CN115801252A - Safe cloud desktop system combined with quantum encryption technology - Google Patents
Safe cloud desktop system combined with quantum encryption technology Download PDFInfo
- Publication number
- CN115801252A CN115801252A CN202310046768.1A CN202310046768A CN115801252A CN 115801252 A CN115801252 A CN 115801252A CN 202310046768 A CN202310046768 A CN 202310046768A CN 115801252 A CN115801252 A CN 115801252A
- Authority
- CN
- China
- Prior art keywords
- quantum
- cloud
- cloud desktop
- control gateway
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of cloud desktops, in particular to a safe cloud desktop system combined with a quantum encryption technology, and provides the following scheme aiming at the problems that the cloud desktop system in the prior art is low in strength and not convenient and fast to use, wherein the scheme comprises the following steps: the system comprises a cloud terminal, a control gateway, a quantum security service component, a cloud desktop server and quantum encryption storage equipment, wherein the quantum security service component is used for generating a quantum key. The invention not only utilizes the integration of the quantum security password technology and the cloud desktop system to improve the authentication strength of the cloud desktop system, but also can utilize the quantum true random number to encrypt the personal file of the cloud desktop user, change the state that a system administrator can check all data, and simultaneously, the encryption mode of the quantum password after the quantum key distribution network is combined is used in the communication between different data node networks, so that the whole encryption system has stronger security and convenience.
Description
Technical Field
The invention relates to the field of cloud desktops, in particular to a safe cloud desktop system combining a quantum encryption technology.
Background
Under the promotion of informatization wave, the cloud desktop becomes an important component of the next generation information technology industry, and is widely applied to various scenes of various industries such as an administrative service hall, daily office management, medical desktop cloud and the like. The cloud desktop system solves a series of problems of high cost, difficult maintenance and management, low data security, insufficient resource utilization rate and the like in the traditional computer local area network construction. The cloud desktop system locks data in a safety environment in the data center, and the cloud desktop system is wide in distribution, strong in mobility and weak in safety measure compared with a personal computer; plays a certain role in protecting sensitive data of countries and enterprises.
The existing cloud desktop system uses the most common VPN protocol, the adopted encryption algorithm comprises DES, 3DES and the like, the existing cloud desktop system is an unsafe algorithm at present, the legality of an access terminal is not authenticated, a malicious user can adopt a special terminal (a jumper broken by a hacker) to connect with a data center server, and a program prepared in advance can be operated on the malicious terminal to record all display results so as to cause information leakage. However, for some of the classic encryption algorithms still safe at present, along with the development of quantum computing, the classic encryption algorithms are possibly cracked violently under the strong computing power of quantum computing, and then the safety is lost. Based on this, this scheme has proposed a safe cloud desktop system that combines quantum encryption technique.
Disclosure of Invention
The safe cloud desktop system combined with the quantum encryption technology provided by the invention solves the problem of insufficient security of cloud desktop encryption in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a secure cloud desktop system incorporating quantum cryptography, comprising: the system comprises a cloud terminal, a control gateway, a quantum security service assembly, a cloud desktop server and quantum encryption storage equipment, wherein the quantum security service assembly is used for generating a quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage equipment;
the cloud terminal is used for acquiring input data, encrypting the input data through the quantum key to obtain encryption information, and sending the encryption information to the control gateway, wherein the input data comprises data to be fed back and data to be stored;
the control gateway is used for decrypting the encrypted information by using the quantum key and sending the input data obtained after decryption to the cloud desktop server;
the cloud desktop server is used for responding to the data to be fed back in the input data, generating a feedback instruction, and returning the feedback instruction to the cloud terminal through the control gateway, so that the cloud terminal displays an image in response to the feedback instruction, and the cloud desktop server is also used for sending the data to be stored in the input data to the quantum encryption storage device;
the quantum encryption storage device is used for encrypting and storing the data to be stored by using the quantum key.
Optionally, the quantum security service component includes a quantum security service platform connected to the control gateway and a quantum key distribution device connected to the quantum security service platform, wherein,
the quantum security service platform is used for controlling the quantum key distribution equipment to generate the end-to-end quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage equipment.
Optionally, the quantum security service component further includes a quantum random number generator externally connected to the quantum security service platform, and the quantum random number generator is configured to generate a single-point quantum random number.
Optionally, the quantum security service platform is further configured to provide the quantum random number for the quantum encryption storage device, so that the quantum encryption storage device generates the erasure code of the data to be stored based on the quantum random number.
Optionally, the control gateway is further configured to check validity of the access of the cloud terminal.
Optionally, the checking the validity of the access of the cloud terminal includes the following steps:
s1, the cloud terminal generates request information, the request information is encrypted by using a private key of the cloud terminal to obtain first encryption information, the first encryption information is sent to the control gateway, and the request information comprises a terminal identity identification code of the cloud terminal and a server identity identification code of the cloud desktop server;
s2, the control gateway decrypts the first encrypted information by using the public key of the cloud terminal, encrypts the request information by using the public key of the cloud desktop server after the request information is obtained by successful decryption to obtain second encrypted information, and sends the second encrypted information to the cloud desktop server;
s3, the cloud desktop server decrypts the second encrypted information by using a private key of the cloud desktop server to obtain the request information, verifies whether the terminal identification code and the server identification code in the request information meet preset conditions or not, and sends confirmation information to the control gateway after the verification that the terminal identification code and the server identification code meet the preset conditions is verified;
and S4, the control gateway responds to the confirmation information to confirm that the access of the cloud terminal is legal, so as to control the quantum security service component to distribute the quantum key after confirming that the access is legal.
Optionally, the secure cloud desktop system that combines quantum cryptography further includes a virtualization platform, where the virtualization platform is configured to provide a virtualization layer, so that each cloud desktop server bears multiple virtual machines.
Compared with the prior art, the invention has the beneficial effects that:
the quantum key is generated through the quantum security service component, the cloud terminal can transmit input data to the cloud desktop server through the control gateway after being encrypted through the quantum key, the cloud desktop server generates a feedback instruction for data to be fed back after decrypting encrypted information through the quantum key and returns the feedback instruction to the cloud desktop, the cloud desktop can respond to the feedback instruction to display images, in addition, the cloud desktop server also sends data to be stored in the decrypted input data to the quantum encryption storage device to achieve encryption storage through the quantum key, quantum communication is achieved through the quantum key in the encryption process, high security is achieved based on the quantum mechanics relevant principle, and the confidentiality performance of the cloud desktop system is improved.
Drawings
Fig. 1 is a schematic diagram of a secure cloud desktop system incorporating quantum encryption technology provided in the present invention.
Fig. 2 is a block diagram of an electronic device 200 shown in accordance with an example embodiment.
Fig. 3 is a block diagram illustrating an electronic device 300 in accordance with an example embodiment.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and the detailed description, and it should be noted that any combination of the embodiments or technical features described below can be used to form a new embodiment without conflict.
Example 1
Referring to fig. 1, a secure cloud desktop system combining quantum cryptography according to the embodiment includes: the system comprises a cloud terminal 110, a control gateway 120, a quantum security service component 130, a cloud desktop server and a quantum encryption storage device 140, wherein the quantum security service component is used for generating a quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage device. Referring to fig. 1, the quantum security service component 130 includes a quantum security service platform 131 connected to the control gateway and a quantum key distribution device 132 connected to the quantum security service platform 131.
The quantum security service platform is used for controlling the quantum key distribution equipment to generate an end-to-end quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage equipment.
Specifically, after an end-to-end quantum key, that is, a key implemented in different devices during encryption and decryption processes, for example, the quantum key is distributed to the control gateway, the cloud terminal, and the quantum encryption storage device, the cloud terminal may encrypt information using the quantum key, and the control gateway and the quantum encryption storage device may decrypt the encrypted information to perform subsequent operations. In order to distribute the quantum key, the cloud terminal can also be internally or externally provided with corresponding quantum key distribution equipment, so that the quantum key distribution equipment of the cloud terminal and the quantum key distribution equipment in the quantum security service assembly realize key distribution based on a quantum key distribution protocol such as a BB84 protocol, and the control gateway, the cloud desktop server and the quantum encryption storage equipment are all deployed in the same network security domain with the quantum security service assembly, so that the cloud terminal has higher security, and the quantum key can be encrypted in a classical encryption manner and then transmitted to the corresponding equipment for application.
Referring to fig. 1, the quantum security service component 130 further includes a quantum random number generator 133 externally connected to the quantum security service platform 131, where the quantum random number generator 133 is configured to generate a single-point quantum random number, and the quantum security service platform 131 is further configured to provide the quantum random number for the quantum encryption storage device 140, so that the quantum encryption storage device 140 generates an erasure code of data to be stored based on the quantum random number. Whereas a single-point quantum random number is also one of the quantum security keys, the single-point quantum random number may also be distributed to the control gateway, the cloud terminal, and the quantum encryption storage device through a key mobile storage device such as an UKey.
Specifically, after receiving the quantum random number, the quantum encryption storage device calculates the Erasure Code based on the EC (Erasure Code) Erasure Code correlation algorithm to store the Erasure Code and the data to be stored together, so that when the data to be stored is partially lost or damaged, the Erasure Code can be used to recover the complete data to be stored, thereby improving the disaster tolerance capability of the data.
In a possible implementation manner, the quantum security service platform is used for providing quantum cryptography and algorithm management and issuing a quantum security key UKey to be injected into the cloud terminal, a quantum security key source is externally connected to the quantum security service platform, and the quantum security key source can be a single-point quantum random number key generated by a quantum random number generator and an end-to-end quantum key generated by a quantum key distribution network.
Optionally, the secure cloud desktop system combined with the quantum encryption technology may further include a cloud resource management and scheduling module, which is used for a desktop virtualization system to perform a management function on relevant resources such as a physical machine, a virtual machine, an operating system, and an application program at a server end in a process of providing a remote shared desktop, a remote shared application, and a virtual desktop. The cloud resource management and scheduling module may include a session connection management sub-module, a session function control sub-module, a session access control sub-module, and the like, and is implemented by directly managing sessions or setting a related session management policy.
The cloud terminal is used for obtaining input data, encrypting the input data through a quantum key to obtain encryption information, and sending the encryption information to the control gateway, wherein the input data comprises data to be fed back and data to be stored.
Specifically, the cloud terminal is a terminal device operated by a user, such as a personal computer, and different from a common computer, the computing capacity and the storage capacity of the cloud terminal both meet a lower standard, so that the hardware cost of the terminal is reduced. The user can input information through an external input device such as a keyboard or a mouse at the cloud terminal, and then the cloud terminal obtains input data, encrypts the input data by using a related encryption algorithm and sends the encrypted input data to the control gateway. The data to be fed back is data which needs to be fed back immediately after the cloud desktop server completes the operation on the data to be fed back, and the data to be stored does not need to be fed back immediately but only needs to be stored.
And the control gateway is used for decrypting the encrypted information by using the quantum key and sending the input data obtained after decryption to the cloud desktop server.
The cloud desktop server is used for responding to data to be fed back in the input data, generating a feedback instruction, and returning the feedback instruction to the cloud terminal through the control gateway, so that the cloud terminal responds to the feedback instruction to display an image, and the cloud desktop server is also used for sending the data to be stored in the input data to the quantum encryption storage device.
For example, if the data to be fed back is a string of mathematical computation instructions, the cloud desktop server responds to the data to be fed back, computes a result of the data to be fed back, generates a feedback instruction including the result, and then sends the feedback instruction to the control gateway and then to the cloud terminal through the control gateway, where the information sending process may be encryption transmission. The cloud desktop server identifies data to be stored and then sends the data to be stored to quantum encryption storage equipment for encryption storage, the cloud desktop server returns a feedback instruction based on a quantum encryption mode in one possible implementation mode, specifically, the cloud desktop server generates the feedback instruction, encrypts the feedback instruction by using the quantum key to obtain encrypted data and sends the encrypted data to a control gateway, the control gateway forwards the encrypted data to the cloud terminal, the cloud terminal decrypts the encrypted data based on the quantum key to obtain the feedback instruction, and then improves the security of data transmission by using the quantum encryption mode, in the other possible implementation mode, the cloud desktop server and the control gateway are deployed in the same network security domain, and the cloud desktop server can obtain the encrypted data based on a classical encryption mode, send the encrypted data to the control gateway, control the encrypted data to decrypt the encrypted data and send the encrypted data to the control gateway; and the cloud terminal decrypts the encrypted data based on the quantum key to obtain a feedback instruction.
The quantum encryption storage device is used for encrypting and storing data to be stored by using a quantum key, referring to fig. 1, the quantum encryption storage device 140 can comprise an encryption storage processor 141 and distributed storage nodes 142, the encryption storage processor is connected with a quantum security service platform, personal protection data provided by a cloud desktop server is encrypted by a quantum random number obtained from the quantum security service platform and then stored in the distributed storage nodes, the data is guaranteed to be opened only by a user, an operation and maintenance management system and hardware are used for providing requirements for related auxiliary functions for guaranteeing normal operation of the system, the encryption mode of the encryption storage processor comprises a quantum key distribution network, a quantum password after the quantum key distribution network is combined, a quantum random number generator generates a local quantum key, and a classical encryption mode, wherein the quantum key distribution network is a quantum key obtained symmetrically between an end and is established through an optical fiber channel; the quantum random number generator generates a local quantum key, the random number generator is constructed according to the characteristics of the quantum measurement inaccuracy principle and the like, the generated random number has the true random characteristic, the quantum key is generated by using the method under the condition that the quantum key distribution network cannot be accessed, the method can be matched with the quantum key distribution network, and the key formed by the quantum key distribution network is used for trans-regional and trans-industrial trans-unit encryption transmission; the classical symmetric encryption mode comprises algorithms such as AES, DES, SM1 and SM4, and the combination scheme enables the whole quantum encryption scheme to have strong forward security, enables the whole system to be capable of coping with quantum attacks, and is more economical and feasible.
Optionally, the secure cloud desktop system combined with the quantum encryption technology may further include a virtualization platform, where the virtualization platform is configured to provide a virtualization layer, so that each cloud desktop server bears multiple virtual machines, and the virtualization platform controls server resources allocated to each virtual machine, and provides virtual machine performance close to a physical machine and enterprise-level scalability; the method provides careful and tiny resource management, can share the resources of the physical server among the running virtual machines, improves the utilization rate of the server, ensures that each virtual machine keeps an isolated state, has the characteristics of built-in high availability, resource management, safety and the like, and provides a higher service level for software application programs than a static physical environment.
The quantum key generated by the quantum random number generator is a random number generator constructed according to the characteristics of a quantum inaccuracy measuring principle and the like, the generated random number has a true random characteristic, the quantum key can be generated in such a way under the condition that the quantum key distribution network cannot be accessed, the personal file of a cloud desktop user is encrypted by using the quantum true random number, the state that a system administrator can check all data is changed, and the safety and the privacy of data storage are improved.
The secure cloud desktop system combined with the quantum encryption technology can further comprise an operation and maintenance management system and hardware, and is used for providing requirements for related auxiliary functions for guaranteeing normal operation of the system, such as configuration management, system monitoring, capacity management and data backup.
Example 2
Referring to fig. 1, the present embodiment is further improved based on embodiment 1 in that: the control gateway is also used for checking the access validity of the cloud terminal, and the cloud resource management and scheduling module is used for managing the whole session process of the user for remotely accessing the shared desktop and the virtual desktop.
It should be noted that the control gateway may check the validity of the cloud terminal access, before the cloud terminal establishes a link with the cloud desktop server to perform quantum communication based on the quantum key, and after the cloud terminal is determined to be legal, the link between the cloud terminal and the cloud desktop server is established to reduce the quantum communication cost. Optionally, the checking the validity of the access of the cloud terminal includes the following steps:
s1, a cloud terminal generates request information, the request information is encrypted by using a private key of the cloud terminal to obtain first encryption information, the first encryption information is sent to a control gateway, and the request information comprises a terminal identification code of the cloud terminal and a server identification code of a cloud desktop server;
s2, the control gateway decrypts the first encrypted information by using the public key of the cloud terminal, encrypts the request information by using the public key of the cloud desktop server after the request information is obtained by successful decryption to obtain second encrypted information, and sends the second encrypted information to the cloud desktop server;
s3, the cloud desktop server decrypts the second encrypted information by using a private key of the cloud desktop server to obtain request information, verifies whether a terminal identity identification code and a server identity identification code in the request information meet preset conditions or not, and sends confirmation information to the control gateway after the verification that the terminal identity identification code and the server identity identification code meet the preset conditions;
and S4, the control gateway responds to the confirmation information to confirm that the access of the cloud terminal is legal, so that the quantum security service component is controlled to distribute the quantum key after the access is legal.
The cloud terminal and the cloud desktop server are provided with own public keys and private keys, the private keys and the public keys are classical keys instead of the quantum keys, the public keys are published to the outside, and the private keys are only stored in own equipment and are not published to the outside.
In step S1, the request information may be a request for establishing a link with the cloud desktop server, and the cloud terminal encrypts the request information by using its own private key and sends the encrypted request information to the control gateway. The terminal identification code and the server identification code are respectively used for identifying the cloud terminal and the cloud desktop server, and each cloud terminal and each cloud desktop server respectively have a unique terminal identification code and a unique server identification code.
In step S2, the control gateway decrypts the first encrypted information by using the public key of the public cloud terminal, and if the decryption is successful, the original request information can be obtained, and then the public key of the cloud desktop server is used to encrypt the request information and send the encrypted request information to the cloud desktop server. Since only the cloud terminal has its own private key, if the first encrypted information can be decrypted successfully by using its corresponding public key, it can be verified that the first encrypted information is from the corresponding cloud terminal, and the information that is decrypted successfully is encrypted and sent to the cloud desktop server, and if the decryption is unsuccessful, an error message is returned to the cloud terminal, the first encrypted information received by the control gateway is destroyed, and the sending of the decrypted information to the cloud desktop server is stopped.
And after decryption, verifying whether the terminal identification code and the server identification code meet preset conditions, wherein the preset conditions comprise that whether the terminal identification code exists in a preset communication white list and whether the sent server identification code is the same as the server identification code of the cloud desktop server, and if the terminal identification code exists in the preset communication white list and the sent server identification code is the same as the server identification code of the cloud desktop server, meeting the preset conditions and sending confirmation information to the control gateway.
In the invention, the cloud terminal of the secure cloud desktop system combined with the quantum encryption technology can be realized based on the electronic equipment shown in FIG. 2, and the cloud desktop server can be realized based on the electronic equipment shown in FIG. 3.
FIG. 2 is a block diagram illustrating an electronic device 200 according to an example embodiment. As shown in fig. 2, the electronic device 200 may include: a processor 201 and a memory 202. The electronic device 200 may also include one or more of a multimedia component 203, an input/output (I/O) interface 204, and a communication component 205. The computing and storage capabilities of the processor 201 and memory 202 may be less demanding than typical home or commercial local computing devices.
The processor 201 is used for controlling the overall operation of the electronic device 200. The Memory 202 is used for storing various types of data to support operations of the electronic device 200, and the data may include, for example, instructions returned by the cloud terminal server and related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like, the Memory 202 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically Erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic disk, flash Memory, or optical disk, and the multimedia component 203 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is adapted to output and/or input audio signals, and wherein the audio component may comprise, for example, a microphone adapted to receive external audio signals. The received audio signal may further be stored in the memory 202 or transmitted through the communication component 205. The audio components further comprise at least one speaker for outputting audio signals, an input/output (I/O) interface 204 for providing an interface between the processor 201 and other interface modules, such as a keyboard, a mouse, buttons, etc., which buttons may be virtual buttons or physical buttons, and a communication component 205 for wired or wireless communication between the electronic device 200 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, 5G, or a combination thereof, and thus the corresponding Communication component 205 may include: wi-Fi module, bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 200 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components.
Fig. 3 is a block diagram illustrating an electronic device 300 in accordance with an example embodiment. For example, the electronic device 300 may be provided as a server, and referring to fig. 3, the electronic device 300 includes one or more processors 322, and a memory 332 for storing computer programs executable by the processors 322, and the computer programs stored in the memory 332 may include one or more modules each corresponding to a set of instructions.
Additionally, electronic device 300 may also include power components 326 and communication components 350, where power components 326 may be configured to perform power management of electronic device 300, where communication components 350 may be configured to enable communication, e.g., wired or wireless communication, of electronic device 300, where electronic device 300 may further include input/output (I/O) interfaces 358, where electronic device 300 may operate based on an operating system stored in memory 332, e.g., windows Server, mac OS XTM, unixTM, linuxTM, and the like.
The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, however, the present invention is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the present invention within the technical idea of the present invention, and these simple modifications are within the protective scope of the present invention.
It should be noted that the various technical features described in the above embodiments can be combined in any suitable manner without contradiction, and the invention is not described in any way for the possible combinations in order to avoid unnecessary repetition.
In addition, any combination of the various embodiments of the present invention can be made, and the same should be considered as the disclosure of the present invention as long as the idea of the present invention is not violated.
Claims (7)
1. A secure cloud desktop system incorporating quantum cryptography, comprising: the system comprises a cloud terminal, a control gateway, a quantum security service assembly, a cloud desktop server and quantum encryption storage equipment, wherein the quantum security service assembly is used for generating a quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage equipment;
the cloud terminal is used for acquiring input data, encrypting the input data through the quantum key to obtain encryption information, and sending the encryption information to the control gateway, wherein the input data comprises data to be fed back and data to be stored;
the control gateway is used for decrypting the encrypted information by using the quantum key and sending the input data obtained after decryption to the cloud desktop server;
the cloud desktop server is used for responding to the data to be fed back in the input data, generating a feedback instruction, and returning the feedback instruction to the cloud terminal through the control gateway, so that the cloud terminal displays an image in response to the feedback instruction, and the cloud desktop server is also used for sending the data to be stored in the input data to the quantum encryption storage device;
the quantum encryption storage device is used for encrypting and storing the data to be stored by using the quantum key.
2. The secure cloud desktop system in combination with quantum cryptography according to claim 1, wherein the quantum security service component comprises a quantum security service platform connected to the control gateway and a quantum key distribution device connected to the quantum security service platform,
the quantum security service platform is used for controlling the quantum key distribution equipment to generate the end-to-end quantum key and distributing the quantum key to the control gateway, the cloud terminal and the quantum encryption storage equipment.
3. The secure cloud desktop system in combination with quantum cryptography according to claim 2, wherein the quantum secure services component further comprises a quantum random number generator external to the quantum secure services platform, the quantum random number generator configured to generate single-point quantum random numbers.
4. The secure cloud desktop system combining quantum cryptography according to claim 3, wherein the quantum security service platform is further configured to provide the quantum random number to the quantum cryptography storage device, so that the quantum cryptography storage device generates the erasure code of the data to be stored based on the quantum random number.
5. The system of claim 2, wherein the control gateway is further configured to check the validity of the cloud terminal access.
6. The system of claim 5, wherein the checking of the validity of the cloud terminal access comprises the following steps:
s1, the cloud terminal generates request information, the request information is encrypted by using a private key of the cloud terminal to obtain first encryption information, the first encryption information is sent to the control gateway, and the request information comprises a terminal identity identification code of the cloud terminal and a server identity identification code of the cloud desktop server;
s2, the control gateway decrypts the first encrypted information by using the public key of the cloud terminal, encrypts the request information by using the public key of the cloud desktop server after the request information is obtained by successful decryption to obtain second encrypted information, and sends the second encrypted information to the cloud desktop server;
s3, the cloud desktop server decrypts the second encrypted information by using a private key of the cloud desktop server to obtain the request information, verifies whether the terminal identification code and the server identification code in the request information meet preset conditions or not, and sends confirmation information to the control gateway after the verification that the terminal identification code and the server identification code meet the preset conditions is verified;
and S4, the control gateway responds to the confirmation information to confirm that the access of the cloud terminal is legal, so as to control the quantum security service component to distribute the quantum key after confirming that the access is legal.
7. The secure cloud desktop system in combination with quantum cryptography according to claim 1, further comprising a virtualization platform for providing a virtualization layer such that each of said cloud desktop servers hosts a plurality of virtual machines.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310046768.1A CN115801252B (en) | 2023-01-31 | 2023-01-31 | Safe cloud desktop system combined with quantum encryption technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310046768.1A CN115801252B (en) | 2023-01-31 | 2023-01-31 | Safe cloud desktop system combined with quantum encryption technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115801252A true CN115801252A (en) | 2023-03-14 |
| CN115801252B CN115801252B (en) | 2023-04-14 |
Family
ID=85429330
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310046768.1A Active CN115801252B (en) | 2023-01-31 | 2023-01-31 | Safe cloud desktop system combined with quantum encryption technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801252B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120177201A1 (en) * | 2009-09-29 | 2012-07-12 | Qinetiq Limited | Methods and apparatus for use in quantum key distribution |
| CN109984539A (en) * | 2019-04-23 | 2019-07-09 | 上海孚天量子科技有限公司 | A kind of quantum generation converting apparatus |
| CN114443218A (en) * | 2021-12-23 | 2022-05-06 | 广西壮族自治区公众信息产业有限公司 | Desktop cloud fault repairing method and system |
| CN115242785A (en) * | 2022-09-22 | 2022-10-25 | 长江量子(武汉)科技有限公司 | Secure communication method between desktop cloud server and terminal |
-
2023
- 2023-01-31 CN CN202310046768.1A patent/CN115801252B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120177201A1 (en) * | 2009-09-29 | 2012-07-12 | Qinetiq Limited | Methods and apparatus for use in quantum key distribution |
| CN109984539A (en) * | 2019-04-23 | 2019-07-09 | 上海孚天量子科技有限公司 | A kind of quantum generation converting apparatus |
| CN114443218A (en) * | 2021-12-23 | 2022-05-06 | 广西壮族自治区公众信息产业有限公司 | Desktop cloud fault repairing method and system |
| CN115242785A (en) * | 2022-09-22 | 2022-10-25 | 长江量子(武汉)科技有限公司 | Secure communication method between desktop cloud server and terminal |
Non-Patent Citations (1)
| Title |
|---|
| 柴小文,马维华: "量子密码学安全协议的研究" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115801252B (en) | 2023-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108235806B (en) | Method, device and system for safely accessing block chain, storage medium and electronic equipment | |
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| US8745394B1 (en) | Methods and systems for secure electronic communication | |
| US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
| US20110197059A1 (en) | Securing out-of-band messages | |
| US20180091487A1 (en) | Electronic device, server and communication system for securely transmitting information | |
| US20180375648A1 (en) | Systems and methods for data encryption for cloud services | |
| US20180262352A1 (en) | Secure Authentication of Remote Equipment | |
| WO2022100356A1 (en) | Identity authentication system, method and apparatus, device, and computer readable storage medium | |
| US20230076147A1 (en) | Method and apparatus for authenticating terminal, computer device and storage medium | |
| US11722303B2 (en) | Secure enclave implementation of proxied cryptographic keys | |
| CN113992346A (en) | Implementation method of security cloud desktop based on state password reinforcement | |
| EP4096160A1 (en) | Shared secret implementation of proxied cryptographic keys | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
| CN113992702A (en) | Storage state encryption reinforcing method and system for ceph distributed file system | |
| TW202231014A (en) | Message transmitting system, user device and hardware security module for use therein | |
| KR102413497B1 (en) | Systems and methods for secure electronic data transmission | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| US11888822B1 (en) | Secure communications to multiple devices and multiple parties using physical and virtual key storage | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| KR102171377B1 (en) | Method of login control | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| CN113727059B (en) | Network access authentication method, device and equipment for multimedia conference terminal and storage medium | |
| CN115801252B (en) | Safe cloud desktop system combined with quantum encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |