CN116846547A - Quantum technology-based political data cross-domain safe transmission model - Google Patents

Abstract

The invention belongs to the technical field of quantum keys, and discloses a political data cross-domain safe transmission model based on a quantum technology, which comprises quantum key distribution; the method comprises the steps of generating a truly random quantum key sequence, and carrying out quantum key negotiation to generate a quantum cipher book; quantum gateway cross-domain data transmission and authentication; the method is used for forming a symmetrical quantum cipher codebook through quantum key negotiation, exchanging public key information of the quantum gateways of the two parties, and realizing the identity authentication of the two parties and the safe transmission of cross-domain data; identifying and managing domain control server data and user rights; for identifying and managing data and user rights within the domain. In a quantum technology-based political data cross-domain secure transmission model, authentication is performed by a quantum gateway, and identity authentication information is bound for users in a domain by using a quantum key, so that the uniqueness and the non-counterfeitability of the identity authentication can be ensured.

Description

Quantum technology-based political data cross-domain safe transmission model

Technical Field

The invention belongs to the technical field of quantum keys, and particularly relates to a political data cross-domain safe transmission model based on a quantum technology.

Background

At present, under the big data age, multi-group office is more and more popular. Secure sharing of data during cross-domain transmission and hierarchical classification and secure management of data are currently urgent problems to be solved. With the development of a quantum key distribution network (QKD network), a new solution is provided for the problems of data security and authority existing in classical cross-domain transmission. The information theory safety of quantum communication is ensured by the relevant characteristics of quantum mechanics, so that the safe distribution of the quantum key can be realized, and the quantum key has true randomness. Therefore, the quantum key can be integrated into a classical public-private key system and a symmetric encryption system, and the security of the key in a symmetric encryption algorithm or an asymmetric encryption algorithm is ensured by the true randomness of the quantum key. In addition, the quantum key can be used as a master key to generate keys at all levels for digital signature, message encryption, identity binding and the like, so that higher security of a key layer is ensured, and the security problem faced by classical data in cross-domain transmission is solved.

In the research of protecting cross-domain data, zhang Jianhui et al propose a cross-domain transmission method based on a data passport, solve the problem of low security of a gatekeeper during cross-domain transmission, and realize the security protection of the cross-domain data. The European Haifen et al designs a dynamic authorization tree, introduces the associated nodes and the dynamic grouping nodes to solve the problem of real-time update of data, and reduces the exchange amount of the data while realizing data protection. Yang Jing et al analyze the password support technology in the cross-domain transmission of government information and propose to build a nationally unified password support system to formulate encryption standards for the security protection of cross-domain data. Yin Limin et al propose a data cross-domain transmission method based on chaotic key control in order to protect the security of cross-domain data, which can enhance the security of data while improving the data transmission speed. Aiming at the safety requirement of the current cross-domain data, the ShouLilin et al analyzes the internal and external safety threat of the system faced in the cross-domain transmission, proposes the protection technologies of data safety identification binding, content filtering and the like, and realizes the safety protection of the cross-domain data. Xu Liang et al designed a data cross-domain transmission control system in heterogeneous environments, ensuring the security of big data in cross-domain. The above researches can effectively solve the security problem during data cross-domain transmission, but with the development of quantum computation, the encryption algorithm used in the classical cross-domain transmission model is not secure any more, the possibility of revealing the secret key is increased, and the security of cross-domain data transmission and sharing is challenged.

In the security authentication study of cross-domain transmission, luo Yi et al designed a signature scheme for intermediate information transmission in a public key environment, and realized cross-domain signature authentication between two different cryptosystems. The cycle et al propose a multi-level encryption algorithm capable of authentication, and realize authentication of identity while distributing data calculation load. Xu Juanjuan et al introduce the authentication center of the third party, realize the cross-domain identity authentication based on the blind signature of the agency, have reduced the computational burden of identity authentication while transmitting across the domain. Pan Xue et al introduce blockchain technology into a cross-domain sharing model, design a cross-domain access mechanism based on intelligent contracts, and ensure the security of identity authentication during cross-domain transmission. The above research utilizes classical public and private key system or blockchain technology to ensure the reliability and security of identity authentication in cross-domain transmission. The reliability of the method mainly derives from the security of classical cryptographic algorithms, but with the development of quantum computation, authentication based on public-private key systems is no longer secure, so that identity authentication transmitted across domains is no longer reliable.

In the research of cross-domain transmission based on quantum technology, tan Zheng, han Guwei and the like develop research on fusion of a quantum key and a classical password system, propose a fusion technology of the quantum key and classical symmetric passwords and asymmetric passwords, and accelerate application of a quantum communication technology in the classical password system.

Through the above analysis, the problems and defects existing in the prior art are as follows:

(1) Safety problem: with the development of quantum computing, encryption algorithms used in classical cross-domain transmission models are no longer secure, the possibility of secret keys being revealed is increased, and security of cross-domain data transmission and sharing is challenging.

(2) Authentication problem: authentication based on public-private key system is not safe any more, so that identity authentication of cross-domain transmission is not reliable any more, and identity security guarantee during cross-domain transmission cannot be met.

(3) Data transfer amount problem: the quantum communication technology is mostly research on the transmission security of quantum keys and the combination of quantum keys and classical cryptography, and has not been a good solution under the condition that the amount of data transmitted in a communication system is larger and larger.

(4) Low cost safety supervision problem: low cost security administration of quantum keys has not yet been concerned, which would limit the widespread use of quantum communication technologies.

Disclosure of Invention

Aiming at the problems existing in the prior art, the invention provides a quantum technology-based political data cross-domain secure transmission model.

The invention is realized in such a way that a quantum technology-based political data cross-domain safe transmission model comprises:

Quantum key distribution; the method comprises the steps of generating a truly random quantum key sequence, and carrying out quantum key negotiation to generate a quantum cipher book;

quantum gateway cross-domain data transmission and authentication; the method is used for forming a symmetrical quantum cipher codebook through quantum key negotiation, exchanging public key information of the quantum gateways of the two parties, and realizing the identity authentication of the two parties and the safe transmission of cross-domain data;

identifying and managing domain control server data and user rights; for identifying and managing data and user rights within the domain.

Further, the quantum key distribution further comprises a quantum device and a quantum gateway;

the quantum device is used for generating a quantum key pool; the quantum device generates a key pool by utilizing the characteristic of quantum mechanics, a sender wraps a series of quantum bits according to a certain mode to form a quantum key pool, and then part of the quantum key pool is sent to a receiver; the receiver also performs some operations, and entangles the received quantum bit with the quantum bit generated by the receiver, so as to obtain a shared secret key;

and the quantum gateway is used for managing the quantum key pool and carrying out quantum key negotiation.

Further, the quantum gateway specifically includes the following steps in performing quantum key negotiation:

Step 1: the quantum gateway firstly obtains a group of random quantum key pools from the quantum equipment, wherein the key pools consist of a plurality of random quantum bits;

step 2: the quantum gateway negotiates a group of symmetrical quantum keys by using the key pool and a quantum cryptography algorithm;

step 3: the quantum gateway sends the quantum key to a receiver of the data and uses it for encryption and decryption of cross-domain data transmissions;

step 4: if eavesdropping or tampering is found during transmission, the quantum gateway will immediately interrupt the transmission and notify the relevant personnel.

Further, the quantum gateway cross-domain data transmission and authentication specifically comprises the following steps:

s1: quantum key distribution;

s2: identity verification;

s3: transmitting cross-domain data;

s4: data decryption and verification:

further, the quantum key distribution in S1 specifically includes the following steps:

s101: two political institutions of the A domain and the B domain generate symmetrical quantum key pools through quantum key distribution equipment;

s102: the quantum gateway of the A domain and the quantum gateway of the B domain carry out quantum key negotiation, wherein the quantum gateway of the A domain randomly generates a quantum key number a and a random number r1, and the quantum gateway of the B domain randomly generates a quantum key number B and a random number r2;

S103: the quantum gateway of the A domain signs the (a, r 1) by using the private key of the quantum gateway of the A domain, and sends the signature and the public key to the quantum gateway of the B domain;

s104: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, uses the private key of the B domain to sign (B, r 2), and sends the signature and the public key to the quantum gateway of the A domain;

s105: the quantum gateway of the A domain uses the public key of the B domain to verify whether the signature is correct, and uses quantum key numbers a and B and two random numbers r1 and r2 to generate a symmetrical quantum cipher code book;

s106: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, and uses the quantum key numbers B and a and the two random numbers r2 and r1 to generate a symmetrical quantum cipher code.

Further, the authentication in S2 specifically includes the following steps:

s201: the A domain member initiating the request provides member information, domain information and public key information to the domain control server for identity verification.

S202: the domain control server forwards the request information to the a-domain quantum gateway.

S203: the A domain quantum gateway encrypts the current timestamp T by using a quantum key number ID1 through a symmetric encryption algorithm to generate a signature key Key.

S204: the quantum gateway signs the received member information and domain information to form authentication information, and signs the member's identity using Keys.

S205: the quantum gateway encrypts the random number R by using a quantum key number ID2 through a symmetric encryption algorithm to generate a session key Key.

S206: the quantum gateway encrypts the identity verification information by using a Keyc, encrypts an identity verification data packet by using a public key of the domain B quantum gateway, and sends the data packet to the domain B; the public key encryption authentication data packet specifically comprises encryption authentication information, a quantum key number ID2 and a random number R.

Further, the step of transmitting the cross-domain data in the step S3 specifically includes the following steps:

s301: the domain control server of the B domain submits cross-domain data information composed of cross-domain political data, data authority, data provider identity information and data requester information to the B domain quantum gateway.

S302: and the B-domain quantum gateway encrypts the cross-domain political data by using the public key of the data requester to form encrypted data information.

S303: the quantum gateway signs the encrypted data information by using a private key of a cross-domain political data sender to obtain signature information.

S304: the B domain quantum gateway encrypts cross-domain information by using a session key Key c, wherein the Key c is generated in the same way as during identity verification; the encrypted cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

S305: the B domain quantum gateway encrypts a cross-domain data packet by using a public key of the A domain quantum gateway; the public key encryption cross-domain data packet comprises encryption cross-domain information, a public key certificate of a sender, a random number R and a quantum key number;

s306: and the B domain quantum gateway transmits the encrypted cross-domain data packet to the A domain.

Further, the data decryption and verification in S4 specifically includes the following steps:

s401: the A domain quantum gateway uses the private key of the gateway to decrypt the cross-domain data packet and verifies the identity of the sender;

s402: the A domain quantum gateway recovers a session key Key c by using a quantum key number and a random number R, and decrypts cross-domain information by using the Key c; the decryption cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

s403: the A domain quantum gateway uses the public key of the sender to verify whether the signature of the cross-domain information is correct or not;

s404: if the signature is correct, the A domain quantum gateway sends encrypted political data information, data authority and data receiver information in cross-domain information to an A domain control server;

s405: the A domain control server checks whether the data authority matches the authority of the data receiver, and if so, the A domain control server sends encrypted political data information to a member initiating a data request;

S406: and the member uses the private key to decrypt the political data information, and finally obtains the cross-domain political data. Further, the identification and management of the domain control server data and the user authority specifically comprises the following steps:

a. defining authority level of political data: according to the confidentiality level of the political data, the domain control server defines different data authority levels, so that the data of different levels can only be accessed by specific users/groups;

b. the classification hierarchy gives the domain members data access rights: according to factors such as departments, posts and the like where the members are located, the domain control server gives different data access rights to different members;

c. matching rights of cross-domain data with rights of data requesters: when cross-domain transmission is carried out, after the domain control server receives the cross-domain data, matching whether the authority of the cross-domain data is consistent with the authority of the data requester; if the rights of the data requester are higher than the rights of the cross-domain data, the data requester can access the cross-domain data; otherwise, it is not accessible;

d. transmitting data to corresponding domain users: if the matching is successful, the domain control server sends the cross-domain data to the corresponding domain user, and allows the cross-domain data to be accessed; otherwise, reporting a request error, and rejecting access.

Further, the domain control server gives different members different data access rights, a member of one department can only access the data of the department, and an administrator can access the data of the whole political organization.

In combination with the technical scheme and the technical problems to be solved, the technical scheme to be protected has the following advantages and positive effects:

the quantum gateway is introduced into a classical cross-domain transmission system by the political data cross-domain secure transmission model based on the quantum technology, an identity certificate of a user in a domain is formed by using the quantum gateway, and identity authentication during cross-domain transmission is completed. When data cross-domain transmission is carried out, a data sender utilizes a quantum key in a quantum gateway to protect cross-domain data, and the quantum gateway forms a data signature for the cross-domain data, and simultaneously binds the unique access right of the cross-domain data. When the quantum gateway of the data access party receives the cross-domain data, firstly, authenticating the cross-domain identity and checking the data integrity; and then the domain control server is used for mapping the authorities, only individuals or departments with the matched authorities can decrypt the cross-domain data, and finally a data visitor checks the cross-domain data to finish the multi-organization data sharing office. The quantum key distribution, the quantum gateway and the classical password system are combined to realize the protection of cross-domain data, the hierarchical classification management of users and data and the cross-domain identity authentication, and the method has higher key security.

Meanwhile, in a political data cross-domain secure transmission model based on quantum technology, authentication is carried out by a quantum gateway, and identity authentication information is bound for users in a domain by using a quantum key, so that the uniqueness and the non-counterfeitability of the identity authentication can be ensured. Compared with a classical authentication system, the authentication security of the quantum gateway is ensured by the security of the quantum key, the quantum key only exists in the quantum gateway, and clear text information of the quantum key cannot appear during cross-domain transmission, so that an attacker cannot forge the identity information of a domain user, and higher security during identity authentication is ensured. Therefore, the quantum technology-based political data cross-domain secure transmission model can realize data security and identity authentication security of political data during cross-domain transmission.

Secondly, the technical proposal to be protected has the technical effects and advantages as follows:

(1) The safety is high: by adopting the key negotiation scheme based on the quantum technology, the security of data transmission can be greatly improved, and the data can be prevented from being stolen or tampered.

(2) The reliability is strong: the quantum random number generator is utilized to generate real random numbers, so that security holes existing in the traditional key negotiation scheme can be avoided, and the reliability of the system is improved.

(3) The cross-domain capability is strong: the quantum gateway cross-domain data transmission and authentication can realize data transmission and identity authentication across different domains, meet the requirement of rapid transmission of political data between different domains, and improve the working efficiency.

(4) The management is convenient: the domain control server data and the user authority identification and management can conveniently manage the domain control server and the user authority, and the system management efficiency is improved.

(5) The flexibility is strong: the dynamic generation and updating of the quantum key pool and the programmability of the quantum gateway enable the system to have certain flexibility, and the system can be flexibly configured and adjusted according to actual needs.

Thirdly, as inventive supplementary evidence of the claims of the present invention, the following 2 important aspects are also embodied:

(1) The expected benefits and commercial values after the technical scheme of the invention is converted are as follows:

according to the quantum technology-based political data cross-domain secure transmission model, the quantum key distribution and quantum cryptography technology are adopted, so that the possible eavesdropping and cracking risks in data transmission of the traditional encryption technology are solved, and the safety and reliability of political data transmission are improved.

In the technical scheme of the invention, the quantum key distribution can ensure the safety and unpredictability of the quantum key by generating a high-quality quantum key pool and a quantum codebook through using a BB84 protocol based on a single photon source. The quantum gateway cross-domain data transmission and authentication realizes the encrypted transmission of the cross-domain data and the authentication of the identities of the two parties by using a quantum key negotiation technology and an encryption algorithm based on a quantum key, and effectively protects the data privacy and transmission safety. The domain control server data and the user authority identification and management can ensure that the political data is correctly managed and protected in the transmission process, and the risks of data leakage and abuse are avoided.

The technical scheme provided by the invention has high practicability and innovation, can be widely applied to various fields of government institutions, judicial institutions, public security institutions and the like, and provides a high-efficiency and reliable solution for the secure transmission of political data. Meanwhile, the technical scheme provided by the invention has higher commercial value, and can bring considerable economic and social benefits to related institutions and enterprises.

(2) Whether the technical scheme of the invention solves the technical problems that people want to solve all the time but fail to obtain success all the time is solved:

the scheme of the invention solves the problem of cross-domain secure transmission of data of the multi-stage political institutions, and can realize the security of data exchange between the multi-stage political departments or between the political departments and other departments, thereby improving the office efficiency of the political institutions and the data security interconnection and intercommunication.

In the scheme of the invention, the quantum key distribution technology and the quantum gateway are utilized to realize the security authentication, security encryption and security supervision during cross-domain data transmission, and the quantum gateway can reduce the load of a domain control server and improve the efficiency during processing of mass data. The quantum technology-based political data security cross-domain transmission model solves the problem of secure sharing of data in the joint office of political institutions.

Drawings

FIG. 1 is a diagram of a quantum technology-based cross-domain secure transmission model of political data provided by an embodiment of the invention;

fig. 2 is a quantum key formation diagram of quantum key distribution in a quantum technology-based political data cross-domain secure transmission model provided by an embodiment of the present invention;

FIG. 3 is a specific flow chart of quantum key negotiation in a quantum technology-based political data cross-domain secure transmission model provided by an embodiment of the invention;

fig. 4 is a specific flowchart of quantum-technology-based cross-domain data transmission and authentication of a quantum gateway of a political-law data cross-domain secure transmission model provided by an embodiment of the invention;

fig. 5 is a schematic diagram of formation of encrypted identity authentication information of a quantum technology-based political data cross-domain secure transmission model according to an embodiment of the present invention;

fig. 6 is a cross-domain political data transmission schematic diagram of a quantum technology-based political data cross-domain secure transmission model provided by an embodiment of the invention;

FIG. 7 is a specific flowchart for identifying and managing domain control server data and user rights of a quantum technology-based political data cross-domain secure transmission model provided by an embodiment of the invention;

fig. 8 is a schematic diagram of cross-domain political data and user management of a quantum technology-based political data cross-domain secure transmission model according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

As described in fig. 1, the quantum technology-based political data cross-domain secure transmission model is summarized as follows: the method comprises the steps of generating a truly random quantum key pool through respective quantum devices, sending the generated quantum key pool to a quantum gateway for management, and negotiating a quantum key numbering rule and a quantum key length by the quantum gateway to form a quantum key file. When one political organization A applies for cross-domain data transmission through the quantum gateway, the quantum gateway of the other political organization B firstly performs identity authentication, forwards the request passing the identity authentication to a domain control server of the domain B, and finally completes the cross-domain data transmission by identifying the data authority and the user authority through the domain control server. In the cross-domain data transmission process, the quantum gateway can realize full life cycle supervision of the quantum key, judge the validity of a cross-domain transmission request source in real time, and ensure the safety of cross-domain transmission of political data.

The quantum technology-based political data cross-domain secure transmission model comprises the following steps:

quantum key distribution; the method comprises the steps of generating a truly random quantum key sequence, and carrying out quantum key negotiation to generate a quantum cipher book;

quantum gateway cross-domain data transmission and authentication; the method is used for forming a symmetrical quantum cipher codebook through quantum key negotiation, exchanging public key information of the quantum gateways of the two parties, and realizing the identity authentication of the two parties and the safe transmission of cross-domain data;

identifying and managing domain control server data and user rights; for identifying and managing data and user rights within the domain.

As shown in fig. 2, in order to ensure the security of the cross-domain data encryption key, the two-party authority A, B first generates symmetrical quantum key pools through quantum devices of respective domains, then sends the quantum key pools to the quantum gateway for management, and performs quantum key negotiation to generate a quantum codebook. In this process, the key sequence in the quantum key pool is truly random and has information-theory security.

As shown in fig. 3, the quantum gateway specifically includes the following steps in performing quantum key negotiation:

step 1: the quantum gateway firstly obtains a group of random quantum key pools from the quantum equipment, wherein the key pools consist of a plurality of random quantum bits;

Step 2: the quantum gateway negotiates a group of symmetrical quantum keys by using the key pool and a quantum cryptography algorithm;

step 3: the quantum gateway sends the quantum key to a receiver of the data and uses it for encryption and decryption of cross-domain data transmissions;

step 4: if eavesdropping or tampering is found during transmission, the quantum gateway will immediately interrupt the transmission and notify the relevant personnel.

As shown in fig. 4, the quantum gateway cross-domain data transmission and authentication specifically includes the following steps:

s1: quantum key distribution;

s2: identity verification;

s3: transmitting cross-domain data;

s4: data decryption and verification:

further, the quantum key distribution in S1 specifically includes the following steps:

s101: two political institutions of the A domain and the B domain generate symmetrical quantum key pools through quantum key distribution equipment;

s102: the quantum gateway of the A domain and the quantum gateway of the B domain carry out quantum key negotiation, wherein the quantum gateway of the A domain randomly generates a quantum key number a and a random number r1, and the quantum gateway of the B domain randomly generates a quantum key number B and a random number r2;

s103: the quantum gateway of the A domain signs the (a, r 1) by using the private key of the quantum gateway of the A domain, and sends the signature and the public key to the quantum gateway of the B domain;

S104: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, uses the private key of the B domain to sign (B, r 2), and sends the signature and the public key to the quantum gateway of the A domain;

s105: the quantum gateway of the A domain uses the public key of the B domain to verify whether the signature is correct, and uses quantum key numbers a and B and two random numbers r1 and r2 to generate a symmetrical quantum cipher code book;

s106: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, and uses the quantum key numbers B and a and the two random numbers r2 and r1 to generate a symmetrical quantum cipher code.

Further, the authentication in S2 specifically includes the following steps:

s201: the A domain member initiating the request provides member information, domain information and public key information to the domain control server for identity verification.

S202: the domain control server forwards the request information to the a-domain quantum gateway.

S203: the A domain quantum gateway encrypts the current timestamp T by using a quantum key number ID1 through a symmetric encryption algorithm to generate a signature key Key.

S204: the quantum gateway signs the received member information and domain information to form authentication information, and signs the member's identity using Keys.

S205: the quantum gateway encrypts the random number R by using a quantum key number ID2 through a symmetric encryption algorithm to generate a session key Key.

S206: the quantum gateway encrypts the identity verification information by using a Keyc, encrypts an identity verification data packet by using a public key of the domain B quantum gateway, and sends the data packet to the domain B; the public key encryption authentication data packet specifically comprises encryption authentication information, a quantum key number ID2 and a random number R.

Further, the step of transmitting the cross-domain data in the step S3 specifically includes the following steps:

s301: the domain control server of the B domain submits cross-domain data information composed of cross-domain political data, data authority, data provider identity information and data requester information to the B domain quantum gateway.

S302: and the B-domain quantum gateway encrypts the cross-domain political data by using the public key of the data requester to form encrypted data information.

S303: the quantum gateway signs the encrypted data information by using a private key of a cross-domain political data sender to obtain signature information.

S304: the B domain quantum gateway encrypts cross-domain information by using a session key Key c, wherein the Key c is generated in the same way as during identity verification; the encrypted cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

s305: the B domain quantum gateway encrypts a cross-domain data packet by using a public key of the A domain quantum gateway; the public key encryption cross-domain data packet comprises encryption cross-domain information, a public key certificate of a sender, a random number R and a quantum key number;

S306: and the B domain quantum gateway transmits the encrypted cross-domain data packet to the A domain.

Further, the data decryption and verification in S4 specifically includes the following steps:

s401: the A domain quantum gateway uses the private key of the gateway to decrypt the cross-domain data packet and verifies the identity of the sender;

s402: the A domain quantum gateway recovers a session key Key c by using a quantum key number and a random number R, and decrypts cross-domain information by using the Key c; the decryption cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

s403: the A domain quantum gateway uses the public key of the sender to verify whether the signature of the cross-domain information is correct or not;

s404: if the signature is correct, the A domain quantum gateway sends encrypted political data information, data authority and data receiver information in cross-domain information to an A domain control server;

s405: the A domain control server checks whether the data authority matches the authority of the data receiver, and if so, the A domain control server sends encrypted political data information to a member initiating a data request;

s406: and the member uses the private key to decrypt the political data information, and finally obtains the cross-domain political data.

As shown in fig. 5, before quantum cross-domain data transmission is performed, a party political organization domain a and another party political organization domain B have generated symmetric quantum key pools through a quantum key distribution device, then quantum gateways of the domains a and B perform quantum key negotiation to form symmetric quantum cipher books, and public key information of the two party quantum gateways is exchanged. When the identity authentication of both sides is carried out, a domain A member initiating a political data cross-domain request provides member information, domain information and public key information to a domain control server; then forwarding the request information (member information, domain information and member public key information) to the domain A quantum gateway by the domain control server; then the quantum gateway of the domain A uses the quantum Key Key1 corresponding to the quantum Key number ID1 to form a signature Key Key s for the current timestamp T by using a symmetric encryption algorithm, then signs the received member information and domain information to form identity authentication information, and simultaneously signs the member public Key information by using the Key s to form a member identity certificate; and finally, encrypting a random number R by using a quantum Key Key2 corresponding to a quantum Key number ID2 by using a quantum gateway of the domain A to generate a session Key Key c by using a symmetric encryption algorithm, encrypting identity authentication information by using the Key c, and then encrypting an identity authentication data packet (encrypted identity authentication information, the quantum Key number ID2 and the random number R) by using a quantum gateway public Key of the domain B and sending the encrypted identity authentication data packet to the domain B.

After receiving the encrypted identity authentication data packet of the member in the domain A, the domain B quantum gateway firstly uses a private Key of the domain B quantum gateway to decrypt the encrypted identity authentication data packet, and then inquires a quantum Key Key2 corresponding to the quantum Key number ID2 in the quantum codebook; then combining the random number R to restore the session key Key c to decrypt the encrypted identity authentication information, and obtaining a quantum key number ID1 and a time stamp T used by the signature; and finally, restoring the signature key to check the signature information, verifying whether the membership is legal or not, and returning the verification result to the domain control server.

As shown in fig. 6, after the identity authentication of the domain members between the two political institutions is completed, the political data holding domain B can encrypt and transmit the cross-domain data. Firstly, a domain control server in a domain B submits cross-domain data information consisting of cross-domain political data, data authority, data provider identity information and data requester information to a quantum gateway of the domain B, and the domain B quantum gateway encrypts the cross-domain political data by using a public key of the data requester to form encrypted data information; then signing the encrypted data information by using a private key of a cross-domain political data sender to obtain signature information; then, the domain B quantum gateway encrypts cross-domain information (encrypted data information, data provider identity information, data authority, receiver and signature information) by using a session key Key (the generation method of the session key is consistent with identity authentication); finally, the domain B quantum gateway encrypts the cross-domain data packet (encrypted cross-domain information, a cross-domain data sender public key certificate, a random number R and a quantum key number) by using the domain A quantum gateway public key and then sends the encrypted cross-domain data packet to the domain A.

After receiving the cross-domain information, the domain A quantum gateway firstly uses a private key of the domain A quantum gateway to decrypt a cross-domain data table, and then carries out identity authentication on a sender; then, the domain A quantum gateway restores a session key Key c according to the quantum key number and the random number R, and decrypts the cross-domain information; the domain A quantum gateway then uses the public key of the sender to check and sign the cross-domain information, and if the cross-domain information is correct, the encrypted political data information, the data authority and the data receiver in the cross-domain information are sent to a domain control server; and finally, the domain control server firstly identifies whether the data authority is matched with the authority of the data receiver, and if so, the encrypted data information is sent to the member initiating the data request. After receiving the encrypted data information, the domain members firstly use the private key of the domain members to decrypt the data packet to obtain the final cross-domain political data.

As shown in fig. 7, the identification and management of the domain control server data and the user rights specifically includes the following steps:

a. defining authority level of political data: according to the confidentiality level of the political data, the domain control server defines different data authority levels, so that the data of different levels can only be accessed by specific users/groups;

b. the classification hierarchy gives the domain members data access rights: according to factors such as departments, posts and the like where the members are located, the domain control server gives different data access rights to different members;

c. Matching rights of cross-domain data with rights of data requesters: when cross-domain transmission is carried out, after the domain control server receives the cross-domain data, matching whether the authority of the cross-domain data is consistent with the authority of the data requester; if the rights of the data requester are higher than the rights of the cross-domain data, the data requester can access the cross-domain data; otherwise, it is not accessible;

d. transmitting data to corresponding domain users: if the matching is successful, the domain control server sends the cross-domain data to the corresponding domain user, and allows the cross-domain data to be accessed; otherwise, reporting a request error, and rejecting access.

As shown in fig. 8, in order to guarantee hierarchical classification management of cross-domain political data, domain control servers of two political institutions need to centrally manage rights of users and data in the domains. According to the different security levels of the data, the domain control server needs to define the authority level of the data and limit the accessible range of the data after the data cross-domain. In addition, according to different departments and positions of members in the domain, the domain control server needs to classify and grade the data access rights given to the domain members. When the cross-domain transmission is carried out, after the domain control server receives the cross-domain data, matching whether the authority of the cross-domain data is consistent with the authority of the data requester, and if so, sending the data to the corresponding domain user. Otherwise, the user request error is reported, and the data above the authority level cannot be checked, so that the cross-domain data request fails finally.

Application example one:

the quantum technology-based political data cross-domain secure transmission model provided by the application embodiment of the invention is applied to inter-bank network communication, wherein the inter-bank network communication comprises a sender and a receiver, the sender and the receiver both comprise a memory and a processor, the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the steps of the quantum technology-based political data cross-domain secure transmission model.

Application example two:

the quantum technology-based political data cross-domain secure transmission model provided by the embodiment of the invention is applied to an intelligent home, wherein the intelligent home comprises an information data processing terminal and intelligent home equipment, the information data processing terminal is used for realizing the quantum technology-based political data cross-domain secure transmission model, and the intelligent home equipment is used for receiving and processing the securely transmitted data.

It should be noted that the embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its implementation may be realized by a hardware circuit such as a very large scale integrated circuit or gate array, a semiconductor such as a logic chip, a transistor, etc., or a programmable hardware device such as a field programmable gate array, a programmable logic device, etc., or by software executed by various types of processors, or by a combination of the above hardware circuit and software, for example, firmware.

The political data cross-domain safe transmission model based on the quantum technology provided by the embodiment of the invention;

in an embodiment of the present invention, we apply quantum technology based political data cross-domain secure transport model to a Virtual Private Network (VPN) system. We tested the performance of this system, compared to a conventional VPN system, and obtained the following results:

(1) Improvement of data transmission speed: in the conventional VPN system, the data transmission speed is often affected by data encryption and decryption, and the transmission speed is slow. In the embodiment of the invention, the use of the quantum encryption technology greatly improves the data transmission speed. We have performed a series of tests and found that with equal data volumes, embodiments of the present invention average 30% faster than conventional VPN systems.

(2) Improvement of data security: in a conventional VPN system, data encryption generally uses a symmetric key encryption algorithm, but data security is vulnerable due to the problem of key sharing. In the embodiment of the invention, an encryption algorithm based on quantum key distribution is used, so that the safety of data is ensured. We have performed security tests and found that embodiments of the present invention have greater capabilities in protecting against various attacks.

(3) System scalability and reliability enhancement: the embodiment of the invention uses the domain control server to manage the data and the user authority, so that the system has better expandability and reliability. The embodiment of the invention can support large-scale data transmission and user management, and the reliability of the system is higher.

(4) Improvement of commercial value: the embodiment of the invention has great commercial value in the aspect of political data transmission. The traditional political data transmission system has potential safety hazards such as data leakage and data tampering, and the embodiment of the invention can effectively ensure the safe transmission of the political data, thereby providing more stable and reliable technical support for political work.

The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.

Claims (10)

1. The political data cross-domain safe transmission model based on the quantum technology is characterized by comprising the following steps of:

Quantum key distribution; the method comprises the steps of generating a truly random quantum key sequence, and carrying out quantum key negotiation to generate a quantum cipher book;

quantum gateway cross-domain data transmission and authentication; the method is used for forming a symmetrical quantum cipher codebook through quantum key negotiation, exchanging public key information of the quantum gateways of the two parties, and realizing the identity authentication of the two parties and the safe transmission of cross-domain data;

identifying and managing domain control server data and user rights; for identifying and managing data and user rights within the domain.

2. The quantum technology based political data cross-domain secure transmission model of claim 1, wherein the quantum key distribution further comprises a quantum device and a quantum gateway;

the quantum device is used for generating a quantum key pool; the quantum device generates a key pool by utilizing the characteristic of quantum mechanics, a sender wraps a series of quantum bits according to a certain mode to form a quantum key pool, and then part of the quantum key pool is sent to a receiver; the receiver also performs some operations, and entangles the received quantum bit with the quantum bit generated by the receiver, so as to obtain a shared secret key;

and the quantum gateway is used for managing the quantum key pool and carrying out quantum key negotiation.

3. The quantum technology-based political data cross-domain secure transmission model of claim 2, wherein the quantum gateway performs quantum key agreement specifically comprising the steps of:

step 1: the quantum gateway firstly obtains a group of random quantum key pools from the quantum equipment, wherein the key pools consist of a plurality of random quantum bits;

step 2: the quantum gateway negotiates a group of symmetrical quantum keys by using the key pool and a quantum cryptography algorithm;

step 3: the quantum gateway sends the quantum key to a receiver of the data and uses it for encryption and decryption of cross-domain data transmissions;

step 4: if eavesdropping or tampering is found during transmission, the quantum gateway will immediately interrupt the transmission and notify the relevant personnel.

4. The quantum technology-based political data cross-domain secure transmission model of claim 1, wherein the quantum gateway cross-domain data transmission and authentication specifically comprises the following steps:

s1: quantum key distribution;

s2: identity verification;

s3: transmitting cross-domain data;

s4: data decryption and verification.

5. The quantum technology-based political data cross-domain secure transmission model of claim 4, wherein the quantum key distribution in S1 specifically comprises the steps of:

S101: two political institutions of the A domain and the B domain generate symmetrical quantum key pools through quantum key distribution equipment;

s102: the quantum gateway of the A domain and the quantum gateway of the B domain carry out quantum key negotiation, wherein the quantum gateway of the A domain randomly generates a quantum key number a and a random number r1, and the quantum gateway of the B domain randomly generates a quantum key number B and a random number r2;

s103: the quantum gateway of the A domain signs the (a, r 1) by using the private key of the quantum gateway of the A domain, and sends the signature and the public key to the quantum gateway of the B domain;

s104: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, uses the private key of the B domain to sign (B, r 2), and sends the signature and the public key to the quantum gateway of the A domain;

s105: the quantum gateway of the A domain uses the public key of the B domain to verify whether the signature is correct, and uses quantum key numbers a and B and two random numbers r1 and r2 to generate a symmetrical quantum cipher code book;

s106: the quantum gateway of the B domain uses the public key of the A domain to verify whether the signature is correct, and uses the quantum key numbers B and a and the two random numbers r2 and r1 to generate a symmetrical quantum cipher code.

6. The quantum technology-based political data cross-domain secure transmission model of claim 4, wherein the authentication in S2 specifically comprises the following steps:

S201: the A domain member initiating the request provides member information, domain information and public key information to the domain control server for identity verification.

S202: the domain control server forwards the request information to the a-domain quantum gateway.

S203: the A domain quantum gateway encrypts the current timestamp T by using a quantum key number ID1 through a symmetric encryption algorithm to generate a signature key Key.

S204: the quantum gateway signs the received member information and domain information to form authentication information, and signs the member's identity using Keys.

S205: the quantum gateway encrypts the random number R by using a quantum key number ID2 through a symmetric encryption algorithm to generate a session key Key.

S206: the quantum gateway encrypts the identity verification information by using a Keyc, encrypts an identity verification data packet by using a public key of the domain B quantum gateway, and sends the data packet to the domain B; the public key encryption authentication data packet specifically comprises encryption authentication information, a quantum key number ID2 and a random number R.

7. The quantum technology-based political data cross-domain secure transmission model of claim 4, wherein the S3 cross-domain data transmission specifically comprises the following steps:

s301: the domain control server of the B domain submits cross-domain data information composed of cross-domain political data, data authority, data provider identity information and data requester information to the B domain quantum gateway.

S302: and the B-domain quantum gateway encrypts the cross-domain political data by using the public key of the data requester to form encrypted data information.

S303: the quantum gateway signs the encrypted data information by using a private key of a cross-domain political data sender to obtain signature information.

S304: the B domain quantum gateway encrypts cross-domain information by using a session key Key c, wherein the Key c is generated in the same way as during identity verification; the encrypted cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

s305: the B domain quantum gateway encrypts a cross-domain data packet by using a public key of the A domain quantum gateway; the public key encryption cross-domain data packet comprises encryption cross-domain information, a public key certificate of a sender, a random number R and a quantum key number;

s306: and the B domain quantum gateway transmits the encrypted cross-domain data packet to the A domain.

8. The quantum technology-based political data cross-domain secure transmission model of claim 4, wherein the data decryption and verification in S4 specifically comprises the steps of:

s401: the A domain quantum gateway uses the private key of the gateway to decrypt the cross-domain data packet and verifies the identity of the sender;

s402: the A domain quantum gateway recovers a session key Key c by using a quantum key number and a random number R, and decrypts cross-domain information by using the Key c; the decryption cross-domain information comprises encrypted data information, data provider identity information, data authority, a receiver and signature information;

S403: the A domain quantum gateway uses the public key of the sender to verify whether the signature of the cross-domain information is correct or not;

s404: if the signature is correct, the A domain quantum gateway sends encrypted political data information, data authority and data receiver information in cross-domain information to an A domain control server;

s405: the A domain control server checks whether the data authority matches the authority of the data receiver, and if so, the A domain control server sends encrypted political data information to a member initiating a data request;

s406: and the member uses the private key to decrypt the political data information, and finally obtains the cross-domain political data.

9. The quantum technology-based political data cross-domain secure transmission model of claim 1, wherein the identification and management of the domain control server data and the user authority specifically comprises the following steps:

a. defining authority level of political data: according to the confidentiality level of the political data, the domain control server defines different data authority levels, so that the data of different levels can only be accessed by specific users/groups;

b. the classification hierarchy gives the domain members data access rights: according to factors such as departments, posts and the like where the members are located, the domain control server gives different data access rights to different members;

c. Matching rights of cross-domain data with rights of data requesters: when cross-domain transmission is carried out, after the domain control server receives the cross-domain data, matching whether the authority of the cross-domain data is consistent with the authority of the data requester; if the rights of the data requester are higher than the rights of the cross-domain data, the data requester can access the cross-domain data; otherwise, it is not accessible;

d. transmitting data to corresponding domain users: if the matching is successful, the domain control server sends the cross-domain data to the corresponding domain user, and allows the cross-domain data to be accessed; otherwise, reporting a request error, and rejecting access.

10. The quantum technology-based cross-domain secure transmission model of political data as claimed in claim 9, wherein the domain control server gives different members different data access rights to members of one department only access the data of the department, and an administrator can access the data of the whole political organization.