CN108737079A - Distributed quantum key manages system and method - Google Patents
Distributed quantum key manages system and method Download PDFInfo
- Publication number
- CN108737079A CN108737079A CN201710244821.3A CN201710244821A CN108737079A CN 108737079 A CN108737079 A CN 108737079A CN 201710244821 A CN201710244821 A CN 201710244821A CN 108737079 A CN108737079 A CN 108737079A
- Authority
- CN
- China
- Prior art keywords
- quantum key
- key
- quantum
- module
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Electromagnetism (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses distributed quantum keys to manage system and method, is organically combined with distributed bottom memory technology to improve safe class and service efficiency in quantum key management wherein quantum key is stored and transmitted encryption technology.
Description
Technical field
The present invention relates to Technique on Quantum Communication fields, relate more specifically to the management system and method for quantum key.
Background technology
With the progress of internet data technology and the development of business model, in today that Internet technology flourishes,
Using informationization technology and network technology, user can be helped to promote operation flow and real time business response.Meanwhile business information
Networking also brings security threat, and the business data of business itself, sensitive data of corporate client etc. are once leaked, by band
Carry out incalculable damage, and the information for communicating or storing is tampered, and but will bring serious consequence.Therefore, business information net
Network, safety issue are most important.
In today that Distributed Calculation and quantum computer theory reach its maturity, currently based on the key of public key encryption algorithm
Dissemination system safety is challenged, and Technique on Quantum Communication is in the unconditional security that physically ensure that information, can be with
The attack of the system to network communication with unlimited computing capability is avoided, therefore on long terms, quantum communications are greatly likely to become
The main way of future keys distribution brings revolutionary progress for the network information security.Quantum communication network realizes that quantum is close
Key distributes (QKD) and by the quantum key generated for encrypting classical business datum.The quantum channel of quantum communication network is deposited
The characteristics of eavesdropping is necessarily found to decode with encrypted content, the unconditional security of quantum communication network ensure that.
From the point of view of Encryption Algorithm angle, most of cryptographic systems can all be broken in attack with known plaintext, and one-time pad
Algorithm may be implemented that network communication is so-called " unconditional security ", but the key consumption of one-time pad is extremely huge, therefore phase
Access and the service efficiency for closing key are particularly critical.
Many different schemes are proposed in the management aspect of quantum key at present, to quantum key access procedure, management
Mode and terminal access safety etc. are illustrated.Such as application No. is 201610843210.6,201610842874.0
Chinese invention patent application in related to management and the configuration method of quantum key, wherein discussing guarantee user terminal
The technological means of communication security between quantum service centre, to solve quantum communication network in user terminal access link
Safety issue.
However, the prior art including above-mentioned document is all the data processing system using user's interactive mode, it is this
Processing system is bigger for memory space requirement, and the conventional login mode combined using username & password carries out user identity
Identification, which exists, to be easy to usurp weighting limit and leads to the risk of modification information, and the inquiry effect in the case where data volume is more than certain rank
Rate can significantly reduce, these are clearly unfavorable for the huge quantum communication system of quantum key quantity demand.These
Unfavorable factor often causes existing quantum key management system that cannot provide its quantity to be enough and big flow communication operations phase
The quantum key of adaptation leads to the unstable of communication operations process.In addition, above-mentioned document is conceived to user terminal access link
Safety issue, and applicant noted that in quantum key management process, quantum key and its related data are in key pipe
Access and transmission process in reason system are also the weak link for being easy to be broken into, and will certainly be become in quantum communication network
One security risk.
Therefore, in existing quantum key Managed Solution, in terms of key management security and magnanimity key data
There is urgent Improvement requirements for effective management aspect.
Invention content
Applicant is based on its above-mentioned unique understanding to prior art defect, in the key management system and method for the present invention
In devise in key management system quantum key management control is encrypted to quantum key during store and transmit
Security means, and the scheme that relationship index and distributed bottom memory technology are applied to key storage is proposed, by by two
Person, which organically combines, to be effectively increased the safe class of quantum key in quantum key management system and method and uses effect
Rate.
In one aspect of the invention, a kind of distributed quantum key management system is disclosed, may include service layer
Module and data layer module.Service layer's module can be configured to receive quantum key and execute entering for quantum key
One or more of library, reading and operation for destroying.The data layer module can be configured to store the quantum key and
The quantum key related data.
In the present invention, it can be provided with encrypting-decrypting module in service layer's module, for entering in the quantum key
After service layer's module, the quantum key and the quantum key related data are encrypted.It is possible thereby to so that
The process that stores and transmits of quantum key and its related data in management system is under encrypted state always, to raising amount
The safety of sub-key.
In the present invention, data layer module can be realized using distributed bottom storage mode.Specifically, described
Data layer module may include distributed data library unit and distributed file system unit.Wherein, the distributed field system
System unit can be used for storing the quantum key;The distributed data library unit can be used for storing the quantum key phase
Data are closed, the quantum key and the quantum key related data are ciphertext form.Quantum key related data may include
Key account and cipher key index for positioning quantum key.It is stored by the way that different storage schemes is pointedly respectively adopted
The specific cipher key related datas such as quantum key and key account, cipher key index can improve management system queries effect
While rate, the possibility that efficient access is carried out to magnanimity quantum key is provided.
In the present invention, encrypting-decrypting module is also configured to, in the reading and/or destruction of the quantum key
In operation, the primary key index of user is encrypted.
In the present invention, encrypting-decrypting module can be further configured to, in the reading and/or destruction of the quantum key
In operation, the query result returned to the data layer module is decrypted.
In the present invention, service layer's module can be further configured to, and be made in the reading of the quantum key
In industry, secondary encryption is carried out to the quantum key exported outward.
In the present invention, service layer's module can also enter library module, key read module and key pin including key
Ruin module.Wherein, the key enters input work of the library module for executing the quantum key, may be configured to from amount
Receive the quantum key at sub-key management terminal, and by the encrypted quantum key and the quantum key dependency number
According to being loaded into the data layer module.The key read module is used to execute the reading operation of the quantum key, can be with
It is configured to inquire the quantum key from the data layer module, and the quantum key inquired is exported outward.
The cipher key destruction module is used to execute the operation for destroying of the quantum key, may be configured to from the data layer module
The quantum key is inquired, and the quantum key inquired is destroyed from the data layer module.
In the present invention, service layer's module can also include data access interface, be configured to according to service class
Type enters reception service request from one of library module, the key read module and described cipher key destruction module from the key, and
And in the authentication of ustomer premises access equipment ID and key account after according to the type of service to key management terminal and
One of data layer module sends the service request.
Another aspect of the present invention discloses a kind of quantum key management method, can carry out quantum according to service request
One or more of key input work, quantum key reading operation and quantum key operation for destroying.
Wherein, the quantum key input work may include the step of receiving quantum key, to the quantum key and
The step of quantum key related data is encrypted, and the mode that bottom stores in a distributed manner is to the encrypted quantum
The step of key and the quantum key related data are stored.
Further, distributed file system may be used in the storage of the encrypted quantum key;The encryption
The storage of the quantum key related data distributed data base may be used.
Further, the quantum key related data may include key account and cipher key index.Wherein, described close
Key index can be used for positioning the quantum key being stored in the distributed file system.
Further, the encryption the step of and the step of the storage between can also include having to key account
The step of effect property is authenticated.
In the present invention, the quantum key reading operation may include being indexed according to the primary key of user to being stored in
The step of quantum key in the distributed file system is inquired, and quantum is exported according to query result outward
The step of key.
In the present invention, the quantum key operation for destroying may include being indexed according to the primary key of user to being stored in
The step of quantum key in the distributed file system is inquired, and quantum key is destroyed according to query result
The step of.
Further, the query steps in quantum key reading operation and/or quantum key operation for destroying can also include
The step of primary key index of the user is encrypted.
Further, the step of outside output quantum key in quantum key reading operation can also include looking into described
Ask the step of result is decrypted.
Further, the step of outside output quantum key in quantum key reading operation can also include to output
Quantum key carries out the step of secondary encryption.
In quantum key management method according to the present invention, when can also be included in reception service request, certification user
The step of whether end equipment ID corresponds with key account.
Description of the drawings
Fig. 1 diagrammatically illustrates the frame diagram of quantum key management system according to the present invention;
Fig. 2 diagrammatically illustrates the key storage process in the key management method of the present invention;
Fig. 3 diagrammatically illustrates the key reading process in the key management method of the present invention;And
Fig. 4 diagrammatically illustrates the cipher key destruction process in the key management method of the present invention.
Specific implementation mode
Hereinafter, exemplary embodiment of the present invention is with reference to the accompanying drawings to detailed description.The following examples are to illustrate
Mode provide, so as to fully convey the present invention spirit to those skilled in the art in the invention.Therefore, the present invention is unlimited
In embodiment disclosed herein.
Fig. 1 shows quantum key management system according to the present invention, includes mainly service layer's module and data Layer mould
Block, and data exchange can be carried out by client and external user.
The data layer module of the present invention be used to store quantum key and related data.In the present invention, close for quantum
The characteristics of key uses, i.e., key reading frequency height and size of key are big, and data layer module is innovatively stored using distributed bottom
Mode is realized, specifically may include distributed data library unit and distributed file system unit, for storing different attribute
Quantum key data.
Specifically, distributed file system unit is based on distributed file system, be used to store in the present invention
Specific quantum key.In distributed file system, data can be not present in same physical disk, but can be with block
It is stored in the storage server cluster being made of multiple physical disks for cell distribution, and is carried out by upper layer operating system
Management, requirement of this storage architecture by significant decrease to individual server memory space are capable of providing very powerful system and expand
Exhibition ability and fault-tolerant ability are very suitable for the big data quantity storage of TB even PB ranks, this makes the deposit of magnanimity quantum key
It is possibly realized.In addition, in this distributed file system, a file creates, once passing through after write-in and closing, usually
Data can not be just changed, are only read and delete operation, this once leads with quantum key needs in quantum communication network
Enter the requirement for generating and repeatedly reading to be adapted to very much.Also, this data access requirements simplify Data Consistency so that
Application program can allow for carry out data access in the form of streaming, and the data access of non-user interactive mode, so that height gulps down
The data access for the amount of spitting is possibly realized, and can effectively improve the reading efficiency of quantum key, this is for improving quantum communications energy
It is especially advantageous for power.
Distributed data library unit be based on distributed database structure, be used in the present invention store key account and
The cipher key related datas such as cipher key index, so as to the efficient access to these cipher key related datas is provided, it is related to improve
The search efficiency of quantum key.Wherein, cipher key index is arranged for positioning quantum key.
Optionally, distributed file system of the present invention can include but is not limited to HDFS (Hadoop distributions
File system) and BC-oNest (distributed objects storage product).
Service layer's module of the present invention is used for storage, reading and the destruction of quantum key and quantum key correlation is deposited
Storage and transmission process in encryption/decryption, mainly including key enter library module, key read module, cipher key destruction module with
And encrypting-decrypting module.
Encrypting-decrypting module can be used for the quantum key and the keys phase such as key account and cipher key index to acquisition
It closes data and/decryption oprerations is encrypted, to ensure that quantum key data is close in quantum key associated storage and transmission process
Literary form, so as to improve the safety of key management system.In the present invention, encrypting-decrypting module can be preferably cipher card
Form.
Key enter library module for from key management terminal KMT (its can be integrated with key management functions quantum it is close
Key dissemination system) at obtain and quantum key and encrypted quantum key be loaded into data layer module, may include close
Key resolution unit and key writing unit.Wherein, key-parsing unit can be used for that (such as key application is asked according to business need
Ask, key read requests etc.) carry out the parsing in relation to quantum key and cipher key related data.Key writing unit can be used for by
In encrypted quantum key and cipher key related data (such as key account and cipher key index) write-in data layer module.
Cipher key destruction module, can be with for destroying the quantum key for using and/or failing from data layer module
Unit is eliminated including concurrent job unit, key addressing unit and key.
Positioning and query function of the key read module for externally providing quantum key.
It can also include data access interface in the key management system of the present invention, be used to provide and key is read
Module, key enter the management and access of library module, cipher key destruction module, encrypting-decrypting module and data layer module.In the present invention
In, data access interface can be configured to that (such as key storage business, key read business or key pin according to type of service
Ruin business) enter one of library module, key read module and cipher key destruction module from key and receives corresponding service request, and
The authentication of ustomer premises access equipment and key account is after according to type of service to key management terminal and data layer module
One of send corresponding service request.
For example, during key is put in storage, data access interface can be entered library module calling and therefrom reception amount by key
Sub-key application is asked, according to quantum key application request confirmation relative users end equipment and the one-to-one feelings of key account
Under condition, quantum key application request is sent to key management terminal to apply for quantum key.
In key reading process, data access interface can be called by key read module and therefrom receive quantum key
Read requests, in the case where confirming that relative users end equipment is corresponded with key account according to quantum key read requests,
The quantum key read requests are sent to data layer module to ask to read quantum key.
During cipher key destruction, data access interface can be called by cipher key destruction module and therefrom receive quantum key
Request is destroyed, in the case where destroying request confirmation ustomer premises access equipment with key account one-to-one correspondence according to quantum key, by this
Quantum key destroys request and is sent to data layer module to ask to destroy quantum key.
The key management method that the present invention is described below in conjunction with Fig. 2-4, to further understand the key pipe of the present invention
The structure of reason system.
Fig. 2 schematically illustrates the key storage process in the key management method of the present invention.
During key is put in storage, key enters library module and calls data access interface to propose quantum key application request.
It may include the number such as quantum key length, quantum key amount, ustomer premises access equipment ID, key account in quantum key application request
According to.In the present invention, this quantum key application request can be that batch proposes.
When data access interface is called, the identity information in asking quantum key application is needed to be authenticated, i.e.,
It is whether corresponding with key account to authenticate ustomer premises access equipment ID therein.When confirmation ustomer premises access equipment ID is a pair of with key account one
At once, data access interface then allows quantum key application request being sent to key management terminal KMT, corresponding with application push
Quantum key.Similarly, this application can also be accordingly that batch carries out.
Key management terminal asks it receiving the key application sent through data access interface
Afterwards, the ustomer premises access equipment ID in also asking key application carries out authentication with key account data, and
(batch) asks to push quantum key to data access interface according to key application after authentication passes through.
After service layer's module receives the quantum key pushed by key management terminal, by encrypting-decrypting module pair
The quantum key pushed is encrypted.So that quantum key and its related data (such as the user terminal distributed
Device id, key account, size of key, key length etc.) it is under ciphertext state always in key management system, to really
Protect the safety that quantum key stores and transmits process.
Before storing encrypted quantum key, also the validity of key account is authenticated.Currently have confirming
The key account of effect and then the quantum key for applying for (batch) carry out key-parsing according to business need, and according to quantum
The cipher key related datas such as key, key account generate corresponding cipher key index.Cipher key index will be used to inquire quantum key in number
According to the storage location in the distributed file system unit of layer module.Those skilled in the art it will be appreciated that in the present invention,
The cipher key index generated herein is also under ciphertext state.
Finally, (batch) by encrypted quantum key and the corresponding same encrypted key account generated and cipher key index this
A little key data file write data layer modules, wherein encrypted key account and cipher key index can be stored in distributed number
According in library unit, encrypted quantum key is then stored in distributed file system unit.
After completing quantum key in-stockroom operation, handling result is returned.
During above-mentioned storage, quantum key can be encrypted/deciphering module when being pushed to key management system
Impose encryption so that after this until storage process terminates this quantum key and stores and transmits stage, quantum key
And its related data is under ciphertext state always, is effectively improved the safety of the key management system.In addition, key account
The validity certification at family is pushed to key management system in quantum key, is carried out before write-in data layer module,
This set so that the efficiency to key management terminal or quantum key distribution system batch application quantum key is improved.Separately
Outside, according to the difference of data usage type, the contents such as key account, cipher key index and specific quantum key are stored in respectively
In distributed data library unit and distributed file system unit, it is capable of providing higher search efficiency, while being the amount of magnanimity
Sub-key, which provides, best stores and accesses scheme.
Fig. 3 schematically illustrates the key reading process in the key management method of the present invention.
In key reading process, key read module is called to initiate quantum key read requests by ustomer premises access equipment.It is close
Key read module carries out identity legitimacy certification to ustomer premises access equipment.This authentication can include but is not limited to pass through distribution
When preset PIN code confirm user's legitimacy.After identity legitimacy verification passes through, key read module opens the power of reading
Limit allows to call data access interface.
Key read module calls data access interface to propose quantum key read requests.It is adjusted in data access interface
Used time, need to be authenticated the identity information in quantum key read requests, i.e., to authenticate ustomer premises access equipment ID therein with
Whether quantum key account corresponds to.When confirming that ustomer premises access equipment ID is corresponded with quantum key account, data access interface
Then allow quantum key read requests being sent to data layer module, corresponding quantum key is read with application.
Due to the keys such as the quantum key in data layer module, stored and key account, cipher key index correlation
Data are at the ciphertext form after encrypted/deciphering module encryption.Therefore, in order to complete in data layer module
The inquiry of pairs of quantum key, it is also necessary to the primary key index encryption of user be generated into encryption by encrypting-decrypting module
User key index.
Encrypted user key index is sent to data layer module for being inquired.Wherein, it is also necessary to carry out
The certification of key account.After certification passes through, is parsed according to specific quantum key read requests, obtain key rope
Draw, the data such as key request amount.The encrypted quantum key read is needed using the positioning of encrypted cipher key index, and to reading
Size of key verified.After verification passes through, phase is returned to service layer's module according to specific quantum key read requests
The query result answered.Those skilled in the art are it will be appreciated that the query result returned is encrypted quantum key.
For the encrypted quantum key returned by data layer module, also need to utilize encryption/solution in service layer's module
It is decrypted in close module, then exports the quantum key to be read from key read module to ustomer premises access equipment.In order to
The safety for ensureing quantum key transmission can also carry out two before exporting quantum key to ustomer premises access equipment to quantum key
Secondary encryption.The close symmetric encipherment algorithm SM1/SM4 of such as state may be used in secondary encrypted Encryption Algorithm.
According to the introduction of the key management system above for the present invention it is found that in the present invention, to the behaviour of quantum key
It is typically limited to write-in, reads and deletes.Therefore, further include cipher key destruction process in the key management method of the present invention.
Fig. 4 schematically illustrates the cipher key destruction process in the key management method of the present invention.
During cipher key destruction, calls cipher key destruction module to initiate quantum key by ustomer premises access equipment and destroy request.It is close
Key destroys module and carries out identity legitimacy certification to ustomer premises access equipment.This authentication can include but is not limited to pass through distribution
When preset PIN code confirm user's legitimacy.After identity legitimacy verification passes through, cipher key destruction module allows to call number
According to access interface.
Cipher key destruction module calls data access interface to propose that quantum key destroys request.It is adjusted in data access interface
Used time, need to quantum key destroy request in identity information be authenticated, i.e., to authenticate ustomer premises access equipment ID therein with
Whether quantum key account corresponds to.When confirming that ustomer premises access equipment ID is corresponded with quantum key account, data access interface
Then allow to destroy quantum key and ask to be sent to data layer module, corresponding quantum key is destroyed with application.
Due to the keys such as the quantum key in data layer module, stored and key account, cipher key index correlation
Data are at the ciphertext form after encrypted/deciphering module encryption.Therefore, in order to complete in data layer module
The inquiry of pairs of quantum key, it is also necessary to the primary key index encryption of user be generated into encryption by encrypting-decrypting module
User key index.
Encrypted user key index is sent to data layer module for being inquired.Wherein, it is also necessary to carry out
The certification of key account.After certification passes through, request is destroyed according to specific quantum key and is parsed, key rope is obtained
Draw, the data such as key request destruction amount.The quantum key destroyed is needed using the positioning of encrypted cipher key index, to corresponding quantum
Key is destroyed, and is verified to the size of key of destruction.
After verification passes through, corresponding cipher key destruction handling result is returned to service layer's module.Wherein, in service layer's mould
It also needs to that the cipher key destruction handling result is decrypted using encrypting-decrypting module in block.
In conclusion on the one hand the quantum key management system and method for the present invention are innovatively proposed in quantum key pipe
A kind of novel encryption policy is arranged in the link that stores and transmits in reason, ensure in quantum key management system quantum key and
Its related data is under ciphertext state operates always, enhances the safeguard protection in quantum key management process;On the other hand,
For the handling characteristics of quantum key, distributed file system and distributed data are introduced simultaneously in a manner of combination
Library, according to the characteristics of two kinds of data store organisations pointedly by this mass data of quantum key and key account, key rope
The data such as draw to be respectively stored in distributed file system and distributed data base, so as to make full use of two kinds of data storages
The characteristics of structure, manages system for quantum key and provides highly efficient query capability, handling capacity bigger, more efficient reading
Ability and the stronger storage capacity of reliability and autgmentability, overcome such as well using user interactive data processing side
The defect existing in the prior art of formula.
The above described is only a preferred embodiment of the present invention, being not intended to limit the present invention in any form.Though
So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention.It is any to be familiar with those skilled in the art
Member, without departing from the scope of the technical proposal of the invention, all using the methods and technical content of the disclosure above to the present invention
Technical solution makes many possible changes and modifications, or is revised as the equivalent embodiment of equivalent variations.Therefore, it is every without departing from
The content of technical solution of the present invention, according to the technical essence of the invention any simple modification made to the above embodiment, equivalent
Variation and modification, still fall within technical solution of the present invention protection in the range of.
Claims (19)
1. a kind of distribution quantum key manages system comprising service layer's module and data layer module, service layer's module
It is configured to one or more of storage, reading and the operation for destroying that receive quantum key and execute the quantum key,
The data layer module is configured to store the quantum key and the quantum key related data, it is characterised in that:
Service layer's module includes encrypting-decrypting module, be used for the quantum key enter service layer's module it
Afterwards, the quantum key and the quantum key related data are encrypted;And the data layer module is using distribution
What formula bottom storage mode was realized.
2. quantum key as described in claim 1 manages system, wherein the data layer module includes distributed data base list
Member and distributed file system unit.
3. quantum key as claimed in claim 2 manages system, wherein the distributed file system unit is for storing institute
Quantum key is stated, the distributed data library unit is for storing the quantum key related data, the quantum key and institute
It is ciphertext form to state quantum key related data.
4. quantum key as described in claim 1 manages system, wherein the quantum key related data includes key account
And cipher key index, the cipher key index is for positioning the quantum key.
5. quantum key as described in claim 1 manages system, wherein the encrypting-decrypting module is further configured to, in institute
In reading and/or the operation for destroying of stating quantum key, the primary key index of user is encrypted.
6. quantum key as described in claim 1 manages system, wherein the encrypting-decrypting module is further configured to, in institute
In reading and/or the operation for destroying of stating quantum key, the query result returned to the data layer module is decrypted.
7. quantum key as described in claim 1 manages system, wherein service layer's module is further configured to,
In the reading operation of the quantum key, secondary encryption is carried out to the quantum key exported outward.
8. quantum key as described in claim 1 manages system, wherein service layer's module further includes key storage mould
Block, key read module and cipher key destruction module;
The key enters input work of the library module for executing the quantum key, is configured to manage eventually from quantum key
The quantum key is received at end, and the encrypted quantum key and the quantum key related data is loaded into described
Data layer module;
The key read module is used to execute the reading operation of the quantum key, is configured to from the data layer module
The quantum key is inquired, and the quantum key inquired is exported outward;
The cipher key destruction module is used to execute the operation for destroying of the quantum key, is configured to from the data layer module
The quantum key is inquired, and the quantum key inquired is destroyed from the data layer module.
9. quantum key as claimed in claim 8 manages system, wherein service layer's module further includes that data access connects
Mouthful, it is configured to enter library module, the key read module and the cipher key destruction mould from the key according to type of service
One of block place receives service request, and passes through later according to the industry in the authentication of ustomer premises access equipment ID and key account
Service type sends the service request to one of key management terminal and data layer module.
10. a kind of quantum key management method carries out quantum key input work according to service request, quantum key reads and makees
One or more of industry and quantum key operation for destroying, it is characterised in that:
The quantum key input work includes the steps that receiving quantum key, to the quantum key and the quantum key phase
The step of data are encrypted, and the mode that bottom stores in a distributed manner are closed to the encrypted quantum key and the quantum
The step of cipher key related data is stored.
11. quantum key management method as claimed in claim 10, wherein the storage of the encrypted quantum key is adopted
Distributed data base is used with the storage of distributed file system, the encrypted quantum key related data.
12. quantum key management method as claimed in claim 11, wherein the quantum key related data includes key account
Family and cipher key index, the cipher key index is for positioning the quantum key being stored in the distributed file system.
13. quantum key management method as claimed in claim 10, wherein the encryption the step of and the step of the storage
Further include the steps that being authenticated to the validity of key account between rapid.
14. quantum key management method as claimed in claim 11, wherein the quantum key reading operation include according to
The step of primary key index at family inquires the quantum key being stored in the distributed file system, and
The step of exporting quantum key outward according to query result.
15. quantum key management method as claimed in claim 11, wherein the quantum key operation for destroying include according to
The step of primary key index at family inquires the quantum key being stored in the distributed file system, and
The step of quantum key being destroyed according to query result.
16. the quantum key management method as described in claims 14 or 15, wherein the query steps further include to the use
The step of primary key index at family is encrypted.
17. quantum key management method as claimed in claim 14, wherein the step of outside output quantum key also wraps
Include the step of query result is decrypted.
18. quantum key management method as claimed in claim 17, wherein the step of outside output quantum key also wraps
Include the step of secondary encryption is carried out to the quantum key of output.
19. quantum key management method as claimed in claim 10 further includes when receiving the service request, certification is used
The step of whether family end equipment ID corresponds with key account.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244821.3A CN108737079B (en) | 2017-04-14 | 2017-04-14 | Distributed quantum key management system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244821.3A CN108737079B (en) | 2017-04-14 | 2017-04-14 | Distributed quantum key management system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737079A true CN108737079A (en) | 2018-11-02 |
CN108737079B CN108737079B (en) | 2021-05-07 |
Family
ID=63923772
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710244821.3A Active CN108737079B (en) | 2017-04-14 | 2017-04-14 | Distributed quantum key management system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737079B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110048833A (en) * | 2019-03-04 | 2019-07-23 | 全球能源互联网研究院有限公司 | Power business encryption method and device based on quantum satellite key network |
CN111860847A (en) * | 2020-07-22 | 2020-10-30 | 安徽华典大数据科技有限公司 | Data encryption method based on quantum computation |
CN112800439A (en) * | 2020-12-02 | 2021-05-14 | 中国电子科技集团公司第三十研究所 | Key management protocol design method and system for secure storage |
CN113904780A (en) * | 2021-12-10 | 2022-01-07 | 湖南师范大学 | Quantum-based batch identity authentication method, system, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102891876A (en) * | 2011-07-22 | 2013-01-23 | 中兴通讯股份有限公司 | Method and system for distributed data encryption under cloud computing environment |
CN106209739A (en) * | 2015-05-05 | 2016-12-07 | 科大国盾量子技术股份有限公司 | Cloud storage method and system |
CN205945769U (en) * | 2016-08-16 | 2017-02-08 | 广东国盾量子科技有限公司 | Quantum key chip |
CN106507344A (en) * | 2016-09-23 | 2017-03-15 | 浙江神州量子网络科技有限公司 | Quantum communication system and its communication means |
-
2017
- 2017-04-14 CN CN201710244821.3A patent/CN108737079B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102891876A (en) * | 2011-07-22 | 2013-01-23 | 中兴通讯股份有限公司 | Method and system for distributed data encryption under cloud computing environment |
CN106209739A (en) * | 2015-05-05 | 2016-12-07 | 科大国盾量子技术股份有限公司 | Cloud storage method and system |
CN205945769U (en) * | 2016-08-16 | 2017-02-08 | 广东国盾量子科技有限公司 | Quantum key chip |
CN106507344A (en) * | 2016-09-23 | 2017-03-15 | 浙江神州量子网络科技有限公司 | Quantum communication system and its communication means |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110048833A (en) * | 2019-03-04 | 2019-07-23 | 全球能源互联网研究院有限公司 | Power business encryption method and device based on quantum satellite key network |
CN110048833B (en) * | 2019-03-04 | 2021-10-29 | 全球能源互联网研究院有限公司 | Electric power service encryption method and device based on quantum satellite key network |
CN111860847A (en) * | 2020-07-22 | 2020-10-30 | 安徽华典大数据科技有限公司 | Data encryption method based on quantum computation |
CN111860847B (en) * | 2020-07-22 | 2024-03-22 | 安徽华典大数据科技有限公司 | Quantum computation-based data encryption method |
CN112800439A (en) * | 2020-12-02 | 2021-05-14 | 中国电子科技集团公司第三十研究所 | Key management protocol design method and system for secure storage |
CN112800439B (en) * | 2020-12-02 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Key management protocol design method and system for secure storage |
CN113904780A (en) * | 2021-12-10 | 2022-01-07 | 湖南师范大学 | Quantum-based batch identity authentication method, system, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108737079B (en) | 2021-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11108753B2 (en) | Securing files using per-file key encryption | |
US6185685B1 (en) | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same | |
CN105051750B (en) | System and method for encrypted file system layer | |
US7185194B2 (en) | System and method for distributed group management | |
CN106453384B (en) | Secure cloud disk system and secure encryption method thereof | |
US9094217B2 (en) | Secure credential store | |
US7035854B2 (en) | Content management system and methodology employing non-transferable access tokens to control data access | |
KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
CN105426775B (en) | A kind of method and system for protecting smart mobile phone information security | |
CN113572614A (en) | Security method and system for data transmission | |
US8953805B2 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
CN102906755A (en) | Content control method using certificate revocation lists | |
CN102483792A (en) | Method and apparatus for sharing documents | |
CN111274599A (en) | Data sharing method based on block chain and related device | |
CN108737079A (en) | Distributed quantum key manages system and method | |
WO2013002833A2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
CN113541935B (en) | Encryption cloud storage method, system, equipment and terminal supporting key escrow | |
CN104123506A (en) | Data access method and device and data encryption storage and access method and device | |
CN107800537A (en) | Encrypting database system and method, storage method and querying method based on quantum key distribution technology | |
CN114826574B (en) | Intelligent home safety communication system and communication method | |
CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
CN113127927B (en) | Attribute reconstruction encryption method and system for license chain data sharing and supervision | |
CN108494724B (en) | Cloud storage encryption system based on multi-authority attribute encryption algorithm | |
CN106919348A (en) | Distributed memory system and storage method that anti-violence is cracked |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |