CN112436936A - Cloud storage method and system with quantum encryption function - Google Patents

Cloud storage method and system with quantum encryption function Download PDF

Info

Publication number
CN112436936A
CN112436936A CN202011251970.0A CN202011251970A CN112436936A CN 112436936 A CN112436936 A CN 112436936A CN 202011251970 A CN202011251970 A CN 202011251970A CN 112436936 A CN112436936 A CN 112436936A
Authority
CN
China
Prior art keywords
data
quantum
cloud storage
app
key data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011251970.0A
Other languages
Chinese (zh)
Other versions
CN112436936B (en
Inventor
左美向
王震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Zhongke Qixin Technology Co ltd
Original Assignee
Anhui Liangantong Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Liangantong Information Technology Co ltd filed Critical Anhui Liangantong Information Technology Co ltd
Priority to CN202011251970.0A priority Critical patent/CN112436936B/en
Publication of CN112436936A publication Critical patent/CN112436936A/en
Application granted granted Critical
Publication of CN112436936B publication Critical patent/CN112436936B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提出了一种具备量子加密功能的云存储方法及系统,APP向所述量子安全服务平台发送获取初始化的第一密钥数据请求,在获取到所述第一密钥数据后,调用所述安全控件对所述第一密钥数据进行处理后得到密文形式的第二密钥数据,所述安全控件向所述APP返回对所述第一密钥数据的处理结果,在用户向APP发送加解密数据请求时,从量子安全服务平台获取转加密密钥以及来自云端系统的密文数据在本地客户端中进行解密,从而获取明文数据,在本发明中,通过APP调用安全控件实现云存储的密文数据和密钥的分离,最大限度的保证客户的数据隐私安全。

Figure 202011251970

The present invention provides a cloud storage method and system with quantum encryption function. An APP sends a request for obtaining the initialized first key data to the quantum security service platform, and after obtaining the first key data, calls the After the security control processes the first key data, the second key data in the form of ciphertext is obtained, the security control returns the processing result of the first key data to the APP, and the user sends the APP to the APP. When sending an encryption/decryption data request, the transfer encryption key is obtained from the quantum security service platform and the ciphertext data from the cloud system is decrypted in the local client to obtain plaintext data. The separation of stored ciphertext data and keys ensures maximum data privacy and security for customers.

Figure 202011251970

Description

Cloud storage method and system with quantum encryption function
Technical Field
The invention belongs to the technical field of cloud storage, and particularly relates to a cloud storage method and system with a quantum encryption function.
Background
The cloud storage is a cloud computing system taking data access and management as a core, and the system has the advantages that on one hand, a user can be connected to the cloud storage at any time and any place through any connectable device, and the data access operation can be conveniently carried out; on the other hand, a user does not need to invest in a local data center or a special remote site to maintain and manage data, and a large amount of low-cost storage space can be obtained by utilizing cloud storage. Based on the advantages of the two aspects, in recent years, cloud storage technology has been rapidly developed, and more users select to use cloud storage.
The existing cloud storage service has the following disadvantages:
(1) the cloud storage service is provided by a cloud service provider without adopting an encryption function or an encryption function, keys and data are stored in the cloud end, and the data security of customers cannot be guaranteed;
(2) the randomness of the data encryption key is insufficient.
Disclosure of Invention
Based on the defects of cloud storage in the prior art, the invention provides a cloud storage method and system with a quantum encryption function, so that the problem of data encryption storage safety in the existing public cloud service system is solved.
According to an embodiment of the invention, the invention provides a cloud storage method with a quantum encryption function, which is applied to a terminal side of a cloud storage system and a service side of the cloud storage system, wherein the terminal side comprises an APP and a security control based on a local client, and the service side comprises a cloud end system for storing ciphertext data and a quantum security service platform based on a quantum random number generator QRNG.
The cloud storage method comprises the following steps:
the APP sends a request for acquiring initialized first key data to the quantum security service platform, after the first key data is acquired, the security control is called to process the first key data to obtain second key data in a ciphertext form, and the security control returns a processing result of the first key data to the APP;
after receiving an encryption request of data to be encrypted from a first user, the APP calls the security control to encrypt the data to be encrypted according to the second key data to form first ciphertext data, and sends the first ciphertext data to a cloud system for storage, wherein the first ciphertext data comprises an equipment identifier, an application identifier and corresponding ciphertext data of the first user.
As an embodiment of the present invention, before the step of sending, by the APP, a first key data request for initialization to the quantum security service platform, the method further includes:
the quantum security service platform generates corresponding first key data in advance based on device identifications and application identifications of different users.
As an embodiment of the present invention, after the step of sending, by the APP, a first key data request for initialization to the quantum security service platform, the method further includes:
the quantum security service platform receives a first key data request from a first user, extracts an equipment identifier and an application identifier in the request, inquires whether the equipment identifier and the application identifier are registered in the quantum security service platform, and if so, calls out first key data based on the equipment identifier and the application identifier from a database and sends the first key data to the first user; otherwise, calling quantum equipment through a throughput sub-network to generate two groups of 32-bit key components, calling an encryption machine to generate a pair of asymmetric keys, calling the encryption machine and the quantum network to generate initialized first key data of the symmetric and asymmetric keys corresponding to the equipment identifier and the application identifier of the first user, storing the first key data corresponding to the equipment identifier and the application identifier, and simultaneously sending the first key data to the first user.
As an embodiment of the present invention, the cloud storage method further includes, after receiving a data decryption request of an application based on a first user from a second user, acquiring, by a cloud system, first ciphertext data based on an equipment identifier and an application identifier, and sending the data decryption request to the quantum security service platform, so as to acquire transcryption key data corresponding to the second user equipment identifier and the application identifier.
As an embodiment of the present invention, after receiving the first ciphertext data and the encryption key data, the APP invokes the security control to decrypt the first ciphertext data at the local client, and obtains plaintext data after decryption succeeds, and returns error information of decryption failure to the user when decryption fails.
As an embodiment of the present invention, the sending, by the APP, a request for obtaining initialized first key data to the quantum security service platform includes sending, by the APP, the first key data request to the quantum security service platform in an initKey manner.
As an embodiment of the present invention, the cloud storage method further includes that the APP acquires a transCryption key from the quantum security service platform in a transCryption manner, and the APP calls the transCryption key and the first ciphertext data to the security control to perform decryption operation in a decmagata manner, so as to obtain decrypted plaintext data, and returns the decrypted plaintext data to the second user through the APP.
As an embodiment of the present invention, the cloud storage method further includes that the APP calls a security control in a setUSBKeyEncrKeys manner to process the first key data to obtain second key data in a ciphertext form, and the APP calls the security control in an encmagata manner to encrypt the data to be encrypted according to the second key data to form first ciphertext data.
As an embodiment of the present invention, the quantum security service platform generates corresponding first key data in advance based on device identifications and application identifications of different users, including the quantum security service platform generating one or more initialized first key data through a throughput sub-network according to a QRNG system.
According to an embodiment of the present invention, the present invention further provides a cloud storage system with a quantum encryption function, where the system includes a terminal side applied to the cloud storage system and a service side of the cloud storage system, the terminal side includes an APP and a security control based on a local client, the service side includes a cloud system and a quantum security service platform based on a quantum random number generator QRNG, and the APP, the security control and the QRNG system are configured to execute the cloud storage method described above.
According to the technical scheme, compared with the prior art, the cloud storage method and system with the quantum encryption function are provided, the secret key and the ciphertext data are stored separately, so that the cloud storage scheme is safer for a user, and the cloud storage method and system provided by the invention have the beneficial effects that:
(1) providing encryption/decryption services for cloud-stored data
(2) The separation of cloud storage data and a secret key is realized, and the data privacy safety of a client is ensured to the maximum extent
(3) And the quantum random number is used as a key source, so that the randomness of the key is improved.
Drawings
Fig. 1 is a schematic specific flow chart of a cloud storage method with a quantum encryption function disclosed in the present invention;
fig. 2 is a schematic view of a specific process of scene initialization in the cloud storage method disclosed in the present invention;
fig. 3 is a schematic diagram of a key initialization process of the QRNG system disclosed in the present invention;
fig. 4 is a schematic diagram illustrating a specific flow of data encryption in the cloud storage method disclosed in the present invention;
fig. 5 is a schematic view of a specific flow of a data encryption scene in the cloud storage method disclosed by the present invention;
fig. 6 is a schematic diagram illustrating a specific process of data decryption in the cloud storage method disclosed by the present invention;
fig. 7 is a schematic view of a specific flow of a data decryption scenario in the cloud storage method disclosed in the present invention.
Detailed Description
For the convenience of understanding, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a cloud storage method with a quantum encryption function, which is applied to a terminal side of a cloud storage system and a service side of the cloud storage system, wherein the terminal side comprises an APP and a safety control based on a local client, and the service side comprises a cloud system for storing ciphertext data and a quantum safety service platform based on a quantum random number generator QRNG.
As shown in fig. 1, a specific flow of a cloud storage method with a quantum encryption function is shown. For terminal equipment such as a PC, a notebook computer, a mobile phone and the like, the security service and the key management of the business system client are realized by the terminal security equipment such as a TF card, a password module or software and the like. The terminal security equipment is uniformly managed by the quantum application security service platform, initialization setting is carried out, the platform calls QRNG to generate symmetric and asymmetric keys, and information such as the symmetric key, a public and private key pair and the like is distributed to the terminal. Sensitive information such as the key is safely stored in a hardware medium, and the life cycle management of the unified key is carried out by a safety service platform of the server.
In fig. 1, the local client includes APP and the security control that invoke the encryption and decryption process, in the process of carrying out cloud storage, the initial key data that quantum random number generator QRNG system in the quantum security service platform produced is obtained through APP, and invoke to the security control, when data such as file, picture that need send the user encrypt, invoke the security control to carry out encryption processing, generate the encryption ciphertext data and save to cloud system (application server), when needs decrypt, recall the security control and carry out corresponding decryption operation.
In the cloud storage method, an APP sends a request for acquiring initialized first key data to a QRNG (quantum random number generator) system of a quantum security service platform in an initKey mode, after the first key data is acquired, a security control is called in a setUSBKeyEncrykeys mode to process the first key data to obtain second key data in a ciphertext mode, and the security control returns a processing result of the first key data to the APP.
As shown in fig. 2, the APP calls the background system to pass through and call the quantum security platform to obtain initialization key data. After the APP obtains the key data, the safety control is called, the obtained key data are led into the control, after the safety control internally processes the key data, the key is stored in an internal file in a ciphertext mode, and the safety control returns an initialization result to the APP of the local client side, so that the initialization process is completed. Before using the data encryption function, a user needs to call a background system by the APP terminal, and the background system calls the security platform to acquire initialized key data and import the initialized key data into the security control. The initialization mode of initKey is shown in fig. 3.
In the scheme of the invention, a quantum random number generator QRNG system of the quantum security service platform is used, one or more initialized key data are generated through a quantum network, the generated initialized key data are matched with the equipment identification and the application identification of a user, for example, multiple application identifications possibly exist under the same equipment identification, when the storage is carried out, the multiple application identifications under one equipment identification can correspondingly store corresponding quantum keys, and the quantum keys are stored in the quantum security service platform.
As shown in fig. 4, after receiving an encryption request of data to be encrypted from a first user, the APP calls an encryption interface of the security control in an encmagata manner to encrypt the data to be encrypted according to the second key data to form first ciphertext data, where the data to be encrypted may be image data or other file data, and sends the first ciphertext data to the cloud system for storage, where the first ciphertext data includes a device identifier, an application identifier, and corresponding ciphertext data of the first user. The specific encryption process of the security control is shown in fig. 5.
As shown in fig. 6, after receiving a data decryption request from a second user, the APP obtains a transCryption key from the QRNG system through a transCryption mode, and obtains the first ciphertext data from the cloud system, where the second user may be the same user as the first user or may be another user, and to show the technical solution of the present invention, where the user a uploads encrypted image data, the user B needs to check an image uploaded by the user a, the APP calls the background system, uploads the unique identifier of the user a, the unique identifier of the user B, and arrives at the security platform, and obtains the transCryption key needed by the user B for decryption, and the APP obtains ciphertext data obtained after the image is encrypted from the cloud system. And calling the security control, and transmitting the encryption key and the ciphertext data into the control.
In the invention, the APP calls the encryption key and the first ciphertext data to the security control to perform decryption operation in a decMaData mode to obtain decrypted plaintext data, and the decrypted plaintext data is returned to a second user through the APP. The decryption process of the security control is shown in fig. 7.
According to an embodiment of the present invention, the present invention further provides a cloud storage system with a quantum encryption function, where the system includes a terminal side applied to the cloud storage system and a service side of the cloud storage system, the terminal side includes an APP and a security control based on a local client, the service side includes a cloud system for storing ciphertext data and a quantum security service platform based on a quantum random number generator, and the APP, the security control and the QRNG system are used to execute the cloud storage method.
It will be evident to those skilled in the art that the embodiments of the present invention are not limited to the details of the foregoing illustrative embodiments, and that the embodiments of the present invention are capable of being embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the embodiments being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. Several units, modules or means recited in the system, apparatus or terminal claims may also be implemented by one and the same unit, module or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention and not for limiting, and although the embodiments of the present invention are described in detail with reference to the above preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the embodiments of the present invention without departing from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1.一种具备量子加密功能的云存储方法,其特征在于,应用于云存储系统的终端侧以及云存储系统的服务侧,所述终端侧包括一个基于本地客户端的APP以及安全控件,所述服务侧包括一个存储密文数据的云端系统以及一个基于量子随机数发生器QRNG的量子安全服务平台,所述方法包括:1. a cloud storage method with quantum encryption function, it is characterized in that, be applied to the terminal side of cloud storage system and the service side of cloud storage system, described terminal side comprises an APP and security control based on local client, described The service side includes a cloud system for storing ciphertext data and a quantum security service platform based on a quantum random number generator QRNG, and the method includes: 所述APP向所述量子安全服务平台发送获取初始化的第一密钥数据请求,在获取到所述第一密钥数据后,调用所述安全控件对所述第一密钥数据进行处理后得到密文形式的第二密钥数据,所述安全控件向所述APP返回对所述第一密钥数据的处理结果;The APP sends a request for obtaining the initialized first key data to the quantum security service platform, and after obtaining the first key data, calls the security control to process the first key data and obtains The second key data in cipher text, the security control returns the processing result of the first key data to the APP; 所述APP接收到来自第一用户的待加密数据的加密请求后,调用所述安全控件以根据所述第二密钥数据对所述待加密数据进行加密以形成第一密文数据,并将所述第一密文数据发送至云端系统进行保存,其中所述第一密文数据包括第一用户的设备标识、应用标识以及对应的密文数据。After receiving the encryption request of the data to be encrypted from the first user, the APP calls the security control to encrypt the data to be encrypted according to the second key data to form the first ciphertext data, and The first ciphertext data is sent to the cloud system for storage, wherein the first ciphertext data includes the device identifier of the first user, the application identifier and the corresponding ciphertext data. 2.根据权利要求1所述的云存储方法,其特征在于,在所述APP向所述量子安全服务平台发送获取初始化的第一密钥数据请求步骤之前,还包括:2. The cloud storage method according to claim 1, wherein before the APP sends the request step of obtaining the initialized first key data to the quantum security service platform, further comprising: 所述量子安全服务平台预先基于不同用户的设备标识以及应用标识产生相对应的第一密钥数据。The quantum security service platform generates corresponding first key data in advance based on the device identifiers and application identifiers of different users. 3.根据权利要求2所述的云存储方法,其特征在于,在所述APP向所述量子安全服务平台发送获取初始化的第一密钥数据请求步骤之后,还包括:3. The cloud storage method according to claim 2, wherein after the APP sends the request step of obtaining the initialized first key data to the quantum security service platform, further comprising: 所述量子安全服务平台接收来自第一用户的第一密钥数据请求,提取该请求中的设备标识和应用标识,并查询所述设备标识和应用标识是否已经在量子安全服务平台中注册,若已经注册,所述量子安全服务平台从数据库中调取出基于该设备标识和应用标识的第一密钥数据并发送至第一用户;否则,通过量子网络调用量子设备产生两组32位密钥分量,调用加密机产生一对非对称密钥,调用加密机以及量子网络产生与所述第一用户的设备标识以及应用标识对应的对称及非对称密钥的初始化的第一密钥数据,存储基于设备标识以及应用标识对应的第一密钥数据,同时将第一密钥数据发送至第一用户。The quantum security service platform receives the first key data request from the first user, extracts the device identification and application identification in the request, and inquires whether the device identification and application identification have been registered in the quantum security service platform, if If it has been registered, the quantum security service platform retrieves the first key data based on the device ID and application ID from the database and sends it to the first user; otherwise, the quantum device is called through the quantum network to generate two sets of 32-bit keys component, call the encryption machine to generate a pair of asymmetric keys, call the encryption machine and the quantum network to generate the initialized first key data of the symmetric and asymmetric keys corresponding to the device identification and application identification of the first user, and store Based on the first key data corresponding to the device identifier and the application identifier, the first key data is simultaneously sent to the first user. 4.根据权利要求1所述的云存储方法,其特征在于,所述云存储方法还包括,所述APP接收到来自第二用户的基于第一用户的一应用的数据解密请求后,通过云端系统获取基于设备标识以及应用标识的第一密文数据,并且,将所述数据解密请求发送至所述量子安全服务平台,以获取基于第一用户或第二用户设备标识、应用标识对应的转加密密钥数据。4. The cloud storage method according to claim 1, wherein the cloud storage method further comprises: after the APP receives a data decryption request from a second user based on an application of the first user, The system obtains the first ciphertext data based on the device identification and the application identification, and sends the data decryption request to the quantum security service platform to obtain the corresponding transfer data based on the first user or second user device identification and the application identification. Encryption key data. 5.根据权利要求4所述的云存储方法,其特征在于,所述APP接收到所述第一密文数据以及转加密密钥数据后,调用安全控件在本地客户端对所述第一密文数据进行解密,解密成功后获取明文数据,解密失败则向用户返回解密失败的错误信息。5. The cloud storage method according to claim 4, wherein after receiving the first ciphertext data and the transfer encryption key data, the APP invokes a security control on the local client to perform the first ciphertext data on the first ciphertext. If the decryption is successful, the plaintext data will be obtained. If the decryption fails, the decryption failure error message will be returned to the user. 6.根据权利要求3所述的云存储方法,其特征在于,所述APP向所述量子安全服务平台发送获取初始化的第一密钥数据请求,包括,所述APP通过initKey方式向所述量子安全服务平台发送所述第一密钥数据请求。6. The cloud storage method according to claim 3, wherein the APP sends a request for obtaining the initialized first key data to the quantum security service platform, comprising: The security service platform sends the first key data request. 7.根据权利要求5所述的云存储方法,其特征在于,所述云存储方法还包括,APP通过transCryption方式向所述量子量子安全服务平台获取转加密密钥,且,所述APP通过decMegaData方式将所述转加密密钥以及第一密文数据调用至所述安全控件进行解密运算,得到解密后的明文数据,并将所述解密后的明文数据通过所述APP返回给第二用户。7. The cloud storage method according to claim 5, wherein the cloud storage method further comprises that the APP obtains a trans-encryption key from the quantum quantum security service platform through a transCryption method, and the APP obtains a trans-encryption key through decMegaData In this way, the transfer encryption key and the first ciphertext data are called to the security control for decryption operation, the decrypted plaintext data is obtained, and the decrypted plaintext data is returned to the second user through the APP. 8.根据权利要求1所述的云存储方法,其特征在于,所述云存储方法还包括,所述APP通过setUSBKeyEncrKeys方式调用安全控件对所述第一密钥数据进行处理后得到密文形式的第二密钥数据,以及,所述APP通过encMegaData方式调用安全控件以根据所述第二密钥数据对所述待加密数据进行加密以形成第一密文数据。8 . The cloud storage method according to claim 1 , wherein the cloud storage method further comprises: the APP invokes a security control in a setUSBKeyEncrKeys mode to process the first key data to obtain a ciphertext form. 9 . The second key data, and the APP invokes the security control through encMegaData to encrypt the to-be-encrypted data according to the second key data to form first ciphertext data. 9.根据权利要求2所述的云存储方法,其特征在于,所述量子安全服务平台预先基于不同用户的设备标识以及应用标识产生相对应的第一密钥数据,包括,所述量子安全服务平台根据QRNG系统通过量子网络产生一个或多个初始化的第一密钥数据。9 . The cloud storage method according to claim 2 , wherein the quantum security service platform generates corresponding first key data in advance based on the device identifiers and application identifiers of different users, including the quantum security service. 10 . The platform generates one or more initialized first key data through the quantum network according to the QRNG system. 10.一种具备量子加密功能的云存储系统,其特征在于,所述系统包括应用于云存储系统的终端侧以及云存储系统的服务侧,所述终端侧包括一个基于本地客户端的APP以及安全控件,所述服务侧包括一个云端系统以及一个基于量子随机数发生器QRNG的量子安全服务平台的,所述APP、所述安全控件以及所述QRNG系统用于执行权利要求1至9任一项所述的云存储方法。10. A cloud storage system with quantum encryption function, characterized in that the system includes a terminal side applied to the cloud storage system and a service side of the cloud storage system, the terminal side includes a local client-based APP and a security The control, the service side includes a cloud system and a quantum security service platform based on a quantum random number generator QRNG, and the APP, the security control and the QRNG system are used to execute any one of claims 1 to 9 The cloud storage method.
CN202011251970.0A 2020-11-11 2020-11-11 Cloud storage method and system with quantum encryption function Active CN112436936B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011251970.0A CN112436936B (en) 2020-11-11 2020-11-11 Cloud storage method and system with quantum encryption function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011251970.0A CN112436936B (en) 2020-11-11 2020-11-11 Cloud storage method and system with quantum encryption function

Publications (2)

Publication Number Publication Date
CN112436936A true CN112436936A (en) 2021-03-02
CN112436936B CN112436936B (en) 2022-11-01

Family

ID=74700832

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011251970.0A Active CN112436936B (en) 2020-11-11 2020-11-11 Cloud storage method and system with quantum encryption function

Country Status (1)

Country Link
CN (1) CN112436936B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115113821A (en) * 2022-07-07 2022-09-27 北京算讯科技有限公司 5G big data computing power service system based on quantum encryption
CN117010001A (en) * 2023-09-28 2023-11-07 之江实验室 Data security service method and device and cloud storage system
CN117318942A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016177332A1 (en) * 2015-05-05 2016-11-10 科大国盾量子技术股份有限公司 Cloud storage method and system
CN106685919A (en) * 2016-11-19 2017-05-17 徐州医科大学 A secure cloud storage method with a passive dynamic key distribution mechanism
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Attribute-based searchable encrypted electronic medical record system and encryption method
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN108985099A (en) * 2018-07-31 2018-12-11 如般量子科技有限公司 It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109714155A (en) * 2019-03-13 2019-05-03 北京信息科技大学 One kind being based on the collaborative editing system right management method of quantum key distribution (QKD) network
CN111818032A (en) * 2020-06-30 2020-10-23 腾讯科技(深圳)有限公司 Data processing method and device based on cloud platform and computer program

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016177332A1 (en) * 2015-05-05 2016-11-10 科大国盾量子技术股份有限公司 Cloud storage method and system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN106685919A (en) * 2016-11-19 2017-05-17 徐州医科大学 A secure cloud storage method with a passive dynamic key distribution mechanism
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Attribute-based searchable encrypted electronic medical record system and encryption method
CN108985099A (en) * 2018-07-31 2018-12-11 如般量子科技有限公司 It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109714155A (en) * 2019-03-13 2019-05-03 北京信息科技大学 One kind being based on the collaborative editing system right management method of quantum key distribution (QKD) network
CN111818032A (en) * 2020-06-30 2020-10-23 腾讯科技(深圳)有限公司 Data processing method and device based on cloud platform and computer program

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115113821A (en) * 2022-07-07 2022-09-27 北京算讯科技有限公司 5G big data computing power service system based on quantum encryption
CN117010001A (en) * 2023-09-28 2023-11-07 之江实验室 Data security service method and device and cloud storage system
CN117010001B (en) * 2023-09-28 2024-03-01 之江实验室 Data security service method and device and cloud storage system
CN117318942A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology
CN117318942B (en) * 2023-11-29 2024-02-13 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology

Also Published As

Publication number Publication date
CN112436936B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
US10880732B2 (en) Authentication of phone caller identity
KR101438243B1 (en) SIM based authentication method
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN107197037B (en) A kind of data access method and system with audit function based on Cloud Server
CN103906052B (en) A kind of mobile terminal authentication method, Operational Visit method and apparatus
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
CN103020504B (en) Based on picture management system and the picture management method of finger print identifying
WO2019178942A1 (en) Method and system for performing ssl handshake
CN113992346B (en) Implementation method of security cloud desktop based on national security reinforcement
CN112436936A (en) Cloud storage method and system with quantum encryption function
CN115473655B (en) Terminal authentication method, device and storage medium for access network
TW200818834A (en) Secured communication channel between it administrators using network management software as the basis to manage networks
FR3028979A1 (en) METHOD FOR CONTROLLING ACCESS TO A SYSTEM FOR PRODUCING A COMPUTER SYSTEM NOT CONNECTED WITH AN INFORMATION SYSTEM OF THE COMPUTER SYSTEM
CN114362931A (en) Internet of things equipment registration and security authentication connection and instruction interaction method
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN114390524A (en) Method and device for realizing one-key login service
CN107196918B (en) Data matching method and device
CN113468584A (en) Information management method and device, electronic equipment and storage medium
CN109120576A (en) Data sharing method and device, computer equipment and storage medium
CN111698203A (en) Cloud data encryption method
CN114866317B (en) Multi-party data security computing method, device, electronic equipment and storage medium
CN113194069A (en) Communication tracing method, communication tracing device and medium based on block chain
CN112769783A (en) Data transmission method, cloud server, receiving end and sending end
CN113452513A (en) Key distribution method, device and system
CN104683977A (en) Management method and management device of service data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20250113

Address after: Room 501, Building 1, No. 5 Xiankun Road, Jianye District, Nanjing City, Jiangsu Province, 210000

Patentee after: Nanjing Zhongke Qixin Technology Co.,Ltd.

Country or region after: China

Address before: Room 106-107, building 1, multi function voice industry center, 616 Huangshan Road, high tech Zone, Hefei, Anhui 230000

Patentee before: Anhui liangantong Information Technology Co.,Ltd.

Country or region before: China