CN107896148A - A kind of method and system of encryption and decryption data - Google Patents

A kind of method and system of encryption and decryption data Download PDF

Info

Publication number
CN107896148A
CN107896148A CN201711418059.2A CN201711418059A CN107896148A CN 107896148 A CN107896148 A CN 107896148A CN 201711418059 A CN201711418059 A CN 201711418059A CN 107896148 A CN107896148 A CN 107896148A
Authority
CN
China
Prior art keywords
quantum
vpn
key
encryption
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711418059.2A
Other languages
Chinese (zh)
Inventor
党帆
李朋伟
赵帅鹏
施德军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201711418059.2A priority Critical patent/CN107896148A/en
Publication of CN107896148A publication Critical patent/CN107896148A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The invention discloses a kind of method and system of encryption and decryption data, the present invention synchronously obtains multiple quantum keys by encrypting looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment, and buffer area is present into the quantum key of acquisition, subsequently treat encryption and decryption data using each quantum key successively and carry out encryption and decryption, that is, the present invention obtains multiple quantum keys by synchronous, and establish quantum key buffering area, the Fast transforms of the quantum key in ipsec encryption process are realized, the efficiency of encryption and decryption when greatly improving the communication of quantum VPN device.

Description

A kind of method and system of encryption and decryption data
Technical field
The present invention relates to field of computer technology, more particularly to a kind of method and system of encryption and decryption data.
Background technology
Quantum key is that direct request amount child servers are read at present.First, vpn is sent close to quantum key server Key negotiation request packet, then quantum key server produce key be sent to vpn equipment.Vpn equipment passes through the key encryption and decryption Data.
But when data volume is larger, it is necessary to which gateway device improves the renewal frequency of quantum key, and uses existing obtain The mode of taken amount sub-key, Fast transforms key can not be realized.
The content of the invention
The invention provides a kind of method and system of encryption and decryption data, and Fast transforms can not be realized to solve prior art The problem of key.
On the one hand, the invention provides a kind of method of encryption and decryption data, this method to include:Based on ipsec synchronous protocols, Encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment obtain multiple quantum keys by quantum key server sync;Institute State encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device is cached the quantum key of acquisition respectively, and press institute The sequence of quantum key is stated, the quantum key is passed sequentially through and treats encryption and decryption data progress encryption and decryption.
Further, the encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment are same by quantum key server Step obtains multiple quantum keys, specifically includes:The encryption looking somebody up and down sub-VPN equipment is close by quantum key server acquisition quantum After key, send key to the decrypting end quantum VPN device and prefetch request;
The decrypting end quantum VPN device is received after the key prefetches request, is obtained by quantum key server The quantum key.
Further, the encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment are same by quantum key server After step obtains multiple quantum keys, the encryption looks sub-VPN equipment and the decrypting end quantum VPN device up and down by the amount of acquisition Before sub-key is cached respectively, in addition to:
Sub-VPN equipment and the decrypting end quantum VPN device quantum key to synchronously obtaining respectively are look in the encryption up and down Verified.
Further, the quantum key synchronously obtained is verified, specifically included:
Judge whether the time of the decrypting end quantum VPN device acquisition quantum key exceedes default acquisition key Time threshold;
If it is, the triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquire quantum Key;
Otherwise, then the amount that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is determined whether Whether the number of keys of sub-key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquires quantum key, and the encryption looking somebody up and down sub-VPN equipment and the decryption are further judged if consistent Whether consistent each cipher key content that sub-VPN equipment obtains is look up and down, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end Each cipher key content that quantum VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN Each cipher key content that equipment and the decrypting end quantum VPN device obtain is inconsistent, then judges verification failure.
Further, judge it is described encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain it is each close Whether key content is consistent, specifically includes:Sub-VPN equipment and the decrypting end quantum are look in the encryption for judging to be calculated up and down Whether the MD5 values for each cipher key digest algorithm that VPN device obtains are consistent.
On the other hand, the present invention also provides a kind of system of encryption and decryption data, and the system includes
Encryption looking somebody up and down sub-VPN equipment, it is close by quantum with decrypting end quantum VPN device for based on ipsec synchronous protocols Key server sync obtains multiple quantum keys, will be cached the quantum key of acquisition respectively, and press the quantum key Sequence, pass sequentially through the quantum key and be-encrypted data be encrypted;
The decrypting end quantum VPN device, for based on ipsec synchronous protocols, leading to the encryption looking somebody up and down sub-VPN equipment Cross quantum key server sync and obtain multiple quantum keys, the quantum key of acquisition will be cached respectively, and by described The sequence of quantum key, passes sequentially through the quantum key and treats ciphertext data and be decrypted.
Further, the encryption looking somebody up and down sub-VPN equipment is additionally operable to, and quantum key is obtained by quantum key server Afterwards, send key to the decrypting end quantum VPN device and prefetch request;
The decrypting end quantum VPN device is additionally operable to, and is received after the key prefetches request, is passed through quantum key service Device obtains the quantum key.
Further, the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to, to synchronously obtaining The quantum key taken is verified.
Further, the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to, described in judgement Whether the time that decrypting end quantum VPN device obtains the quantum key exceedes default acquisition key time threshold value;
If it is, the triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquire quantum Key;
Otherwise, then the amount that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is determined whether Whether the number of keys of sub-key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquires quantum key, and the encryption looking somebody up and down sub-VPN equipment and the decryption are further judged if consistent Whether consistent each cipher key content that sub-VPN equipment obtains is look up and down, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end Each cipher key content that quantum VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN Each cipher key content that equipment and the decrypting end quantum VPN device obtain is inconsistent, then judges verification failure.
Further, the encryption looking somebody up and down sub-VPN equipment is additionally operable to, and judges the encryption looking somebody up and down sub-VPN being calculated Whether the MD5 values for each cipher key digest algorithm that equipment obtains with the decrypting end quantum VPN device are consistent;
The decrypting end quantum VPN device is additionally operable to, the encryption looking somebody up and down sub-VPN equipment that judges to be calculated and described Whether the MD5 values for each cipher key digest algorithm that decrypting end quantum VPN device obtains are consistent.
The present invention has the beneficial effect that:
The present invention synchronously obtains multiple quantum keys by encrypting looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment, and Buffer area is present into the quantum key of acquisition, subsequently treating encryption and decryption data using each quantum key successively carries out encryption and decryption, That is, the present invention obtains multiple quantum keys by synchronous, and quantum key buffering area is established, realize and add in ipsec The Fast transforms of quantum key in decrypting process, the efficiency of encryption and decryption when greatly improving the communication of quantum VPN device.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of encryption and decryption data method of the embodiment of the present invention;
Fig. 2 is a kind of structural representation of the system of encryption and decryption data of the embodiment of the present invention.
Embodiment
In order to solve the problems, such as that prior art can not realize Fast transforms key, the invention provides a kind of encryption and decryption data Method and system, the present invention by encrypt looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment synchronously to obtain multiple quantum close Key, and buffer area is present into the quantum key of acquisition, subsequently treating encryption and decryption data using each quantum key successively is added Decryption, that is to say, that the present invention obtains multiple quantum keys by synchronous, and establishes quantum key buffering area, realizes The Fast transforms of quantum key in ipsec encryption process, the effect of encryption and decryption when greatly improving the communication of quantum VPN device Rate.Below in conjunction with accompanying drawing and embodiment, the present invention will be described in further detail.It should be appreciated that tool described herein Body embodiment does not limit the present invention only to explain the present invention.
The embodiments of the invention provide a kind of method of encryption and decryption data, referring to Fig. 1, this method includes:
S101, based on ipsec synchronous protocols, encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment are close by quantum Key server sync obtains multiple quantum keys;
S101, the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device distinguish the quantum key of acquisition Cached, and by the sequence of the quantum key, pass sequentially through the quantum key and treat encryption and decryption data progress encryption and decryption.
That is, the embodiment of the present invention obtains multiple quantum keys by synchronous, and the quantum key of acquisition is stored In quantum key buffering area, so as to realize the Fast transforms of the quantum key in ipsec encryption process, and then greatly improve The efficiency of encryption and decryption during the communication of quantum VPN device.
In simple terms, the embodiment of the present invention be by quantum key synchronously prefetch and caching technology, come improve key association Business and the efficiency of communication.
When it is implemented, encryption looking somebody up and down sub-VPN equipment described in the embodiment of the present invention and decryption looking somebody up and down sub-VPN equipment throughput Sub-key server sync obtains multiple quantum keys, specifically includes:
After the encryption looking somebody up and down sub-VPN equipment obtains quantum key by quantum key server, look up and down to the decryption Sub-VPN equipment sends key and prefetches request;
The decrypting end quantum VPN device is received after the key prefetches request, is obtained by quantum key server The quantum key.
Specifically, the quantum key service of pairing, quantum are respectively configured for quantum VPN device both ends for the embodiment of the present invention VPN device can be used as initiator or be used as responder, and initiator's timing goes quantum key server to obtain one Quantitative cipher key content, and other side is informed by synchronous protocol.Responder receives after key prefetches request and verifies the relevant information amount of going Sub-key server obtains key.
It should be noted that quantum key of the embodiment of the present invention is mainly used in data communication process carrying out communication data Encryption and decryption, can be the sequence that quantum key is set in quantum key server side for the multiple quantum keys obtained simultaneously, And obtaining quantum key simultaneously, the sequence is together issued, naturally it is also possible to be from cipher key cache in, data encryption The key that encryption uses is obtained in pond, other side's cipher key index is informed by message, decrypting end is obtained by cipher key index and solved Key, it can so ensure that data communication is more safe and reliable.
When it is implemented, encryption looking somebody up and down sub-VPN equipment described in the embodiment of the present invention and decryption looking somebody up and down sub-VPN equipment throughput After sub-key server sync obtains multiple quantum keys, the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN Before equipment is cached the quantum key of acquisition respectively, in addition to:
Sub-VPN equipment and the decrypting end quantum VPN device quantum key to synchronously obtaining respectively are look in the encryption up and down Verified.
The quantum key synchronously obtained is verified described in the embodiment of the present invention, specifically included:Judge the decrypting end Whether the time that quantum VPN device obtains the quantum key exceedes default acquisition key time threshold value;
If it is, the triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquire quantum Key;
Otherwise, then the amount that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is determined whether Whether the number of keys of sub-key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquires quantum key, and the encryption looking somebody up and down sub-VPN equipment and the decryption are further judged if consistent Whether consistent each cipher key content that sub-VPN equipment obtains is look up and down, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end Each cipher key content that quantum VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN Each cipher key content that equipment and the decrypting end quantum VPN device obtain is inconsistent, then judges verification failure.
When it is implemented, the embodiment of the present invention, judges the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN Whether each cipher key content that equipment obtains is consistent, specifically includes:Judge be calculated the encryption looking somebody up and down sub-VPN equipment and Whether the MD5 values for each cipher key digest algorithm that the decrypting end quantum VPN device obtains are consistent.
Certainly when it is implemented, those skilled in the art can also be carried out using other method to each cipher key content Verification, the present invention is to this and is not specifically limited.
The embodiment of the present invention is by the verification to quantum key, so as to ensure that encryption looking somebody up and down sub-VPN equipment and decryption are look up and down The uniformity for the quantum key that sub-VPN equipment uses.
Detailed explanation and illustration will be carried out to method of the present invention by a specific example below:
The quantum key changing method of the embodiment of the present invention mainly include key synchronization and key for the use of two.
1) key synchronization specifically includes:
It is synchronous to obtain:Quantum VPN device both ends (that is, encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment) are respectively The quantum key service of pairing is configured, initiator's timing goes quantum key server to obtain a certain amount of cipher key content, and by same Step agreement informs other side.Responder receives verification relevant information after key prefetches request and goes quantum key server to obtain key;
Synchronisation key:Two sides are compared verification to the cipher key content synchronously got, and other side is informed by synchronous protocol Relevant information has checked whether to get identical key.
It is synchronously written:If key by verification, write respective buffering area immediately, now key is state to be enabled, and Other side's relative index information is informed by synchronous protocol, key, which enters, enables state.
2) use of quantum key:Quantum key is mainly used in data communication process carrying out encryption and decryption to communication data, The key that encryption uses is obtained during data encryption from cipher key cache pond, other side's cipher key index is informed by message, is decrypted End obtains decruption key by cipher key index, can so ensure that data communication is more safe and reliable.
The embodiment of the present invention additionally provides a kind of system of encryption and decryption data, and referring to Fig. 2, the system includes:
Encryption looking somebody up and down sub-VPN equipment, it is close by quantum with decrypting end quantum VPN device for based on ipsec synchronous protocols Key server sync obtains multiple quantum keys, will be cached the quantum key of acquisition respectively, and press the quantum key Sequence, pass sequentially through the quantum key and be-encrypted data be encrypted;
The decrypting end quantum VPN device, for based on ipsec synchronous protocols, leading to the encryption looking somebody up and down sub-VPN equipment Cross quantum key server sync and obtain multiple quantum keys, the quantum key of acquisition will be cached respectively, and by described The sequence of quantum key, passes sequentially through the quantum key and treats ciphertext data and be decrypted.
That is, the embodiment of the present invention is synchronously obtained by encrypting looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment Multiple quantum keys, and buffer area is present into the quantum key of acquisition, subsequently treat encryption and decryption using each quantum key successively Data carry out encryption and decryption, that is to say, that and the present invention obtains multiple quantum keys by synchronous, and establishes quantum key buffering area, The Fast transforms of the quantum key in ipsec encryption process are realized, add solution when greatly improving the communication of quantum VPN device Close efficiency.
In simple terms, the embodiment of the present invention be by quantum key synchronously prefetch and caching technology, come improve key association Business and the efficiency of communication.
Specifically, encryption looking somebody up and down sub-VPN equipment is additionally operable to described in the embodiment of the present invention, is obtained by quantum key server After quantum key, send key to the decrypting end quantum VPN device and prefetch request;
The decrypting end quantum VPN device is additionally operable to, and is received after the key prefetches request, is passed through quantum key service Device obtains the quantum key.
That is, the embodiment of the present invention is the quantum key service that pairing is respectively configured in quantum VPN device both ends, quantum VPN device can be used as initiator or be used as responder, and initiator's timing goes quantum key server to obtain one Quantitative cipher key content, and other side is informed by synchronous protocol.Responder receives after key prefetches request and verifies the relevant information amount of going Sub-key server obtains key.
It should be noted that quantum key of the embodiment of the present invention is mainly used in data communication process carrying out communication data Encryption and decryption, can be the sequence that quantum key is set in quantum key server side for the multiple quantum keys obtained simultaneously, And obtaining quantum key simultaneously, the sequence is together issued, naturally it is also possible to be from cipher key cache in, data encryption The key that encryption uses is obtained in pond, other side's cipher key index is informed by message, decrypting end is obtained by cipher key index and solved Key, it can so ensure that data communication is more safe and reliable.
Also, encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to described in the embodiment of the present invention, The quantum key synchronously obtained is verified.
Specifically, the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to, and judge the solution Whether the time that close looking somebody up and down sub-VPN equipment obtains the quantum key exceedes default acquisition key time threshold value;
If it is, the triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquire quantum Key;
Otherwise, then the amount that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is determined whether Whether the number of keys of sub-key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device reacquires quantum key, and the encryption looking somebody up and down sub-VPN equipment and the decryption are further judged if consistent Whether consistent each cipher key content that sub-VPN equipment obtains is look up and down, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end Each cipher key content that quantum VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN Each cipher key content that equipment and the decrypting end quantum VPN device obtain is inconsistent, then judges verification failure.
When it is implemented, encryption looking somebody up and down sub-VPN equipment is additionally operable to described in the embodiment of the present invention, judge to be calculated described Encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain each cipher key digest algorithm MD5 values whether one Cause;
The decrypting end quantum VPN device is additionally operable to, the encryption looking somebody up and down sub-VPN equipment that judges to be calculated and described Whether the MD5 values for each cipher key digest algorithm that decrypting end quantum VPN device obtains are consistent.
The embodiment of the present invention is by the verification to quantum key, so as to ensure that encryption looking somebody up and down sub-VPN equipment and decryption are look up and down The uniformity for the quantum key that sub-VPN equipment uses.
Although being example purpose, the preferred embodiments of the present invention are had been disclosed for, those skilled in the art will recognize Various improvement, increase and substitution are also possible, and therefore, the scope of the present invention should be not limited to above-described embodiment.

Claims (10)

  1. A kind of 1. method of encryption and decryption data, it is characterised in that including:
    Based on ipsec synchronous protocols, encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN equipment pass through quantum key server It is synchronous to obtain multiple quantum keys;
    The encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are cached the quantum key of acquisition respectively, And by the sequence of the quantum key, pass sequentially through the quantum key and treat encryption and decryption data progress encryption and decryption.
  2. 2. according to the method for claim 1, it is characterised in that the encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN Equipment obtains multiple quantum keys by quantum key server sync, specifically includes:
    After the encryption looking somebody up and down sub-VPN equipment obtains quantum key by quantum key server, to the decrypting end quantum VPN Equipment sends key and prefetches request;
    The decrypting end quantum VPN device is received after the key prefetches request, obtained by quantum key server described in Quantum key.
  3. 3. according to the method for claim 1, it is characterised in that the encryption looking somebody up and down sub-VPN equipment and decryption looking somebody up and down sub-VPN After equipment obtains multiple quantum keys by quantum key server sync, the encryption looking somebody up and down sub-VPN equipment and the solution Before close looking somebody up and down sub-VPN equipment is cached the quantum key of acquisition respectively, in addition to:
    The encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are carried out to the quantum key synchronously obtained respectively Verification.
  4. 4. according to the method for claim 3, it is characterised in that the quantum key synchronously obtained is verified, specific bag Include:
    Judge whether the time of the decrypting end quantum VPN device acquisition quantum key exceedes default acquisition key time Threshold value;
    If it is, the triggering encryption looking somebody up and down sub-VPN equipment and decrypting end quantum VPN device reacquisition quantum are close Key;
    Otherwise, then determine whether that the quantum that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is close Whether the number of keys of key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN are set It is standby to reacquire quantum key, the encryption looking somebody up and down sub-VPN equipment and the decryption looking somebody up and down are further judged if consistent Whether each cipher key content that sub-VPN equipment obtains is consistent, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum Each cipher key content that VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN equipment The each cipher key content obtained with the decrypting end quantum VPN device is inconsistent, then judges verification failure.
  5. 5. according to the method for claim 1, it is characterised in that judge the encryption looking somebody up and down sub-VPN equipment and the decryption Whether consistent look each cipher key content that sub-VPN equipment obtains up and down, specifically include:
    Judge each key for the encryption looking somebody up and down sub-VPN equipment and decrypting end quantum VPN device acquisition being calculated Whether the MD5 values of digest algorithm are consistent.
  6. A kind of 6. system of encryption and decryption data, it is characterised in that including:
    Encryption looking somebody up and down sub-VPN equipment, for based on ipsec synchronous protocols, being taken with decrypting end quantum VPN device by quantum key Business device synchronously obtains multiple quantum keys, will be cached the quantum key of acquisition respectively, and by the row of the quantum key Sequence, pass sequentially through the quantum key and be-encrypted data is encrypted;
    The decrypting end quantum VPN device, for based on ipsec synchronous protocols, sub-VPN equipment throughput to be look up and down with the encryption Sub-key server sync obtains multiple quantum keys, will be cached the quantum key of acquisition respectively, and press the quantum The sequence of key, passes sequentially through the quantum key and treats ciphertext data and be decrypted.
  7. 7. system according to claim 6, it is characterised in that
    The encryption looking somebody up and down sub-VPN equipment is additionally operable to, after obtaining quantum key by quantum key server, to the decrypting end Quantum VPN device sends key and prefetches request;
    The decrypting end quantum VPN device is additionally operable to, and is received after the key prefetches request, is obtained by quantum key server Take the quantum key.
  8. 8. system according to claim 7, it is characterised in that
    The encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to, and the quantum key synchronously obtained is entered Row verification.
  9. 9. system according to claim 8, it is characterised in that
    The encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device are additionally operable to, and judge the decrypting end quantum VPN Whether the time that equipment obtains the quantum key exceedes default acquisition key time threshold value;
    If it is, the triggering encryption looking somebody up and down sub-VPN equipment and decrypting end quantum VPN device reacquisition quantum are close Key;
    Otherwise, then determine whether that the quantum that the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN device obtain is close Whether the number of keys of key is consistent, if the inconsistent triggering encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum VPN are set It is standby to reacquire quantum key, the encryption looking somebody up and down sub-VPN equipment and the decryption looking somebody up and down are further judged if consistent Whether each cipher key content that sub-VPN equipment obtains is consistent, if the encryption looking somebody up and down sub-VPN equipment and the decrypting end quantum Each cipher key content that VPN device obtains unanimously then judges that quantum key verifies successfully, if the encryption looking somebody up and down sub-VPN equipment The each cipher key content obtained with the decrypting end quantum VPN device is inconsistent, then judges verification failure.
  10. 10. system according to claim 6, it is characterised in that
    The encryption looking somebody up and down sub-VPN equipment is additionally operable to, and sub-VPN equipment and the decryption are look in the encryption for judging to be calculated up and down Whether the MD5 values for looing each cipher key digest algorithm that sub-VPN equipment obtains up and down are consistent;
    The decrypting end quantum VPN device is additionally operable to, and sub-VPN equipment and the decryption are look in the encryption for judging to be calculated up and down Whether the MD5 values for looing each cipher key digest algorithm that sub-VPN equipment obtains up and down are consistent.
CN201711418059.2A 2017-12-25 2017-12-25 A kind of method and system of encryption and decryption data Pending CN107896148A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711418059.2A CN107896148A (en) 2017-12-25 2017-12-25 A kind of method and system of encryption and decryption data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711418059.2A CN107896148A (en) 2017-12-25 2017-12-25 A kind of method and system of encryption and decryption data

Publications (1)

Publication Number Publication Date
CN107896148A true CN107896148A (en) 2018-04-10

Family

ID=61808258

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711418059.2A Pending CN107896148A (en) 2017-12-25 2017-12-25 A kind of method and system of encryption and decryption data

Country Status (1)

Country Link
CN (1) CN107896148A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900295A (en) * 2018-07-02 2018-11-27 国网电力信息通信有限公司 Data sending, receiving method, apparatus and system based on quantum key encryption
CN109309570A (en) * 2018-10-15 2019-02-05 北京天融信网络安全技术有限公司 Quantum key method used in SSL VPN and relevant device and storage medium
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050063547A1 (en) * 2003-09-19 2005-03-24 Audrius Berzanskis Standards-compliant encryption with QKD
CN103490891A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for updating and using secret key in power grid SSL VPN
CN104158907A (en) * 2014-08-29 2014-11-19 腾讯科技(深圳)有限公司 Method and device of downloading application program file
CN107347058A (en) * 2016-05-06 2017-11-14 阿里巴巴集团控股有限公司 Data ciphering method, data decryption method, apparatus and system
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050063547A1 (en) * 2003-09-19 2005-03-24 Audrius Berzanskis Standards-compliant encryption with QKD
CN103490891A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for updating and using secret key in power grid SSL VPN
CN104158907A (en) * 2014-08-29 2014-11-19 腾讯科技(深圳)有限公司 Method and device of downloading application program file
CN107347058A (en) * 2016-05-06 2017-11-14 阿里巴巴集团控股有限公司 Data ciphering method, data decryption method, apparatus and system
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900295A (en) * 2018-07-02 2018-11-27 国网电力信息通信有限公司 Data sending, receiving method, apparatus and system based on quantum key encryption
CN109309570A (en) * 2018-10-15 2019-02-05 北京天融信网络安全技术有限公司 Quantum key method used in SSL VPN and relevant device and storage medium
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal

Similar Documents

Publication Publication Date Title
CN106487749B (en) Key generation method and device
EP2840758B1 (en) Compact and efficient communication security through combining anti-replay with encryption
CN105162599B (en) A kind of data transmission system and its transmission method
CN101640682B (en) Method for improving safety of Web service
US20100306540A1 (en) Encryption processing method and encryption processing device
CN108173644A (en) Data transfer encryption method, device, storage medium, equipment and server
WO2009143749A1 (en) Data encryption and decryption method, device and communications system
CN107896148A (en) A kind of method and system of encryption and decryption data
WO2013117087A1 (en) Method and system for downloading file
WO2019100217A1 (en) Biometric information transmission establishing method , device, system, and storage medium
WO2007059558A1 (en) Wireless protocol for privacy and authentication
CN109040132A (en) One kind being based on the randomly selected encryption communication method of shared key
CN105791258A (en) Data transmission method, terminal and open platform
EP2148535A2 (en) Transmission device and reception device for ciphering process
CN112040485A (en) Local area network key agreement method, system and computer readable storage medium
JP2012010254A (en) Communication device, communication method and communication system
WO2005057841A1 (en) The method for generating the dynamic cryptogram in network transmission and the method for transmitting network data
CN108134777B (en) Communication encryption system based on timestamp
CN112738037B (en) Data encryption communication method
CN108880795A (en) A kind of block chain security mechanism and device
EP1569379B1 (en) Method of generating a cryptosync
CN101483867B (en) User identity verification method, related device and system in WAP service
CN108270560B (en) Key transmission method and device
CN102857341A (en) Communication method for encrypted call
JP2010011122A (en) Encrypted packet processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180410