CN110708159A - Multi-data center safety data transmission method based on quantum QKD technology - Google Patents
Multi-data center safety data transmission method based on quantum QKD technology Download PDFInfo
- Publication number
- CN110708159A CN110708159A CN201910794198.8A CN201910794198A CN110708159A CN 110708159 A CN110708159 A CN 110708159A CN 201910794198 A CN201910794198 A CN 201910794198A CN 110708159 A CN110708159 A CN 110708159A
- Authority
- CN
- China
- Prior art keywords
- data
- center
- backup center
- key
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 title claims abstract description 24
- 231100000279 safety data Toxicity 0.000 title claims description 4
- 230000001360 synchronised effect Effects 0.000 claims abstract description 20
- 238000011084 recovery Methods 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 3
- 238000005259 measurement Methods 0.000 claims 1
- 238000013500 data storage Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Abstract
The application relates to a quantum QKD technology-based multi-data center security data transmission method, which is applied to the technical field of data storage. The method comprises the following steps: s1, the data sender sends the ciphertext and the key to the data receiver respectively; s2, judging whether the data sender has a fault, if so, executing the step S3; the step S3, where the ciphertext and the synchronization key stored in the first data backup center and the second data backup center respectively are synchronized with each other through QKD; and S4, the first data backup center and/or the second data backup center are provided with the key and the ciphertext at the same time. By combining the QKD technology, the data cryptograph and the key synchronization of the data across machine rooms and different areas with high security level can be realized, and when a data sender fails, the data can be successfully recovered from a data receiver.
Description
Technical Field
The application relates to a quantum QKD technology-based multi-data center security data transmission method, which is applied to the technical field of data storage.
Background
In recent years, quantum technology has been rapidly developed, and Quantum Key Distribution (QKD) is one of the most mature technologies, and products are already put into commercial use in the market. QKD has unique advantages in data security due to its physical characteristics. The database encryption technology is combined with the quantum technology, so that the safety condition of the core data is greatly improved.
Taking an encryption system as an example, ciphertext data and a secret key are stored in the system, if the data all have a data center with a single node, even if the redundant backup of local data is realized, a single point fault caused by the downtime of a machine room also exists, and the data has great potential safety hazards. Through data synchronization among multiple nodes, the risk caused by single node failure can be reduced, but if cross-network is involved among the nodes, the possibility that the key is stolen exists, and therefore the safety of encrypted data is influenced.
Disclosure of Invention
In order to solve the technical problems, the application provides a multi-data center security data transmission method based on a quantum QKD technology.
A multi-data center safety data transmission method based on quantum QKD technology is based on quantum network transmission and comprises the following steps:
s1, multiple data interaction parties establish a quantum network, and a data sending party sends the ciphertext and the key to a first data backup center and a second data backup center with different attributes in a data receiving party respectively;
s2, judging whether the data sender has a fault, if so, executing the step S3; if the judgment result is normal, the ciphertext and the synchronous key which are respectively stored in the first data backup center and the second data backup center are not mutually synchronous;
the step S3, where the ciphertext and the synchronization key stored in the first data backup center and the second data backup center respectively are synchronized with each other through QKD;
and S4, the first data backup center and/or the second data backup center are provided with the key and the ciphertext at the same time.
Preferably, the data sender encrypts and decrypts data by using a QKD technique, and stores the encrypted ciphertext and the key at the same time.
Preferably, the step S1 includes:
s1.1, the data sender transmits and backs up the ciphertext to the first data backup center through a classical network;
s1.2, the data sender transmits and backs up the key to the second data backup center through a throughput sub-network in combination with a QKD technology.
Preferably, the first data backup center stores the ciphertext through a DB.
Preferably, the second data backup center generates the synchronization key through a measuring machine in a DB encryption system.
Preferably, in step S2, when the determination result is normal, both the DB of the first data backup center and the measuring machine of the second data backup center are in a sleep state.
Preferably, the step S3 includes:
and the first data backup center synchronizes the ciphertext to the second data backup center, and the DB of the second data backup center stores the ciphertext.
Preferably, in step S4, the second data backup center performs data recovery on the ciphertext through the key.
Preferably, the step S3 further includes:
and the second data backup center sends the synchronous key to the first data backup center, and a measuring machine of the first data backup center obtains the key according to the synchronous key.
Preferably, in step S4, the first data backup center performs data recovery on the ciphertext through the key.
In conclusion, the beneficial effects of the technical scheme are as follows:
by combining the QKD technology, the data ciphertext and the key synchronization of the high-security level across machine rooms and different areas can be realized, and the possibility of data stealing and attacking of any bypass and middleman is avoided. And data safety transmission in a real physical sense is realized.
Drawings
FIG. 1 is a schematic diagram of a multi-data center secure data transmission method based on quantum QKD technology according to the present invention;
FIG. 2 is a logic diagram of a multi-data center secure data transmission method based on quantum QKD technology according to the present invention;
FIG. 3 is a flow chart of a method for secure data transmission in multiple data centers based on quantum QKD technology according to the present invention;
fig. 4 is a flowchart of step S1 in a method for multiple data center secure data transmission based on quantum QKD technology according to the present invention.
Detailed Description
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that the conventional terms should be interpreted as having a meaning that is consistent with their meaning in the relevant art and this disclosure. The present disclosure is to be considered as an example of the invention and is not intended to limit the invention to the particular embodiments.
In the description of the embodiments of the present invention, it should be noted that the terms "first", "second", and the like are used for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
As shown in fig. 1-3, a method for multi-data center secure data transmission based on quantum QKD technology, based on quantum network transmission, includes the following steps:
s1, multiple data interaction parties establish a quantum network, and a data sending party sends the ciphertext and the key to a first data backup center and a second data backup center with different attributes in a data receiving party respectively;
s2, judging whether the data sender has a fault, if so, executing the step S3; if the judgment result is normal, the ciphertext and the synchronous key which are respectively stored in the first data backup center and the second data backup center are not mutually synchronous;
the step S3, where the ciphertext and the synchronization key stored in the first data backup center and the second data backup center respectively are synchronized with each other through QKD;
and S4, the first data backup center and/or the second data backup center are provided with the key and the ciphertext at the same time.
And the data sender encrypts and decrypts the data by a QKD technology and stores the encrypted ciphertext and the key at the same time.
Based on the QKD technology, the technical scheme can realize the data ciphertext and key synchronization of high-security level across machine rooms and different areas, and when a data sending party fails, the ciphertext and the synchronous key can be mutually synchronized between data receiving parties, and data can be successfully recovered after decryption recovery is carried out in respective data backup centers. When a data sender (namely a main data center) normally operates, the ciphertext and the synchronous key between the first data backup center and the second data backup center are not mutually synchronous, and the safety of data in the data receiver is ensured.
The step S1 is preceded by:
and S0, the data sender generates the ciphertext and the key from the received data through a DB encryption system.
As shown in fig. 3, the step S1 includes:
s1.1, the data sender transmits and backs up the ciphertext to the first data backup center through a classical network;
s1.2, the data sender transmits and backs up the key to the second data backup center through a throughput sub-network in combination with a QKD technology.
And the first data backup center stores the ciphertext through a DB. The second data backup center generates the synchronization key through a measuring machine in a DB encryption system.
In step S2, when the determination result is normal, both the DB of the first data backup center and the measuring machine of the second data backup center are in a dormant state.
The step S3 includes:
and the first data backup center synchronizes the ciphertext to the second data backup center, and the DB of the second data backup center stores the ciphertext.
In step S4, the second data backup center performs data recovery on the ciphertext through the key.
The step S3 further includes:
and the second data backup center sends the synchronous key to the first data backup center, and a measuring machine of the first data backup center obtains the key according to the synchronous key. And finally, the first data backup center restores the ciphertext by using the key.
In step S4, the first data backup center performs data recovery on the ciphertext through the key.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, those skilled in the art may make various changes or modifications within the scope of the appended claims.
Claims (10)
1. A multi-data center safety data transmission method based on quantum QKD technology is characterized by comprising the following steps based on quantum network transmission:
s1, multiple data interaction parties establish a quantum network, and a data sending party sends the ciphertext and the key to a first data backup center and a second data backup center with different attributes in a data receiving party respectively;
s2, judging whether the data sender has a fault, if so, executing the step S3; if the judgment result is normal, the ciphertext and the synchronous key which are respectively stored in the first data backup center and the second data backup center are not mutually synchronous;
the step S3, where the ciphertext and the synchronization key stored in the first data backup center and the second data backup center respectively are synchronized with each other through QKD;
and S4, the first data backup center and/or the second data backup center are provided with the key and the ciphertext at the same time.
2. The quantum QKD technology-based multiple data center secure data transmission method according to claim 1, wherein the data sender encrypts and decrypts data by QKD technology, and stores the encrypted ciphertext and the key at the same time.
3. The multiple data center secure data transmission method based on quantum QKD technology according to claim 1, wherein said step S1 includes:
s1.1, the data sender transmits and backs up the ciphertext to the first data backup center through a classical network;
s1.2, the data sender transmits and backs up the key to the second data backup center through a throughput sub-network in combination with a QKD technology.
4. The method for multi-data center secure data transmission based on quantum QKD technology according to claim 3, wherein said first data backup center stores said ciphertext through DB.
5. The method for multiple data center secure data transmission based on quantum QKD technology according to claim 4, wherein said second data backup center generates said synchronization key through a measurement machine in a DB encryption system.
6. The method for securely data transmission of multiple data centers based on quantum QKD technology according to claim 5, wherein in said step S2, when the determination result is normal, both DB of said first data backup center and measuring machine of said second data backup center are in a dormant state.
7. The multiple data center secure data transmission method based on quantum QKD technology according to claim 3, wherein said step S3 includes:
and the first data backup center synchronizes the ciphertext to the second data backup center, and the DB of the second data backup center stores the ciphertext.
8. The method for multi-data center secure data transmission based on quantum QKD technology according to claim 7, wherein in said step S4, said second data backup center performs data recovery on said ciphertext through said key.
9. The multiple data center secure data transmission method based on quantum QKD technique according to claim 3, wherein said step S3 further includes:
and the second data backup center sends the synchronous key to the first data backup center, and a measuring machine of the first data backup center obtains the key according to the synchronous key.
10. The method for multiple data center secure data transmission based on quantum QKD technology according to claim 10, wherein in said step S4, said first data backup center performs data recovery on said ciphertext through said key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910794198.8A CN110708159B (en) | 2019-08-27 | 2019-08-27 | Multi-data-center safety data transmission method based on quantum QKD technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910794198.8A CN110708159B (en) | 2019-08-27 | 2019-08-27 | Multi-data-center safety data transmission method based on quantum QKD technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110708159A true CN110708159A (en) | 2020-01-17 |
| CN110708159B CN110708159B (en) | 2023-04-07 |
Family
ID=69193666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910794198.8A Active CN110708159B (en) | 2019-08-27 | 2019-08-27 | Multi-data-center safety data transmission method based on quantum QKD technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110708159B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127900A (en) * | 2021-04-19 | 2021-07-16 | 上海同态信息科技有限责任公司 | Privacy computing software and hardware service mode based on homomorphic configuration encryption |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106126373A (en) * | 2016-06-21 | 2016-11-16 | 青岛海信传媒网络技术有限公司 | Data back up method and device, data reconstruction method and device |
| CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
| CN108965344A (en) * | 2018-09-30 | 2018-12-07 | 国网江苏省电力有限公司南京供电分公司 | A kind of system and method for strange land data safety backup |
| CN109462471A (en) * | 2018-12-28 | 2019-03-12 | 有份儿智慧科技股份有限公司 | The method of information transmission encryption based on national secret algorithm in conjunction with Technique on Quantum Communication |
| CN109561047A (en) * | 2017-09-26 | 2019-04-02 | 安徽问天量子科技股份有限公司 | Encryption data storage system and method based on the storage of key strange land |
| CN109714155A (en) * | 2019-03-13 | 2019-05-03 | 北京信息科技大学 | One kind being based on the collaborative editing system right management method of quantum key distribution (QKD) network |
-
2019
- 2019-08-27 CN CN201910794198.8A patent/CN110708159B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106126373A (en) * | 2016-06-21 | 2016-11-16 | 青岛海信传媒网络技术有限公司 | Data back up method and device, data reconstruction method and device |
| CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
| CN109561047A (en) * | 2017-09-26 | 2019-04-02 | 安徽问天量子科技股份有限公司 | Encryption data storage system and method based on the storage of key strange land |
| CN108965344A (en) * | 2018-09-30 | 2018-12-07 | 国网江苏省电力有限公司南京供电分公司 | A kind of system and method for strange land data safety backup |
| CN109462471A (en) * | 2018-12-28 | 2019-03-12 | 有份儿智慧科技股份有限公司 | The method of information transmission encryption based on national secret algorithm in conjunction with Technique on Quantum Communication |
| CN109714155A (en) * | 2019-03-13 | 2019-05-03 | 北京信息科技大学 | One kind being based on the collaborative editing system right management method of quantum key distribution (QKD) network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127900A (en) * | 2021-04-19 | 2021-07-16 | 上海同态信息科技有限责任公司 | Privacy computing software and hardware service mode based on homomorphic configuration encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110708159B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2610107B2 (en) | Method and apparatus for managing a network | |
| CN107682154B (en) | Extensible multi-user set quantum key sharing method | |
| US7698556B2 (en) | Secure spontaneous associations between networkable devices | |
| CN107508672A (en) | A kind of cipher key synchronization method and key synchronization device based on pool of symmetric keys, key synchronization system | |
| CN101155092B (en) | Wireless local area network access method, device and system | |
| WO2020192285A1 (en) | Key management method, security chip, service server and information system | |
| CN107248913B (en) | Quantum key synchronization system and method based on dynamic networking fault detection | |
| US8300830B2 (en) | Secure group communications | |
| CN100466583C (en) | Fast ring network method against attack based on RRPP, apparatus and system | |
| CN101917294A (en) | Method and equipment for updating anti-replay parameter during master and slave switching | |
| CN110708159B (en) | Multi-data-center safety data transmission method based on quantum QKD technology | |
| CN113055361A (en) | Secure communication method, device and system for DC interconnection | |
| CN103595529B (en) | The changing method of a kind of one-pass key and realize device | |
| JP2001103045A (en) | Storage device for backing up cryptographic key | |
| CN102970277B (en) | Method and system for building multi-source safety relevance | |
| JPH02121441A (en) | System and method of exchanging bucket | |
| CN106529350A (en) | Secure storage system | |
| CN102075361A (en) | Method and node equipment for recovering looped network business | |
| WO2017080488A1 (en) | Data transmission method and device | |
| CN112804063B (en) | Cascading method and related device | |
| CN101814987B (en) | Method and system for establishing key between nodes | |
| KR20190078451A (en) | Server and Recovery server for performing failure recovery of service server using block chain, Method for controlling the server | |
| CN106028319A (en) | Method and device for resisting illegal connection attack in slave Bluetooth device | |
| CN109996230A (en) | A kind of method that MCU serial communication obscures encryption raising bluetooth mesh network communication safety | |
| CN113515728A (en) | Internet of things platform software authorization control system and method based on multistage deployment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Hangzhou City, Zhejiang province Yuhang District 311100 West Street Wuchang No. 998 Building 5 Room 608 Applicant after: Flash it Co.,Ltd. Address before: Hangzhou City, Zhejiang province Yuhang District 311100 West Street Wuchang No. 998 Building 5 Room 608 Applicant before: HANGZHOU SECSMART INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 311121 Room 101, Building 9, No. 998, Wenyi West Road, Wuchang Subdistrict, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Flash it Co.,Ltd. Address before: Room 608, No. 998 Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee before: Flash it Co.,Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A secure data transmission method for multiple data centers based on quantum QKD technology Granted publication date: 20230407 Pledgee: Guotou Taikang Trust Co.,Ltd. Pledgor: Flash it Co.,Ltd. Registration number: Y2024980004915 |