacker can only obtain the encrypted secret key (such as the public key) and cannot decrypt the message/data, and finally the purpose of ensuring the absolute safety of the information to be transmitted is achieved.
In addition, the server 2 sends the quantum random key to the client 1 through a bidirectional HTTPS channel. The HTTPS protocol is a network protocol that is constructed by SSL (Secure Sockets Layer) and HTTP and can perform encrypted transmission and identity authentication. All communication contents of the server 2 and the client 1 based on the HTTPS protocol are encrypted. In short, the client 1 first generates a symmetric key and exchanges it with the certificate of the server 2, i.e. in a general sense, a handshake process; and all subsequent information/data traffic is encrypted. Furthermore, HTTPS itself can prevent man-in-the-middle attacks because it has a CA (Certificate Authority) Certificate for authentication. A certificate is a digitized file that establishes a connection between a public key and an entity. It comprises the following contents: version information, serial number, certificate recipient name, issuer name, certificate validity period, public key, digital signature of the CA, and some other information. The certificate is issued by the CA. The CA can decide the validity period of the certificate. The certificate is signed by the CA. Each certificate has a unique serial number. The serial number of the certificate and the certificate issuer can determine the unique identity of a certain certificate. The unique identity of the certificate can help to confirm the identity of the server 2, and therefore the safety of the quantum random number and the information to be transmitted is finally ensured.
It should be noted that the above-mentioned embodiments are exemplary, and that those skilled in the art, having benefit of the present disclosure, may devise various arrangements that are within the scope of the present disclosure and that fall within the scope of the invention. It should be understood by those skilled in the art that the present specification and figures are illustrative only and are not limiting upon the claims. The scope of the invention is defined by the claims and their equivalents. The present description contains a plurality of inventive concepts such as "preferably", "according to a preferred embodiment" or "optionally" each indicating that the respective paragraph discloses a separate concept, the applicant reserves the right to apply for divisional applications according to each inventive concept.

Claims (10)

1. A quantum random number based encryption method, the method comprising:
at least two clients (1) send public keys corresponding to the clients (1) to a server (2), wherein the clients (1) can be used as senders or receivers of information to be transmitted;
the server (2) receives a public key which is sent by the client (1) and corresponds to the client (1), and the server (2) sends the public key of the client (1) which is used as a receiver of the information to be transmitted to the client (1) which is used as a sender of the information to be transmitted;
the quantum random number generator (3) sends a quantum random key corresponding to the information to be transmitted to the server (2), and the server (2) receives the quantum random key;
and the server (2) sends the quantum random key to a client (1) serving as a sender of the information to be transmitted.
2. The method of claim 1, further comprising:
the client (1) serving as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, encrypts the quantum random key by using a public key of the client (1) serving as the receiver of the information to be transmitted, and then sends data to be transmitted at least comprising the information to be transmitted and the quantum random key to the client (1) serving as the receiver of the information to be transmitted;
after the client (1) serving as the receiver of the information to be transmitted receives the information to be transmitted, the quantum random key is decrypted to obtain the quantum random key, and then the quantum random key is used for decrypting the information to be transmitted to obtain the information to be transmitted.
3. The method according to claim 2, wherein the step of sending the data to be transmitted, including the information to be transmitted and the quantum random key, to the client (1) as the recipient of the information to be transmitted comprises:
the client (1) serving as a sender of the information to be transmitted at least disguises the information to be transmitted in the data to be transmitted based on a confusion protocol and forms first disguised data;
the server (2) acquires the first camouflage data and analyzes the first camouflage data according to the confusion protocol to acquire a real request in the information to be transmitted;
the server (2) forwards the first masquerading data to the client (1) corresponding to the real request, which is a receiver of the information to be transmitted, based on the real request;
the client (1) serving as a receiver of the information to be transmitted acquires the first disguised data forwarded by the server (2);
the client (1) serving as the receiver of the information to be transmitted analyzes the first camouflage data forwarded by the server (2) based on the confusion protocol, and acquires the data to be transmitted from the first camouflage data.
4. The method of claim 3, wherein the first disguised data comprises at least information to be transmitted, a quantum random key, a disguise request, and an identifier;
the masquerading request corresponding to a real request in the information to be transmitted is generated by the client (1) which is a sender of the information to be transmitted based on the obfuscation protocol;
the identifier is used for identifying a masquerading algorithm used by the client (1) which is a sender of the information to be transmitted in the process of generating the masquerading request.
5. The method of claim 4, wherein disguising the information to be transmitted comprises:
the client (1) which is the sender of the information to be transmitted generates the camouflage request based on the confusion protocol so as to hide the real request corresponding to the information to be transmitted;
the client (1) which is used as a sender of the information to be transmitted combines the information to be transmitted, the quantum random key, the disguise request and the identifier corresponding to the disguise algorithm into the first disguise data.
6. The method of claim 4, wherein the method for disguising information to be transmitted further comprises:
the client (1) which is used as a sender of the information to be transmitted carries out random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being decoded by lawless persons.
7. The method according to claim 6, characterized in that the quantum random number generator (3) is able to send the quantum random key to the server (2) when the information to be transmitted is generated, the server (2) being able to number the quantum random key and receive it depending on the number.
8. The method according to claim 7, characterized in that the client (1) as the sender of the information to be transmitted is capable of sending a request to the server (2) for a quantum random key corresponding to the information to be transmitted to the server (2) when generating the information to be transmitted,
the server (2) can acquire the request in real time and send the quantum random key corresponding to the information to be transmitted to the client (1) sending the request.
9. The method according to claim 8, characterized in that in case that the client (1) as the receiver of the information to be transmitted has obtained the information to be transmitted, the client (1) as the receiver of the information to be transmitted is able to send second masquerading data to the server (2), wherein the second masquerading data comprises at least response data corresponding to the information to be transmitted in the first masquerading data.
10. A quantum random number based encryption system, comprising at least:
at least two clients (1) configured to be able to act as senders or receivers of information to be transmitted;
the server (2) is configured to be capable of receiving a public key corresponding to the client (1) and sent by the client (1), and sending the public key of the client (1) as a receiver of the information to be transmitted to the client (1) as a sender of the information to be transmitted;
a quantum random number generator (3) configured to be able to send to the server (2) a quantum random key corresponding to the information to be transmitted;
under the condition that the server (2) sends the quantum random key to a client (1) serving as a sender of the information to be transmitted, the client (1) serving as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, and sends data to be transmitted at least comprising the information to be transmitted and the quantum random key to the client (1) serving as a receiver of the information to be transmitted, and the client (1) serving as the receiver of the information to be transmitted obtains the information to be transmitted through the quantum random key so as to realize safe communication between the clients (1).
CN202210745366.6A 2022-06-27 2022-06-27 Encryption system and method based on quantum random number Pending CN115150076A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210745366.6A CN115150076A (en) 2022-06-27 2022-06-27 Encryption system and method based on quantum random number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210745366.6A CN115150076A (en) 2022-06-27 2022-06-27 Encryption system and method based on quantum random number

Publications (1)

Publication Number Publication Date
CN115150076A true CN115150076A (en) 2022-10-04

Family

ID=83409286

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210745366.6A Pending CN115150076A (en) 2022-06-27 2022-06-27 Encryption system and method based on quantum random number

Country Status (1)

Country Link
CN (1) CN115150076A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115720160A (en) * 2022-11-09 2023-02-28 中创通信技术(深圳)有限公司 Data communication method and system based on quantum key

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115720160A (en) * 2022-11-09 2023-02-28 中创通信技术(深圳)有限公司 Data communication method and system based on quantum key
CN115720160B (en) * 2022-11-09 2023-09-01 中创通信技术(深圳)有限公司 Data communication method and system based on quantum key

Similar Documents

Publication Publication Date Title
US8307208B2 (en) Confidential communication method
US10536269B2 (en) Method and system for authentication and preserving the integrity of communication, secured by secret sharing
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
WO2021109756A1 (en) Proxy anonymous communication method based on homomorphic encryption scheme
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
US11588627B2 (en) Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections
CN101558599B (en) Client device, mail system, program, and recording medium
CN111797431B (en) Encrypted data anomaly detection method and system based on symmetric key system
WO2020170225A2 (en) System and method for securing data
Huang et al. A secure communication over wireless environments by using a data connection core
GB2488753A (en) Encrypted communication
CN115150076A (en) Encryption system and method based on quantum random number
CN106972928B (en) Bastion machine private key management method, device and system
Prakash et al. Data security in wired and wireless systems
CN114945170A (en) Mobile terminal file transmission method based on commercial cipher algorithm
Tian et al. A Survey on Data Integrity Attacks and DDoS Attacks in Cloud Computing
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
CN112069487A (en) Intelligent equipment network communication safety implementation method based on Internet of things
KR100381710B1 (en) Method For Security In Internet Server Based Upon Membership Operating System And Server Systems Regarding It
Nithya et al. An Analysis on Cryptographic Algorithms for Handling Network Security Threats
CN114866220A (en) Data transmission device and method based on protocol confusion rule camouflage
Zhang et al. An IP address anonymization scheme with multiple access levels
CN113660195B (en) AES-RSA anti-man-in-the-middle attack method based on 104 protocol
Li Exploring the Application of Data Encryption Technology in Computer Network Security
Obeidat et al. An authentication model based on cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination