CN108737079A - Distributed quantum key manages system and method - Google Patents

Distributed quantum key manages system and method Download PDF

Info

Publication number
CN108737079A
CN108737079A CN201710244821.3A CN201710244821A CN108737079A CN 108737079 A CN108737079 A CN 108737079A CN 201710244821 A CN201710244821 A CN 201710244821A CN 108737079 A CN108737079 A CN 108737079A
Authority
CN
China
Prior art keywords
quantum key
key
quantum
module
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710244821.3A
Other languages
Chinese (zh)
Other versions
CN108737079B (en
Inventor
陈庆
翟广华
游耀祥
冯同鑫
彭上丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong State Shield Quantum Technology Co Ltd
Quantumctek Co Ltd
Anhui Quantum Communication Technology Co Ltd
Original Assignee
Guangdong State Shield Quantum Technology Co Ltd
Anhui Quantum Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong State Shield Quantum Technology Co Ltd, Anhui Quantum Communication Technology Co Ltd filed Critical Guangdong State Shield Quantum Technology Co Ltd
Priority to CN201710244821.3A priority Critical patent/CN108737079B/en
Publication of CN108737079A publication Critical patent/CN108737079A/en
Application granted granted Critical
Publication of CN108737079B publication Critical patent/CN108737079B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses distributed quantum keys to manage system and method, is organically combined with distributed bottom memory technology to improve safe class and service efficiency in quantum key management wherein quantum key is stored and transmitted encryption technology.

Description

Distributed quantum key manages system and method
Technical field
The present invention relates to Technique on Quantum Communication fields, relate more specifically to the management system and method for quantum key.
Background technology
With the progress of internet data technology and the development of business model, in today that Internet technology flourishes, Using informationization technology and network technology, user can be helped to promote operation flow and real time business response.Meanwhile business information Networking also brings security threat, and the business data of business itself, sensitive data of corporate client etc. are once leaked, by band Carry out incalculable damage, and the information for communicating or storing is tampered, and but will bring serious consequence.Therefore, business information net Network, safety issue are most important.
In today that Distributed Calculation and quantum computer theory reach its maturity, currently based on the key of public key encryption algorithm Dissemination system safety is challenged, and Technique on Quantum Communication is in the unconditional security that physically ensure that information, can be with The attack of the system to network communication with unlimited computing capability is avoided, therefore on long terms, quantum communications are greatly likely to become The main way of future keys distribution brings revolutionary progress for the network information security.Quantum communication network realizes that quantum is close Key distributes (QKD) and by the quantum key generated for encrypting classical business datum.The quantum channel of quantum communication network is deposited The characteristics of eavesdropping is necessarily found to decode with encrypted content, the unconditional security of quantum communication network ensure that.
From the point of view of Encryption Algorithm angle, most of cryptographic systems can all be broken in attack with known plaintext, and one-time pad Algorithm may be implemented that network communication is so-called " unconditional security ", but the key consumption of one-time pad is extremely huge, therefore phase Access and the service efficiency for closing key are particularly critical.
Many different schemes are proposed in the management aspect of quantum key at present, to quantum key access procedure, management Mode and terminal access safety etc. are illustrated.Such as application No. is 201610843210.6,201610842874.0 Chinese invention patent application in related to management and the configuration method of quantum key, wherein discussing guarantee user terminal The technological means of communication security between quantum service centre, to solve quantum communication network in user terminal access link Safety issue.
However, the prior art including above-mentioned document is all the data processing system using user's interactive mode, it is this Processing system is bigger for memory space requirement, and the conventional login mode combined using username & password carries out user identity Identification, which exists, to be easy to usurp weighting limit and leads to the risk of modification information, and the inquiry effect in the case where data volume is more than certain rank Rate can significantly reduce, these are clearly unfavorable for the huge quantum communication system of quantum key quantity demand.These Unfavorable factor often causes existing quantum key management system that cannot provide its quantity to be enough and big flow communication operations phase The quantum key of adaptation leads to the unstable of communication operations process.In addition, above-mentioned document is conceived to user terminal access link Safety issue, and applicant noted that in quantum key management process, quantum key and its related data are in key pipe Access and transmission process in reason system are also the weak link for being easy to be broken into, and will certainly be become in quantum communication network One security risk.
Therefore, in existing quantum key Managed Solution, in terms of key management security and magnanimity key data There is urgent Improvement requirements for effective management aspect.
Invention content
Applicant is based on its above-mentioned unique understanding to prior art defect, in the key management system and method for the present invention In devise in key management system quantum key management control is encrypted to quantum key during store and transmit Security means, and the scheme that relationship index and distributed bottom memory technology are applied to key storage is proposed, by by two Person, which organically combines, to be effectively increased the safe class of quantum key in quantum key management system and method and uses effect Rate.
In one aspect of the invention, a kind of distributed quantum key management system is disclosed, may include service layer Module and data layer module.Service layer's module can be configured to receive quantum key and execute entering for quantum key One or more of library, reading and operation for destroying.The data layer module can be configured to store the quantum key and The quantum key related data.
In the present invention, it can be provided with encrypting-decrypting module in service layer's module, for entering in the quantum key After service layer's module, the quantum key and the quantum key related data are encrypted.It is possible thereby to so that The process that stores and transmits of quantum key and its related data in management system is under encrypted state always, to raising amount The safety of sub-key.
In the present invention, data layer module can be realized using distributed bottom storage mode.Specifically, described Data layer module may include distributed data library unit and distributed file system unit.Wherein, the distributed field system System unit can be used for storing the quantum key;The distributed data library unit can be used for storing the quantum key phase Data are closed, the quantum key and the quantum key related data are ciphertext form.Quantum key related data may include Key account and cipher key index for positioning quantum key.It is stored by the way that different storage schemes is pointedly respectively adopted The specific cipher key related datas such as quantum key and key account, cipher key index can improve management system queries effect While rate, the possibility that efficient access is carried out to magnanimity quantum key is provided.
In the present invention, encrypting-decrypting module is also configured to, in the reading and/or destruction of the quantum key In operation, the primary key index of user is encrypted.
In the present invention, encrypting-decrypting module can be further configured to, in the reading and/or destruction of the quantum key In operation, the query result returned to the data layer module is decrypted.
In the present invention, service layer's module can be further configured to, and be made in the reading of the quantum key In industry, secondary encryption is carried out to the quantum key exported outward.
In the present invention, service layer's module can also enter library module, key read module and key pin including key Ruin module.Wherein, the key enters input work of the library module for executing the quantum key, may be configured to from amount Receive the quantum key at sub-key management terminal, and by the encrypted quantum key and the quantum key dependency number According to being loaded into the data layer module.The key read module is used to execute the reading operation of the quantum key, can be with It is configured to inquire the quantum key from the data layer module, and the quantum key inquired is exported outward. The cipher key destruction module is used to execute the operation for destroying of the quantum key, may be configured to from the data layer module The quantum key is inquired, and the quantum key inquired is destroyed from the data layer module.
In the present invention, service layer's module can also include data access interface, be configured to according to service class Type enters reception service request from one of library module, the key read module and described cipher key destruction module from the key, and And in the authentication of ustomer premises access equipment ID and key account after according to the type of service to key management terminal and One of data layer module sends the service request.
Another aspect of the present invention discloses a kind of quantum key management method, can carry out quantum according to service request One or more of key input work, quantum key reading operation and quantum key operation for destroying.
Wherein, the quantum key input work may include the step of receiving quantum key, to the quantum key and The step of quantum key related data is encrypted, and the mode that bottom stores in a distributed manner is to the encrypted quantum The step of key and the quantum key related data are stored.
Further, distributed file system may be used in the storage of the encrypted quantum key;The encryption The storage of the quantum key related data distributed data base may be used.
Further, the quantum key related data may include key account and cipher key index.Wherein, described close Key index can be used for positioning the quantum key being stored in the distributed file system.
Further, the encryption the step of and the step of the storage between can also include having to key account The step of effect property is authenticated.
In the present invention, the quantum key reading operation may include being indexed according to the primary key of user to being stored in The step of quantum key in the distributed file system is inquired, and quantum is exported according to query result outward The step of key.
In the present invention, the quantum key operation for destroying may include being indexed according to the primary key of user to being stored in The step of quantum key in the distributed file system is inquired, and quantum key is destroyed according to query result The step of.
Further, the query steps in quantum key reading operation and/or quantum key operation for destroying can also include The step of primary key index of the user is encrypted.
Further, the step of outside output quantum key in quantum key reading operation can also include looking into described Ask the step of result is decrypted.
Further, the step of outside output quantum key in quantum key reading operation can also include to output Quantum key carries out the step of secondary encryption.
In quantum key management method according to the present invention, when can also be included in reception service request, certification user The step of whether end equipment ID corresponds with key account.
Description of the drawings
Fig. 1 diagrammatically illustrates the frame diagram of quantum key management system according to the present invention;
Fig. 2 diagrammatically illustrates the key storage process in the key management method of the present invention;
Fig. 3 diagrammatically illustrates the key reading process in the key management method of the present invention;And
Fig. 4 diagrammatically illustrates the cipher key destruction process in the key management method of the present invention.
Specific implementation mode
Hereinafter, exemplary embodiment of the present invention is with reference to the accompanying drawings to detailed description.The following examples are to illustrate Mode provide, so as to fully convey the present invention spirit to those skilled in the art in the invention.Therefore, the present invention is unlimited In embodiment disclosed herein.
Fig. 1 shows quantum key management system according to the present invention, includes mainly service layer's module and data Layer mould Block, and data exchange can be carried out by client and external user.
The data layer module of the present invention be used to store quantum key and related data.In the present invention, close for quantum The characteristics of key uses, i.e., key reading frequency height and size of key are big, and data layer module is innovatively stored using distributed bottom Mode is realized, specifically may include distributed data library unit and distributed file system unit, for storing different attribute Quantum key data.
Specifically, distributed file system unit is based on distributed file system, be used to store in the present invention Specific quantum key.In distributed file system, data can be not present in same physical disk, but can be with block It is stored in the storage server cluster being made of multiple physical disks for cell distribution, and is carried out by upper layer operating system Management, requirement of this storage architecture by significant decrease to individual server memory space are capable of providing very powerful system and expand Exhibition ability and fault-tolerant ability are very suitable for the big data quantity storage of TB even PB ranks, this makes the deposit of magnanimity quantum key It is possibly realized.In addition, in this distributed file system, a file creates, once passing through after write-in and closing, usually Data can not be just changed, are only read and delete operation, this once leads with quantum key needs in quantum communication network Enter the requirement for generating and repeatedly reading to be adapted to very much.Also, this data access requirements simplify Data Consistency so that Application program can allow for carry out data access in the form of streaming, and the data access of non-user interactive mode, so that height gulps down The data access for the amount of spitting is possibly realized, and can effectively improve the reading efficiency of quantum key, this is for improving quantum communications energy It is especially advantageous for power.
Distributed data library unit be based on distributed database structure, be used in the present invention store key account and The cipher key related datas such as cipher key index, so as to the efficient access to these cipher key related datas is provided, it is related to improve The search efficiency of quantum key.Wherein, cipher key index is arranged for positioning quantum key.
Optionally, distributed file system of the present invention can include but is not limited to HDFS (Hadoop distributions File system) and BC-oNest (distributed objects storage product).
Service layer's module of the present invention is used for storage, reading and the destruction of quantum key and quantum key correlation is deposited Storage and transmission process in encryption/decryption, mainly including key enter library module, key read module, cipher key destruction module with And encrypting-decrypting module.
Encrypting-decrypting module can be used for the quantum key and the keys phase such as key account and cipher key index to acquisition It closes data and/decryption oprerations is encrypted, to ensure that quantum key data is close in quantum key associated storage and transmission process Literary form, so as to improve the safety of key management system.In the present invention, encrypting-decrypting module can be preferably cipher card Form.
Key enter library module for from key management terminal KMT (its can be integrated with key management functions quantum it is close Key dissemination system) at obtain and quantum key and encrypted quantum key be loaded into data layer module, may include close Key resolution unit and key writing unit.Wherein, key-parsing unit can be used for that (such as key application is asked according to business need Ask, key read requests etc.) carry out the parsing in relation to quantum key and cipher key related data.Key writing unit can be used for by In encrypted quantum key and cipher key related data (such as key account and cipher key index) write-in data layer module.
Cipher key destruction module, can be with for destroying the quantum key for using and/or failing from data layer module Unit is eliminated including concurrent job unit, key addressing unit and key.
Positioning and query function of the key read module for externally providing quantum key.
It can also include data access interface in the key management system of the present invention, be used to provide and key is read Module, key enter the management and access of library module, cipher key destruction module, encrypting-decrypting module and data layer module.In the present invention In, data access interface can be configured to that (such as key storage business, key read business or key pin according to type of service Ruin business) enter one of library module, key read module and cipher key destruction module from key and receives corresponding service request, and The authentication of ustomer premises access equipment and key account is after according to type of service to key management terminal and data layer module One of send corresponding service request.
For example, during key is put in storage, data access interface can be entered library module calling and therefrom reception amount by key Sub-key application is asked, according to quantum key application request confirmation relative users end equipment and the one-to-one feelings of key account Under condition, quantum key application request is sent to key management terminal to apply for quantum key.
In key reading process, data access interface can be called by key read module and therefrom receive quantum key Read requests, in the case where confirming that relative users end equipment is corresponded with key account according to quantum key read requests, The quantum key read requests are sent to data layer module to ask to read quantum key.
During cipher key destruction, data access interface can be called by cipher key destruction module and therefrom receive quantum key Request is destroyed, in the case where destroying request confirmation ustomer premises access equipment with key account one-to-one correspondence according to quantum key, by this Quantum key destroys request and is sent to data layer module to ask to destroy quantum key.
The key management method that the present invention is described below in conjunction with Fig. 2-4, to further understand the key pipe of the present invention The structure of reason system.
Fig. 2 schematically illustrates the key storage process in the key management method of the present invention.
During key is put in storage, key enters library module and calls data access interface to propose quantum key application request. It may include the number such as quantum key length, quantum key amount, ustomer premises access equipment ID, key account in quantum key application request According to.In the present invention, this quantum key application request can be that batch proposes.
When data access interface is called, the identity information in asking quantum key application is needed to be authenticated, i.e., It is whether corresponding with key account to authenticate ustomer premises access equipment ID therein.When confirmation ustomer premises access equipment ID is a pair of with key account one At once, data access interface then allows quantum key application request being sent to key management terminal KMT, corresponding with application push Quantum key.Similarly, this application can also be accordingly that batch carries out.
Key management terminal asks it receiving the key application sent through data access interface
Afterwards, the ustomer premises access equipment ID in also asking key application carries out authentication with key account data, and (batch) asks to push quantum key to data access interface according to key application after authentication passes through.
After service layer's module receives the quantum key pushed by key management terminal, by encrypting-decrypting module pair The quantum key pushed is encrypted.So that quantum key and its related data (such as the user terminal distributed Device id, key account, size of key, key length etc.) it is under ciphertext state always in key management system, to really Protect the safety that quantum key stores and transmits process.
Before storing encrypted quantum key, also the validity of key account is authenticated.Currently have confirming The key account of effect and then the quantum key for applying for (batch) carry out key-parsing according to business need, and according to quantum The cipher key related datas such as key, key account generate corresponding cipher key index.Cipher key index will be used to inquire quantum key in number According to the storage location in the distributed file system unit of layer module.Those skilled in the art it will be appreciated that in the present invention, The cipher key index generated herein is also under ciphertext state.
Finally, (batch) by encrypted quantum key and the corresponding same encrypted key account generated and cipher key index this A little key data file write data layer modules, wherein encrypted key account and cipher key index can be stored in distributed number According in library unit, encrypted quantum key is then stored in distributed file system unit.
After completing quantum key in-stockroom operation, handling result is returned.
During above-mentioned storage, quantum key can be encrypted/deciphering module when being pushed to key management system Impose encryption so that after this until storage process terminates this quantum key and stores and transmits stage, quantum key And its related data is under ciphertext state always, is effectively improved the safety of the key management system.In addition, key account The validity certification at family is pushed to key management system in quantum key, is carried out before write-in data layer module, This set so that the efficiency to key management terminal or quantum key distribution system batch application quantum key is improved.Separately Outside, according to the difference of data usage type, the contents such as key account, cipher key index and specific quantum key are stored in respectively In distributed data library unit and distributed file system unit, it is capable of providing higher search efficiency, while being the amount of magnanimity Sub-key, which provides, best stores and accesses scheme.
Fig. 3 schematically illustrates the key reading process in the key management method of the present invention.
In key reading process, key read module is called to initiate quantum key read requests by ustomer premises access equipment.It is close Key read module carries out identity legitimacy certification to ustomer premises access equipment.This authentication can include but is not limited to pass through distribution When preset PIN code confirm user's legitimacy.After identity legitimacy verification passes through, key read module opens the power of reading Limit allows to call data access interface.
Key read module calls data access interface to propose quantum key read requests.It is adjusted in data access interface Used time, need to be authenticated the identity information in quantum key read requests, i.e., to authenticate ustomer premises access equipment ID therein with Whether quantum key account corresponds to.When confirming that ustomer premises access equipment ID is corresponded with quantum key account, data access interface Then allow quantum key read requests being sent to data layer module, corresponding quantum key is read with application.
Due to the keys such as the quantum key in data layer module, stored and key account, cipher key index correlation Data are at the ciphertext form after encrypted/deciphering module encryption.Therefore, in order to complete in data layer module The inquiry of pairs of quantum key, it is also necessary to the primary key index encryption of user be generated into encryption by encrypting-decrypting module User key index.
Encrypted user key index is sent to data layer module for being inquired.Wherein, it is also necessary to carry out The certification of key account.After certification passes through, is parsed according to specific quantum key read requests, obtain key rope Draw, the data such as key request amount.The encrypted quantum key read is needed using the positioning of encrypted cipher key index, and to reading Size of key verified.After verification passes through, phase is returned to service layer's module according to specific quantum key read requests The query result answered.Those skilled in the art are it will be appreciated that the query result returned is encrypted quantum key.
For the encrypted quantum key returned by data layer module, also need to utilize encryption/solution in service layer's module It is decrypted in close module, then exports the quantum key to be read from key read module to ustomer premises access equipment.In order to The safety for ensureing quantum key transmission can also carry out two before exporting quantum key to ustomer premises access equipment to quantum key Secondary encryption.The close symmetric encipherment algorithm SM1/SM4 of such as state may be used in secondary encrypted Encryption Algorithm.
According to the introduction of the key management system above for the present invention it is found that in the present invention, to the behaviour of quantum key It is typically limited to write-in, reads and deletes.Therefore, further include cipher key destruction process in the key management method of the present invention.
Fig. 4 schematically illustrates the cipher key destruction process in the key management method of the present invention.
During cipher key destruction, calls cipher key destruction module to initiate quantum key by ustomer premises access equipment and destroy request.It is close Key destroys module and carries out identity legitimacy certification to ustomer premises access equipment.This authentication can include but is not limited to pass through distribution When preset PIN code confirm user's legitimacy.After identity legitimacy verification passes through, cipher key destruction module allows to call number According to access interface.
Cipher key destruction module calls data access interface to propose that quantum key destroys request.It is adjusted in data access interface Used time, need to quantum key destroy request in identity information be authenticated, i.e., to authenticate ustomer premises access equipment ID therein with Whether quantum key account corresponds to.When confirming that ustomer premises access equipment ID is corresponded with quantum key account, data access interface Then allow to destroy quantum key and ask to be sent to data layer module, corresponding quantum key is destroyed with application.
Due to the keys such as the quantum key in data layer module, stored and key account, cipher key index correlation Data are at the ciphertext form after encrypted/deciphering module encryption.Therefore, in order to complete in data layer module The inquiry of pairs of quantum key, it is also necessary to the primary key index encryption of user be generated into encryption by encrypting-decrypting module User key index.
Encrypted user key index is sent to data layer module for being inquired.Wherein, it is also necessary to carry out The certification of key account.After certification passes through, request is destroyed according to specific quantum key and is parsed, key rope is obtained Draw, the data such as key request destruction amount.The quantum key destroyed is needed using the positioning of encrypted cipher key index, to corresponding quantum Key is destroyed, and is verified to the size of key of destruction.
After verification passes through, corresponding cipher key destruction handling result is returned to service layer's module.Wherein, in service layer's mould It also needs to that the cipher key destruction handling result is decrypted using encrypting-decrypting module in block.
In conclusion on the one hand the quantum key management system and method for the present invention are innovatively proposed in quantum key pipe A kind of novel encryption policy is arranged in the link that stores and transmits in reason, ensure in quantum key management system quantum key and Its related data is under ciphertext state operates always, enhances the safeguard protection in quantum key management process;On the other hand, For the handling characteristics of quantum key, distributed file system and distributed data are introduced simultaneously in a manner of combination Library, according to the characteristics of two kinds of data store organisations pointedly by this mass data of quantum key and key account, key rope The data such as draw to be respectively stored in distributed file system and distributed data base, so as to make full use of two kinds of data storages The characteristics of structure, manages system for quantum key and provides highly efficient query capability, handling capacity bigger, more efficient reading Ability and the stronger storage capacity of reliability and autgmentability, overcome such as well using user interactive data processing side The defect existing in the prior art of formula.
The above described is only a preferred embodiment of the present invention, being not intended to limit the present invention in any form.Though So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention.It is any to be familiar with those skilled in the art Member, without departing from the scope of the technical proposal of the invention, all using the methods and technical content of the disclosure above to the present invention Technical solution makes many possible changes and modifications, or is revised as the equivalent embodiment of equivalent variations.Therefore, it is every without departing from The content of technical solution of the present invention, according to the technical essence of the invention any simple modification made to the above embodiment, equivalent Variation and modification, still fall within technical solution of the present invention protection in the range of.

Claims (19)

1. a kind of distribution quantum key manages system comprising service layer's module and data layer module, service layer's module It is configured to one or more of storage, reading and the operation for destroying that receive quantum key and execute the quantum key, The data layer module is configured to store the quantum key and the quantum key related data, it is characterised in that:
Service layer's module includes encrypting-decrypting module, be used for the quantum key enter service layer's module it Afterwards, the quantum key and the quantum key related data are encrypted;And the data layer module is using distribution What formula bottom storage mode was realized.
2. quantum key as described in claim 1 manages system, wherein the data layer module includes distributed data base list Member and distributed file system unit.
3. quantum key as claimed in claim 2 manages system, wherein the distributed file system unit is for storing institute Quantum key is stated, the distributed data library unit is for storing the quantum key related data, the quantum key and institute It is ciphertext form to state quantum key related data.
4. quantum key as described in claim 1 manages system, wherein the quantum key related data includes key account And cipher key index, the cipher key index is for positioning the quantum key.
5. quantum key as described in claim 1 manages system, wherein the encrypting-decrypting module is further configured to, in institute In reading and/or the operation for destroying of stating quantum key, the primary key index of user is encrypted.
6. quantum key as described in claim 1 manages system, wherein the encrypting-decrypting module is further configured to, in institute In reading and/or the operation for destroying of stating quantum key, the query result returned to the data layer module is decrypted.
7. quantum key as described in claim 1 manages system, wherein service layer's module is further configured to, In the reading operation of the quantum key, secondary encryption is carried out to the quantum key exported outward.
8. quantum key as described in claim 1 manages system, wherein service layer's module further includes key storage mould Block, key read module and cipher key destruction module;
The key enters input work of the library module for executing the quantum key, is configured to manage eventually from quantum key The quantum key is received at end, and the encrypted quantum key and the quantum key related data is loaded into described Data layer module;
The key read module is used to execute the reading operation of the quantum key, is configured to from the data layer module The quantum key is inquired, and the quantum key inquired is exported outward;
The cipher key destruction module is used to execute the operation for destroying of the quantum key, is configured to from the data layer module The quantum key is inquired, and the quantum key inquired is destroyed from the data layer module.
9. quantum key as claimed in claim 8 manages system, wherein service layer's module further includes that data access connects Mouthful, it is configured to enter library module, the key read module and the cipher key destruction mould from the key according to type of service One of block place receives service request, and passes through later according to the industry in the authentication of ustomer premises access equipment ID and key account Service type sends the service request to one of key management terminal and data layer module.
10. a kind of quantum key management method carries out quantum key input work according to service request, quantum key reads and makees One or more of industry and quantum key operation for destroying, it is characterised in that:
The quantum key input work includes the steps that receiving quantum key, to the quantum key and the quantum key phase The step of data are encrypted, and the mode that bottom stores in a distributed manner are closed to the encrypted quantum key and the quantum The step of cipher key related data is stored.
11. quantum key management method as claimed in claim 10, wherein the storage of the encrypted quantum key is adopted Distributed data base is used with the storage of distributed file system, the encrypted quantum key related data.
12. quantum key management method as claimed in claim 11, wherein the quantum key related data includes key account Family and cipher key index, the cipher key index is for positioning the quantum key being stored in the distributed file system.
13. quantum key management method as claimed in claim 10, wherein the encryption the step of and the step of the storage Further include the steps that being authenticated to the validity of key account between rapid.
14. quantum key management method as claimed in claim 11, wherein the quantum key reading operation include according to The step of primary key index at family inquires the quantum key being stored in the distributed file system, and The step of exporting quantum key outward according to query result.
15. quantum key management method as claimed in claim 11, wherein the quantum key operation for destroying include according to The step of primary key index at family inquires the quantum key being stored in the distributed file system, and The step of quantum key being destroyed according to query result.
16. the quantum key management method as described in claims 14 or 15, wherein the query steps further include to the use The step of primary key index at family is encrypted.
17. quantum key management method as claimed in claim 14, wherein the step of outside output quantum key also wraps Include the step of query result is decrypted.
18. quantum key management method as claimed in claim 17, wherein the step of outside output quantum key also wraps Include the step of secondary encryption is carried out to the quantum key of output.
19. quantum key management method as claimed in claim 10 further includes when receiving the service request, certification is used The step of whether family end equipment ID corresponds with key account.
CN201710244821.3A 2017-04-14 2017-04-14 Distributed quantum key management system and method Active CN108737079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710244821.3A CN108737079B (en) 2017-04-14 2017-04-14 Distributed quantum key management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710244821.3A CN108737079B (en) 2017-04-14 2017-04-14 Distributed quantum key management system and method

Publications (2)

Publication Number Publication Date
CN108737079A true CN108737079A (en) 2018-11-02
CN108737079B CN108737079B (en) 2021-05-07

Family

ID=63923772

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710244821.3A Active CN108737079B (en) 2017-04-14 2017-04-14 Distributed quantum key management system and method

Country Status (1)

Country Link
CN (1) CN108737079B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048833A (en) * 2019-03-04 2019-07-23 全球能源互联网研究院有限公司 Power business encryption method and device based on quantum satellite key network
CN111860847A (en) * 2020-07-22 2020-10-30 安徽华典大数据科技有限公司 Data encryption method based on quantum computation
CN112800439A (en) * 2020-12-02 2021-05-14 中国电子科技集团公司第三十研究所 Key management protocol design method and system for secure storage
CN113904780A (en) * 2021-12-10 2022-01-07 湖南师范大学 Quantum-based batch identity authentication method, system, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891876A (en) * 2011-07-22 2013-01-23 中兴通讯股份有限公司 Method and system for distributed data encryption under cloud computing environment
CN106209739A (en) * 2015-05-05 2016-12-07 科大国盾量子技术股份有限公司 Cloud storage method and system
CN205945769U (en) * 2016-08-16 2017-02-08 广东国盾量子科技有限公司 Quantum key chip
CN106507344A (en) * 2016-09-23 2017-03-15 浙江神州量子网络科技有限公司 Quantum communication system and its communication means

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891876A (en) * 2011-07-22 2013-01-23 中兴通讯股份有限公司 Method and system for distributed data encryption under cloud computing environment
CN106209739A (en) * 2015-05-05 2016-12-07 科大国盾量子技术股份有限公司 Cloud storage method and system
CN205945769U (en) * 2016-08-16 2017-02-08 广东国盾量子科技有限公司 Quantum key chip
CN106507344A (en) * 2016-09-23 2017-03-15 浙江神州量子网络科技有限公司 Quantum communication system and its communication means

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048833A (en) * 2019-03-04 2019-07-23 全球能源互联网研究院有限公司 Power business encryption method and device based on quantum satellite key network
CN110048833B (en) * 2019-03-04 2021-10-29 全球能源互联网研究院有限公司 Electric power service encryption method and device based on quantum satellite key network
CN111860847A (en) * 2020-07-22 2020-10-30 安徽华典大数据科技有限公司 Data encryption method based on quantum computation
CN111860847B (en) * 2020-07-22 2024-03-22 安徽华典大数据科技有限公司 Quantum computation-based data encryption method
CN112800439A (en) * 2020-12-02 2021-05-14 中国电子科技集团公司第三十研究所 Key management protocol design method and system for secure storage
CN112800439B (en) * 2020-12-02 2022-02-08 中国电子科技集团公司第三十研究所 Key management protocol design method and system for secure storage
CN113904780A (en) * 2021-12-10 2022-01-07 湖南师范大学 Quantum-based batch identity authentication method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN108737079B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
US11108753B2 (en) Securing files using per-file key encryption
US6185685B1 (en) Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
CN105051750B (en) System and method for encrypted file system layer
US7185194B2 (en) System and method for distributed group management
CN106453384B (en) Secure cloud disk system and secure encryption method thereof
US9094217B2 (en) Secure credential store
US7035854B2 (en) Content management system and methodology employing non-transferable access tokens to control data access
KR101371608B1 (en) Database Management System and Encrypting Method thereof
CN105426775B (en) A kind of method and system for protecting smart mobile phone information security
CN113572614A (en) Security method and system for data transmission
US8953805B2 (en) Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
CN102906755A (en) Content control method using certificate revocation lists
CN102483792A (en) Method and apparatus for sharing documents
CN111274599A (en) Data sharing method based on block chain and related device
CN108737079A (en) Distributed quantum key manages system and method
WO2013002833A2 (en) Binding of cryptographic content using unique device characteristics with server heuristics
CN113541935B (en) Encryption cloud storage method, system, equipment and terminal supporting key escrow
CN104123506A (en) Data access method and device and data encryption storage and access method and device
CN107800537A (en) Encrypting database system and method, storage method and querying method based on quantum key distribution technology
CN114826574B (en) Intelligent home safety communication system and communication method
CN102752112A (en) Authority control method and device based on signed message 1 (SM1)/SM2 algorithm
CN113127927B (en) Attribute reconstruction encryption method and system for license chain data sharing and supervision
CN108494724B (en) Cloud storage encryption system based on multi-authority attribute encryption algorithm
CN106919348A (en) Distributed memory system and storage method that anti-violence is cracked

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant