CN113242238B - Secure communication method, device and system - Google Patents

Secure communication method, device and system Download PDF

Info

Publication number
CN113242238B
CN113242238B CN202110505116.0A CN202110505116A CN113242238B CN 113242238 B CN113242238 B CN 113242238B CN 202110505116 A CN202110505116 A CN 202110505116A CN 113242238 B CN113242238 B CN 113242238B
Authority
CN
China
Prior art keywords
client
proxy server
key
random number
login information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110505116.0A
Other languages
Chinese (zh)
Other versions
CN113242238A (en
Inventor
罗霁
刘洋
陈必仙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110505116.0A priority Critical patent/CN113242238B/en
Publication of CN113242238A publication Critical patent/CN113242238A/en
Application granted granted Critical
Publication of CN113242238B publication Critical patent/CN113242238B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

The invention provides a secure communication method, a device and a system, wherein the method comprises the following steps: when needing to log in the internal network system of the bank, obtain users and log in the information and send the handshake information to the proxy server; the proxy server returns the VPN identity, and the client generates a client random number after receiving the identity. Acquiring a quantum key and a key bill stored in a U shield; generating an encrypted random number based on the quantum key and the client random number; and sending the encrypted random number and the key bill to the proxy server. The proxy server acquires the quantum key according to the key bill, decrypts the encrypted random number, and returns a handshake authentication success message if decryption is successful; the client sends user login information to the bank intranet system; the bank intranet system carries out identity authentication according to the user login information; and if the authentication is passed, sending an identity authentication success message to the client, and logging in the intranet system of the bank by the client. By applying the method, the safety of logging in the internal network system of the bank can be ensured.

Description

Secure communication method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a secure communication method, apparatus, and system.
Background
With the rapid development of computer network technology, the security guarantee of network information directly affects the privacy and property security of users. In the financial industry, when operation and maintenance personnel need to perform VPN remote login on a bank intranet system for remote operation and maintenance control, an application client needs to reach a firewall of the bank intranet system through the internet to access the bank intranet system.
Because the operation and maintenance personnel in the prior art use VPN remote login, when remote operation and maintenance are needed, the permission of accessing the intranet system is only temporarily opened in emergency. Even if operation and maintenance operations are performed in the process of opening the access intranet system permission, the client side has a monitored risk in the login and operation processes, and the safety in the communication process cannot be guaranteed.
Disclosure of Invention
In view of this, the present invention provides a secure communication method, which can ensure that a user can be effectively authenticated when the user needs to access an intranet system of a bank.
A secure communication method, comprising:
when a user needs to log in a bank intranet system, user login information which is registered by the user and used for logging in the bank intranet system is obtained, and a handshake message is sent to a preset proxy server;
when receiving a VPN identity fed back by the proxy server based on the handshake message, generating a client random number for performing handshake authentication with the proxy server;
acquiring a quantum key and a key bill stored in a connected U shield, and generating an encrypted random number based on the client random number and the quantum key;
sending the encrypted random number and the key bill to the proxy server, and triggering the proxy server to perform handshake authentication on the client based on the encrypted random number and the key bill;
when a handshake authentication success message sent by the proxy server is received, the user login information is sent to the bank intranet system through the proxy server, and the remote server is triggered to perform identity authentication on the user;
and logging in the remote server when receiving the identity authentication success message fed back by the bank intranet system through the proxy server.
Optionally, the method for generating an encrypted random number based on the client random number and the quantum key includes:
performing abstract calculation on the client random number by using a preset abstract algorithm to obtain an abstract random number;
and encrypting the digest random number by applying the quantum key to obtain an encrypted random number.
Optionally, in the method, the sending the user login information to the bank intranet system through the proxy server includes:
constructing a connection channel between the client and the proxy server;
and sending the user login information to the proxy server through the connection channel, so that the proxy server forwards the user login information to the intranet system.
The above method, optionally, further includes:
encrypting the user login information by applying the quantum key to obtain encrypted user login information;
and sending the encrypted user login information to the proxy server through the connection channel.
A secure communication apparatus, the apparatus being applied to a client, the apparatus comprising:
the system comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for acquiring user login information which is registered by a user and used for logging in a bank intranet system when the user needs to log in the bank intranet system, and sending a handshake message to a preset proxy server;
the first generating unit is used for generating a client random number for performing handshake authentication with the proxy server when receiving a VPN identity fed back by the proxy server based on the handshake message;
the second generation unit is used for acquiring a quantum key and a key bill stored in the connected U shield and generating an encrypted random number based on the client random number and the quantum key;
the second sending unit is used for sending the encrypted random number and the key bill to the proxy server and triggering the proxy server to perform handshake authentication on the client based on the encrypted random number and the key bill;
a third sending unit, configured to send, via the proxy server, the user login information to the intranet system of the bank when receiving a handshake authentication success message sent by the proxy server, and trigger the remote server to perform identity authentication on the user;
and the login unit is used for logging in the remote server when receiving the identity authentication success message fed back by the bank intranet system through the proxy server.
A secure communication method, the method being applied to a proxy server, the method comprising:
when a handshake message of a client side is received, sending a stored VPN identity to the client side; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
when receiving an encrypted random number and a key bill which are sent by the client after receiving the VPN identity, acquiring a quantum key corresponding to the key bill;
the quantum key is applied to decrypt the encrypted random number and judge whether decryption is successful;
if the decryption is successful, sending a handshake authentication success message to the client;
when user login information used for logging in a bank intranet system and sent by the client is received, the user login information is sent to the bank intranet system, and when an identity authentication success message sent by the bank intranet system is received, the identity authentication success message is forwarded to the client, so that a communication process with the client is completed.
Optionally, the obtaining the quantum key corresponding to the key ticket includes:
sending the key request carrying the key bill to a preset quantum key service center;
and when receiving bill information fed back by the key request based on the quantum key service center, acquiring a quantum key corresponding to the key bill contained in the bill information.
Optionally, in the method, the sending the user login information to the bank intranet system includes:
checking whether the user login information is encrypted;
if the user login information is encrypted, the quantum key is applied to decrypt the user login information to obtain decrypted user login information;
and sending the decrypted user login information to the intranet system based on a preset Radius protocol.
A secure communication apparatus, the apparatus being applied to a proxy server, the apparatus comprising:
a fourth sending unit, configured to send the stored VPN identity to the client when receiving a handshake message of the client; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
the acquiring unit is used for acquiring a quantum key corresponding to a key bill when receiving an encrypted random number and the key bill which are sent by the client after the client receives the VPN identity;
the decryption unit is used for decrypting the encrypted random number by applying the quantum key and judging whether decryption is successful or not;
a fifth sending unit, configured to send a handshake authentication success message to the client if decryption is successful;
and the forwarding unit is used for sending the user login information to the internal network system of the bank when receiving the user login information which is sent by the client and used for logging in the internal network system of the bank, and forwarding the identity authentication success information to the client when receiving the identity authentication success information sent by the internal network system of the bank, so as to complete the communication process with the client.
A secure communication system, comprising:
the system comprises a client, a proxy server, a U shield, a bank intranet system and a quantum key service center;
the client is used for communicating with the proxy server when a user needs to log in the bank intranet system and executing the safety communication method applied to the client;
the proxy server is used for carrying out safe communication with the client side when the user needs to log in the bank intranet system through the client side, and executing the safe communication method applied to the proxy server;
the U shield is used for storing a quantum key and a key bill corresponding to the quantum key and providing the quantum key and the bill corresponding to the quantum key to the client when the client and the proxy server are in safe communication;
the bank intranet system is used for receiving user login information sent by the client through the proxy server and authenticating the identity of the user based on the user login information; after the identity authentication of the user is passed, sending an identity authentication success message to the client through the proxy server;
the quantum key service center is used for receiving a key request sent by the proxy server and analyzing the key request to obtain a key bill; and acquiring a quantum key corresponding to the key bill, embedding the quantum key into bill information and sending the bill information to the proxy server.
Compared with the prior art, the invention has the following advantages:
the invention provides a secure communication method, which comprises the following steps: when needing to log in a bank intranet system, acquiring user login information and sending handshake information to a proxy server; the proxy server returns a VPN identity according to the handshake message, and the client generates a client random number after receiving the identity to acquire a quantum key and a key bill stored in the U shield; generating an encrypted random number based on the quantum key and the client random number; and sending the encrypted random number and the key bill to the proxy server. The proxy server obtains the quantum key according to the key bill to decrypt the encrypted random number, and if the decryption is successful, a handshake authentication success message is returned; after receiving the message, the client sends user login information to the bank intranet system through the proxy server; the bank intranet system carries out identity authentication according to the user login information; and the authentication is realized by sending an identity authentication success message to the client through the proxy server, and the client logs in the intranet system according to the identity authentication success message. The method provided by the invention can ensure the safety of logging in the internal network system of the bank.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method of secure communication according to an embodiment of the present invention;
fig. 2 is a device structure diagram of a secure communication device according to an embodiment of the present invention;
fig. 3 is a flowchart of another method of a secure communication method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a secure communication method according to an embodiment of the present invention;
fig. 5 is a diagram illustrating a structure of another device of a secure communication device according to an embodiment of the present invention;
fig. 6 is a system structural diagram of a secure communication system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions, and the terms "comprises", "comprising", or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.
In one aspect, an embodiment of the present invention provides a secure communication method, where the method may be applied to a client, and a flowchart of the method is shown in fig. 1, where the method specifically includes:
s101: when a user needs to log in a bank intranet system, user login information which is registered by the user and used for logging in the bank intranet system is obtained, and a handshake message is sent to a preset proxy server.
In the embodiment of the invention, the client is actually an SSL VPN client. The user login information comprises an account number, a password and the like of the user for logging in the internal network system of the bank, the user submits a remote operation and maintenance application before logging in the internal network system of the bank, and the account number and the password of the remote login internal network system of the bank are obtained through the application. The proxy server is actually an SSL VPN server.
S102: and when receiving the VPN identity fed back by the proxy server based on the handshake message, generating a client random number for performing handshake authentication with the proxy server.
In the embodiment of the invention, the VPN identity is quantum key application equipment QKUD ID which is used for indicating the identity of the proxy server in a quantum authentication system, and the client generates a client random number after determining the identity of the proxy server and communicates with the proxy server through the random number.
S103: and acquiring a quantum key and a key bill stored in the connected U shield, and generating an encrypted random number based on the client random number and the quantum key.
In the embodiment of the present invention, the U-shield may be a U-shield or a mobile hard disk. Before a user needs to log in a bank intranet system, the user logs in a preset quantum key filling machine, and fills a quantum key and a key bill into the U shield through the quantum key filling machine.
In the process of key charging, the quantum key charging machine is connected with a quantum key service center through a quantum channel to obtain a quantum key generated by the quantum key service center in real time. And encrypting the client random number generated by the client through the quantum key to obtain the encrypted random number. If the encrypted random number is tampered in the transmission process, the server cannot decrypt the encrypted random number.
It should be noted that the quantum key is a symmetric key, and the encryption key and the decryption key are the same key.
S104: and sending the encrypted random number and the key bill to the proxy server, and triggering the proxy server to perform handshake authentication on the client based on the encrypted random number and the key bill.
In the embodiment of the present invention, the key ticket is the key identification information of the quantum key, and the proxy server may determine the quantum key used by the encrypted random number through the key ticket, and decrypt the encrypted random number through the quantum key. And when the proxy server successfully decrypts the encrypted random number, the proxy server is successfully handshake with the client, and the proxy server sends a handshake authentication success message to the client.
S105: and when receiving a handshake authentication success message sent by the proxy server, sending the user login information to the bank intranet system through the proxy server, and triggering the remote server to perform identity authentication on the user.
In the embodiment of the invention, when the client receives the handshake authentication success message, the bank intranet system needs to further authenticate the user information, so that the user login information can be sent to the bank intranet system through the proxy server.
S106: and logging in the remote server when receiving an identity authentication success message fed back by the bank intranet system through the proxy server.
In the embodiment of the invention, after the intranet system successfully verifies the information such as the account number, the password and the like in the user login information, the identity authentication success information is fed back through the proxy server, and the client side directly accesses the intranet system according to the identity authentication success information.
In the secure communication method provided by the embodiment of the invention, when a user needs to remotely log in a bank intranet system through a client, user login information registered by the user in the bank intranet system is obtained, and a handshake message is sent to a proxy server. And when receiving the VPN identity identifier sent by the proxy server, determining the VPN identity identified by the proxy server in the quantum authentication system, generating a client random number, and starting handshake authentication with the proxy server. When a user logs in a client, the U shield is inserted into the client, and when handshake authentication is required, the client reads a quantum key stored in the U shield and a key bill of the quantum key, wherein the key bill is an index of the quantum key. And the random encryption of the client is realized through the quantum key, and a secret random number is obtained. And sending the encrypted random number and the key bill to a proxy server, obtaining a quantum key by the proxy server through the key bill index, decrypting the encrypted random number through the quantum key, and sending a handshake authentication success message to the client by the proxy server. After finishing the successful handshake authentication message, the client sends user login information to the intranet system through the proxy server, and the intranet system further authenticates the identity of the user. And when the bank intranet system is successfully authenticated, the user can access the bank intranet system through the client.
Based on the method provided by the embodiment, the method can be applied to an implementation scene that a computer requests to log in a bank intranet system, and specifically comprises the following steps: when a user needs to log in an intranet system of a bank through a computer, a U shield is inserted into the computer, and the U shield fills a quantum key and a key bill corresponding to the quantum key in a quantum key filling machine. The user inputs user login information such as an account and a password for logging in the intranet system on the computer, the computer determines that the user needs to log in the intranet system according to the user request, acquires the user login information input by the user, and sends a handshake message to the SSL VPN server. The SSL VPN server feeds back to the computer a QKUD ID that identifies the VPN identity of the SSL VPN server in the quantum system. After receiving the QKUD, the client generates a random number, connects a U shield inserted into the calculation by a user, acquires a quantum key and a key bill from the U shield, encrypts the random number by using the quantum key, and sends the encrypted random number and the key bill to the SSL VPN server. The SSL VPN server uses the key bill as the index of the quantum key bill to acquire the quantum key to decrypt the encrypted random number, and sends a handshake authentication success message to the computer after the decryption is successful; after receiving the handshake authentication success message, the computer sends user login information to the SSL VPN server, the SSL VPN server sends the user login information to the internal network system of the bank, the internal network system of the bank authenticates the identity of the user according to the user login information, and after the authentication is successful, the user can log in the internal network system of the bank through the computer.
By applying the method provided by the embodiment of the invention, the safety communication is carried out between the accessed bank intranet system and the proxy server in advance based on the quantum key, and then the bank intranet system carries out further identity authentication so as to further ensure the safety of logging in the bank intranet system.
In the method provided in the embodiment of the present invention, based on the content of S103, the generating an encrypted random number based on the client random number and the quantum key may specifically include:
performing abstract calculation on the client random number by using a preset abstract algorithm to obtain an abstract random number;
and encrypting the digest random number by applying the quantum key to obtain an encrypted random number.
In the secure communication method provided by the embodiment of the present invention, the digest algorithm may be SM3, the client random number is converted into data with a fixed length by using the digest algorithm, the converted client random number is a digest random number, and the digest random number is encrypted by using a quantum key to obtain an encrypted random number.
It can be understood that after the client digests and encrypts the client random number, the proxy server obtains the quantum key through the key ticket to decrypt the encrypted random number, and obtains the digest random number, and applies the inverse digest algorithm to obtain the client random number. The proxy server can perform the verification of the subsequent communication with the client through the client random number.
By applying the method provided by the embodiment of the invention, the message digest and encryption are carried out on the client random number through the digest algorithm and the quantum key, so that the safety of the client random number in transmission is ensured.
In the method provided in the embodiment of the present invention, based on the content of S105, the sending, by the proxy server, the user login information to the intranet system may specifically include:
constructing a connection channel between the client and the proxy server;
and sending the user login information to the proxy server through the connection channel, so that the proxy server forwards the user login information to the intranet system.
In the embodiment of the invention, after handshake authentication between the client and the proxy server is realized, the secure communication between the client and the proxy server is determined, a connection channel between the client and the proxy server is established, and the user login information can be safely transmitted to the proxy server through the connection.
In the method provided in the embodiment of the present invention, after connecting the channel, the process of sending the user login information to the proxy server via the connection channel may further include:
encrypting the user login information by applying the quantum key to obtain encrypted user login information;
and sending the encrypted user login information to the proxy server through the connection channel.
It can be understood that, after the handshake authentication between the client and the proxy server is successful, the quantum key may be used as a key predetermined in the current communication process between the client and the proxy server, and during communication, the client may encrypt information that needs to be transmitted to the proxy server using the quantum key. Therefore, when the user login information needs to be sent to the internal bank network system through the proxy server, the user login information can be encrypted and then sent, and after the encrypted user login information is received by the proxy server, the user login information is decrypted by applying the quantum key and then sent to the internal bank network system.
The specific implementation procedures and derivatives thereof of the above embodiments are within the scope of the present invention.
Corresponding to the method described in fig. 1, an embodiment of the present invention further provides a secure communication apparatus, which is used for implementing the method in fig. 1 specifically, where the secure communication apparatus provided in the embodiment of the present invention is applied to a client, and a schematic structural diagram of the secure communication apparatus is shown in fig. 2, and specifically includes:
a first sending unit 201, configured to, when a user needs to log in a bank intranet system, obtain user login information that the user has registered for logging in the bank intranet system, and send a handshake message to a preset proxy server;
a first generating unit 202, configured to generate a client random number for performing handshake authentication with the proxy server when receiving a VPN identity fed back by the proxy server based on the handshake message;
a second generating unit 203, configured to obtain a quantum key and a key ticket stored in a connected U shield, and generate an encrypted random number based on the client random number and the quantum key;
a second sending unit 204, configured to send the encrypted random number and the key ticket to the proxy server, and trigger the proxy server to perform handshake authentication on the client based on the encrypted random number and the key ticket;
a third sending unit 205, configured to send, when receiving a handshake authentication success message sent by the proxy server, the user login information to the bank intranet system through the proxy server, and trigger the remote server to perform identity authentication on the user;
a login unit 206, configured to log in the remote server when receiving an identity authentication success message fed back by the intranet system via the proxy server.
In the secure communication device provided by the embodiment of the invention, when a user needs to remotely log in a bank intranet system through a client, the user login information registered by the user in the bank intranet system is acquired, and a handshake message is sent to the proxy server. And when receiving the VPN identity identifier sent by the proxy server, determining the VPN identity identified by the proxy server in the quantum authentication system, generating a client random number, and starting handshake authentication with the proxy server. When a user logs in a client, the U shield is inserted into the client, and when handshake authentication is required, the client reads a quantum key stored in the U shield and a key bill of the quantum key, wherein the key bill is an index of the quantum key. And the random encryption of the client is realized through the quantum key, and a secret random number is obtained. And sending the encrypted random number and the key bill to a proxy server, obtaining a quantum key by the proxy server through the key bill index, decrypting the encrypted random number through the quantum key, and sending a handshake authentication success message to the client by the proxy server. After finishing the successful message of handshake authentication, the client sends user login information to the intranet system through the proxy server, and the intranet system performs further identity authentication on the user. And when the bank intranet system is successfully authenticated, the user can access the bank intranet system through the client.
By applying the device provided by the embodiment of the invention, the security communication is carried out between the accessed bank intranet system and the proxy server in advance based on the quantum key, and then the bank intranet system carries out further identity authentication so as to further ensure the security of logging in the bank intranet system.
In another aspect, an embodiment of the present invention provides a secure communication method, where the method may be applied in a proxy server, and a flowchart of the method is shown in fig. 3, where the method specifically includes:
s301: when a handshake message of a client side is received, the stored VPN identification is sent to the client side.
And the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system.
In the embodiment of the present invention, corresponding to S101 above, when the client needs to log in the intranet system of the bank, the client sends a handshake message to the proxy server, and after receiving the handshake message, the proxy server sends a VPN identity to the client, so as to mark the identity of the proxy server to the client.
S302: and when receiving the encrypted random number and the key bill which are sent by the client after receiving the VPN identity, acquiring the quantum key corresponding to the key bill.
In the embodiment of the invention, after receiving the VPN identity, the client generates a client random number, encrypts the random number and sends the encrypted random number and the key bill to the proxy server. And after receiving the key bill and the encrypted random number, the proxy server takes the key bill as an index to acquire a quantum key for decrypting the encrypted random number.
S303: and decrypting the encrypted random number by applying the quantum key and judging whether decryption is successful or not.
In the embodiment of the invention, the quantum key obtained by the proxy server is used for encrypting the encrypted random number, and if the encrypted random number can be decrypted successfully, the encrypted random number is represented to be not tampered in the sending process; otherwise, the encrypted random number is proved to be possibly tampered in the transmission process.
S304: and if the decryption is successful, sending a handshake authentication success message to the client.
In the embodiment of the invention, if the decryption is successful, the secure communication between the client and the proxy server can be represented.
S305: when user login information used for logging in a bank intranet system and sent by the client is received, the user login information is sent to the bank intranet system, and when an identity authentication success message sent by the bank intranet system is received, the identity authentication success message is forwarded to the client, so that a communication process with the client is completed.
In the embodiment of the invention, after the client and the proxy server can be ensured to be in safe communication, the proxy server receives the user login information sent by the client so as to ensure the safety of the user login information in the transmission process, and then the proxy server forwards the user login information to the internal bank network system, and after the internal bank network system successfully performs identity authentication on the user according to the user login information, the proxy server forwards the successful identity authentication information to the client.
It can be understood that, in the process of communication between the client and the proxy server, the client needs to perform handshake authentication first, the client sends handshake authentication to the proxy server, and the proxy server responds to the handshake authentication message and feeds back the identity identifier thereof, so that the client confirms the identity of the proxy server, generates an encrypted random number, and sends the encrypted random number and the key bill to the proxy server. The proxy server obtains the quantum key for decrypting the encrypted random number by using the key bill as an index. And verifying whether the quantum key can decrypt the encrypted random number, if so, representing that the client and the proxy server can carry out safe communication, and feeding back a handshake authentication success message to the client by the proxy server so that the client sends user login information to the proxy server for secondary authentication. The proxy server forwards the user login information to the bank intranet system, the bank intranet system performs identity authentication on the user of the client, if the authentication is successful, the proxy server sends an identity authentication success message sent by the bank intranet system to the client, and the identity authentication success message represents that the authentication for the second time is successful. The client can directly log in the internal network system of the bank to execute operation and maintenance operation.
By applying the method provided by the embodiment of the invention, handshake authentication is carried out between the proxy server and the client in a quantum key mode, so that the safety of passing between the proxy server and the client is ensured.
In the method provided in the embodiment of the present invention, based on the content of S102, the obtaining the quantum key corresponding to the key ticket may specifically include:
sending the key request carrying the key bill to a preset quantum key service center;
and when receiving bill information fed back by the key request based on the quantum key service center, acquiring a quantum key corresponding to the key bill contained in the bill information.
It can be understood that the quantum key service center is configured to generate and manage quantum keys, each quantum key has a corresponding key ticket, and when the proxy server needs to obtain a specific key, the proxy server may use the key ticket as an index to request the quantum key service center to search for quantum rice for decrypting the encrypted random number. After the quantum key service center finds the quantum key corresponding to the key bill according to the request of the proxy client, the quantum key is embedded into the bill information and returned to the proxy server, and the proxy server can obtain the quantum key corresponding to the key bill from the bill information.
In the invention, the quantum key is obtained through the quantum service center, and the reliability of communication between the client and the proxy server is ensured in one step.
In the method provided by the embodiment of the invention, after handshake authentication with the client is successfully carried out, next authentication on the client needs to be carried out, namely user login information sent by the client is received, and identity authentication is carried out on a user of the client through the user login information by the bank intranet system. Specifically, the user login information is forwarded to the bank intranet system by the proxy server, and the specific forwarding process may include:
checking whether the user login information is encrypted;
if the user login information is encrypted, the quantum key is applied to decrypt the user login information to obtain decrypted user login information;
and sending the decrypted user login information to the intranet system based on a preset Radius protocol.
It can be understood that, when the client sends the user login information to the proxy server, the user login information may be encrypted, and if the client has encrypted the user login information, the user login information received by the proxy server is the encrypted user login information sent by the client. Because the client and the proxy server have already carried out handshake authentication in the earlier stage and determine that the interactive key between the client and the proxy server is the quantum key, the proxy server decrypts the user login information by using the quantum key after determining that the user login information is encrypted, so as to send the decrypted user login information to the intranet system.
According to the method provided by the embodiment of the invention, the client can carry out encryption transmission on the user login information when the client sends the user login information to the proxy server, so that the safety of the information transmission process is ensured.
Based on the processes of the foregoing embodiments S101 to S106 and S301 to S305, referring to fig. 4, a specific process of secure communication provided by an embodiment of the present invention may include:
1. the client acquires user login information of a user and sends a handshake message to the proxy server;
2. the proxy server sends the VPN identity identification to the client based on the handshake message;
3. after receiving the VPN identity, the client generates a client random number;
4. a client acquires a quantum key and a key bill stored in a U shield;
5. the client side performs digest calculation on the client side by using an SM3 digest algorithm to obtain a digest random number, and encrypts the digest random number by using a quantum key to obtain an encrypted random number;
6. the client sends the encrypted random number and the key bill to the proxy server;
7. the proxy server sends a key request based on the key bill vector sub-key service center;
8. the quantum key service center returns a quantum key corresponding to the key bill;
9. the proxy server decrypts the encrypted random number by applying the quantum key and returns a handshake authentication success message after successful decryption;
10. after receiving the handshake authentication success message, the client sends user login information to the proxy server;
11. the proxy server forwards user login information to a bank intranet system;
12. the bank intranet system carries out identity authentication on the user of the client according to the user login information and sends an identity authentication success message to the proxy server after passing the identity authentication;
13. the proxy server forwards the identity authentication success message to the client;
14. and the client logs in the internal network system of the bank according to the identity authentication success message.
Based on the method provided by the embodiment, when a user needs to log in the bank intranet system remotely, the security authentication is performed with the proxy server in a quantum key encryption mode, so that the security communication between the client and the proxy server is guaranteed, the identity of the user is further authenticated by the bank intranet system, the user login right is granted by the bank intranet system, and the security of the user logging in the bank intranet system is further guaranteed.
Corresponding to the method described in fig. 3, an embodiment of the present invention further provides a secure communication apparatus, which is used for implementing the method in fig. 3 specifically, where the secure communication apparatus provided in the embodiment of the present invention is applied to a proxy server, and a schematic structural diagram of the secure communication apparatus is shown in fig. 5, and specifically includes:
a fourth sending unit 501, configured to send a stored VPN identity to a client when receiving a handshake message of the client; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
an obtaining unit 502, configured to obtain a quantum key corresponding to a key ticket when receiving an encrypted random number and the key ticket that are sent by the client after receiving the VPN identity;
a decryption unit 503, configured to decrypt the encrypted random number using the quantum key, and determine whether decryption is successful;
a fifth sending unit 504, configured to send a handshake authentication success message to the client if decryption is successful;
and a forwarding unit 505, configured to send, when receiving user login information sent by the client and used for logging in a bank intranet system, the user login information to the bank intranet system, and when receiving an identity authentication success message sent by the bank intranet system, forward the identity authentication success message to the client, so as to complete a communication process with the client.
In the device provided by the invention, in the process of communication between the client and the proxy server, handshake authentication is required to be carried out firstly, the client sends handshake authentication to the proxy server, and the proxy server responds to handshake authentication information and feeds back the identity identification of the handshake authentication information, so that the client confirms the identity of the proxy server, generates an encrypted random number and sends the encrypted random number and the key bill to the proxy server. The proxy server obtains the quantum key for decrypting the encrypted random number by using the key bill as an index. And verifying whether the quantum key can decrypt the encrypted random number, if so, representing that the client and the proxy server can carry out safe communication, and feeding back a handshake authentication success message to the client by the proxy server so that the client sends user login information to the proxy server for secondary authentication. The proxy server forwards the user login information to the intranet system, the intranet system performs identity authentication on the user of the client, if the authentication is successful, the proxy server sends an identity authentication success message sent by the intranet system to the client, and the identity authentication success message represents that the second authentication is successful. The client can directly log in the internal network system of the bank to execute operation and maintenance operation.
By applying the device provided by the embodiment of the invention, handshake authentication is carried out between the proxy server and the client in a quantum key mode, so that the safety of passing between the proxy server and the client is ensured.
For the specific working process of each unit in the secure communication device disclosed in the above embodiment of the present invention, reference may be made to the corresponding content in the secure communication method disclosed in the above embodiment of the present invention, and details are not described here again.
Referring to fig. 6, the present invention provides a secure communication system including:
a client 601, a proxy server 602, a U shield 603, a bank intranet system 604 and a quantum key service center 605;
the client 601 is configured to communicate with the proxy server 602 when a user needs to log in the intranet system 604, and execute the following secure communication method applied to the client 601:
when a user needs to log in a bank intranet system, user login information which is registered by the user and used for logging in the bank intranet system is obtained, and a handshake message is sent to a preset proxy server;
when receiving a VPN identity fed back by the proxy server based on the handshake message, generating a client random number for performing handshake authentication with the proxy server;
acquiring a quantum key and a key bill stored in a connected U shield, and generating an encrypted random number based on the client random number and the quantum key;
sending the encrypted random number and the key bill to the proxy server, and triggering the proxy server to perform handshake authentication on the client based on the encrypted random number and the key bill;
when a handshake authentication success message sent by the proxy server is received, the user login information is sent to the bank intranet system through the proxy server, and the remote server is triggered to perform identity authentication on the user;
and logging in the remote server when receiving the identity authentication success message fed back by the bank intranet system through the proxy server.
Optionally, the method for generating an encrypted random number based on the client random number and the quantum key includes:
performing abstract calculation on the client random number by using a preset abstract algorithm to obtain an abstract random number;
and encrypting the digest random number by applying the quantum key to obtain an encrypted random number.
Optionally, in the method, the sending the user login information to the bank intranet system through the proxy server includes:
constructing a connection channel between the client and the proxy server;
and sending the user login information to the proxy server through the connection channel, so that the proxy server forwards the user login information to the intranet system.
The above method, optionally, further includes:
encrypting the user login information by applying the quantum key to obtain encrypted user login information;
and sending the encrypted user login information to the proxy server through the connection channel.
The proxy server 602 is configured to perform secure communication with the client 601 when the user needs to log in the intranet system 604 via the client 601, and execute the following secure communication method applied to the proxy server 602:
when a handshake message of a client side is received, sending a stored VPN identity to the client side; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
when receiving an encrypted random number and a key bill which are sent by the client after receiving the VPN identity, acquiring a quantum key corresponding to the key bill;
the quantum key is applied to decrypt the encrypted random number and judge whether decryption is successful;
if the decryption is successful, sending a handshake authentication success message to the client;
when user login information used for logging in a bank intranet system and sent by the client is received, the user login information is sent to the bank intranet system, and when an identity authentication success message sent by the bank intranet system is received, the identity authentication success message is forwarded to the client, so that a communication process with the client is completed.
Optionally, the obtaining the quantum key corresponding to the key ticket includes:
sending the key request carrying the key bill to a preset quantum key service center;
and when receiving bill information fed back by the key request based on the quantum key service center, acquiring a quantum key corresponding to the key bill contained in the bill information.
Optionally, in the method, the sending the user login information to the bank intranet system includes:
checking whether the user login information is encrypted;
if the user login information is encrypted, the quantum key is applied to decrypt the user login information to obtain decrypted user login information;
and sending the decrypted user login information to the intranet system based on a preset Radius protocol.
The U shield 603 is configured to store a quantum key and a key ticket corresponding to the quantum key, and provide the quantum key and the ticket corresponding to the quantum key to the client 601 when the client 601 performs secure communication with the proxy server 602;
the bank intranet system 604 is configured to receive user login information sent by the client 601 through the proxy server 602, and perform identity authentication on the user based on the user login information; after passing the identity authentication of the user, sending an identity authentication success message to the client 602 via the proxy server 602;
the quantum key service center 605 is configured to receive a key request sent by the proxy server 602, and analyze the key request to obtain a key ticket; a quantum key corresponding to a key ticket is obtained, and the quantum key is embedded in ticket information and sent to the proxy server 602.
In the secure communication system provided in the embodiment of the present invention, when a user needs to log in the intranet system 604 of the bank, two authentications need to be performed, where the first authentication is a handshake authentication performed between the client 601 and the proxy server 602. The secure communication between the client 601 and the proxy server 602 is realized by applying a quantum key in the handshake authentication process, before handshake authentication, the U shield 603 fills the quantum key and a key bill corresponding to the quantum key in the quantum key filling machine, and when a user needs to log in the intranet 604, the U shield 603 is inserted into the client 601. After acquiring the user login information and sending a handshake message to the proxy server 602, the client 601 receives the VPN identity sent by the proxy server 602, and confirms the identity of the proxy server according to the VPN identity and generates a client random number. After the random number of the client is subjected to digest calculation, the quantum key is applied to encryption to obtain an encrypted random number. The client 601 sends the encrypted random number and the key ticket to the proxy 602, and the proxy 602 obtains the quantum key from the quantum key service center 605 through the key ticket to decrypt the encrypted random number. After decryption is successful, proxy server 602 sends a handshake authentication success message to client 601. After receiving the message, the client 601 enters a second authentication process, and the client 601 sends user login information to the proxy server 602, and the user login information is forwarded to the bank intranet system 604 instead of being sent by the proxy server 602; the intranet system 604 performs identity authentication on the user according to the user login information, and after the authentication is successful, sends an identity authentication success message to the proxy server 602, the proxy server 602 forwards the identity authentication success message to the client 601, and the client 601 successfully logs in the intranet system 604 according to the message.
By applying the system provided by the embodiment of the invention, when the client needs to log in the intranet system, the quantum key is required to be applied for handshake authentication, and then the identity authentication is carried out on the user, so that the safety of the client for logging in the intranet system is ensured.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both.
To clearly illustrate this interchangeability of hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A secure communication method, applied to a client, the method comprising:
when a user needs to log in a bank intranet system, user login information which is registered by the user and used for logging in the bank intranet system is obtained, and a handshake message is sent to a preset proxy server;
when receiving a VPN identity fed back by the proxy server based on the handshake message, generating a client random number for performing handshake authentication with the proxy server;
acquiring a quantum key and a key bill stored in the connected U shield, and generating an encrypted random number based on the client random number and the quantum key;
sending the encrypted random number and the key bill to the proxy server, and triggering the proxy server to perform handshake authentication on the client based on the encrypted random number and the key bill;
when a handshake authentication success message sent by the proxy server is received, sending the user login information to the bank intranet system through the proxy server, and triggering a remote server to perform identity authentication on the user;
and logging in the remote server when receiving the identity authentication success message fed back by the bank intranet system through the proxy server.
2. The method of claim 1, wherein generating an encrypted nonce based on the client nonce and the quantum key comprises:
performing abstract calculation on the client random number by using a preset abstract algorithm to obtain an abstract random number;
and encrypting the digest random number by applying the quantum key to obtain an encrypted random number.
3. The method according to claim 1, wherein said sending said user login information to said intranet bank system via said proxy server comprises:
constructing a connection channel between the client and the proxy server;
and sending the user login information to the proxy server through the connection channel, so that the proxy server forwards the user login information to the intranet system.
4. The method of claim 3, further comprising:
encrypting the user login information by applying the quantum key to obtain encrypted user login information;
and sending the encrypted user login information to the proxy server through the connection channel.
5. A secure communication apparatus, the apparatus being applied to a client, the apparatus comprising:
the system comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for acquiring user login information which is registered by a user and used for logging in a bank intranet system when the user needs to log in the bank intranet system, and sending a handshake message to a preset proxy server;
the first generation unit is used for generating a client random number for performing handshake authentication with the proxy server when receiving a VPN identity fed back by the proxy server based on the handshake message;
the second generation unit is used for acquiring a quantum key and a key bill stored in the connected U shield and generating an encrypted random number based on the client random number and the quantum key;
a second sending unit, configured to send the encrypted random number and the key ticket to the proxy server, and trigger the proxy server to perform handshake authentication on the client based on the encrypted random number and the key ticket;
a third sending unit, configured to send, via the proxy server, the user login information to the intranet system of the bank when receiving a handshake authentication success message sent by the proxy server, and trigger a remote server to perform identity authentication on the user;
and the login unit is used for logging in the remote server when receiving the identity authentication success message fed back by the bank intranet system through the proxy server.
6. A secure communication method applied to a proxy server, the method comprising:
when a handshake message of a client side is received, sending a stored VPN identity to the client side; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
when receiving an encrypted random number and a key bill which are sent by the client after receiving the VPN identity, acquiring a quantum key corresponding to the key bill;
the quantum key is applied to decrypt the encrypted random number and judge whether decryption is successful;
if the decryption is successful, sending a handshake authentication success message to the client;
when user login information used for logging in a bank intranet system and sent by the client is received, the user login information is sent to the bank intranet system, and when an identity authentication success message sent by the bank intranet system is received, the identity authentication success message is forwarded to the client, so that a communication process with the client is completed.
7. The method of claim 6, wherein obtaining the quantum key corresponding to the key ticket comprises:
sending a key request carrying the key bill to a preset quantum key service center;
and when receiving bill information fed back by the key request based on the quantum key service center, acquiring a quantum key corresponding to the key bill contained in the bill information.
8. The method according to claim 7, wherein said sending said user login information to said intranet system comprises:
checking whether the user login information is encrypted;
if the user login information is encrypted, the quantum key is applied to decrypt the user login information to obtain decrypted user login information;
and sending the decrypted user login information to the intranet system based on a preset Radius protocol.
9. A secure communication apparatus, applied to a proxy server, the apparatus comprising:
a fourth sending unit, configured to send the stored VPN identity to the client when receiving a handshake message of the client; the VPN identity is used for identifying the VPN identity of the proxy server in a quantum authentication system;
the acquiring unit is used for acquiring a quantum key corresponding to a key bill when receiving an encrypted random number and the key bill which are sent by the client after the client receives the VPN identity;
the decryption unit is used for decrypting the encrypted random number by applying the quantum key and judging whether decryption is successful or not;
a fifth sending unit, configured to send a handshake authentication success message to the client if decryption is successful;
and the forwarding unit is used for sending the user login information to the internal network system of the bank when receiving the user login information which is sent by the client and used for logging in the internal network system of the bank, and forwarding the identity authentication success information to the client when receiving the identity authentication success information sent by the internal network system of the bank, so as to complete the communication process with the client.
10. A secure communication system, comprising:
the system comprises a client, a proxy server, a U shield, a bank intranet system and a quantum key service center;
the client is used for communicating with the proxy server when a user needs to log in the bank intranet system and executing the safety communication method according to any one of claims 1 to 4;
the proxy server is used for carrying out secure communication with the client when the user needs to log in the internal bank network system through the client, and executing the secure communication method according to any one of claims 6 to 8;
the U shield is used for storing a quantum key and a key bill corresponding to the quantum key and providing the quantum key and the bill corresponding to the quantum key to the client when the client and the proxy server are in safe communication;
the bank intranet system is used for receiving user login information sent by the client through the proxy server and authenticating the identity of the user based on the user login information; after the identity authentication of the user is passed, sending an identity authentication success message to the client through the proxy server;
the quantum key service center is used for receiving a key request sent by the proxy server and analyzing the key request to obtain a key bill; and acquiring a quantum key corresponding to the key bill, embedding the quantum key into bill information and sending the bill information to the proxy server.
CN202110505116.0A 2021-05-10 2021-05-10 Secure communication method, device and system Active CN113242238B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110505116.0A CN113242238B (en) 2021-05-10 2021-05-10 Secure communication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110505116.0A CN113242238B (en) 2021-05-10 2021-05-10 Secure communication method, device and system

Publications (2)

Publication Number Publication Date
CN113242238A CN113242238A (en) 2021-08-10
CN113242238B true CN113242238B (en) 2022-05-27

Family

ID=77133189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110505116.0A Active CN113242238B (en) 2021-05-10 2021-05-10 Secure communication method, device and system

Country Status (1)

Country Link
CN (1) CN113242238B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113950049B (en) * 2021-09-28 2023-10-03 天翼物联科技有限公司 Quantum security method, system, device and medium of Internet of things based on SIM card
CN114338222B (en) * 2022-01-11 2024-02-06 杭州弗兰科信息安全科技有限公司 Key application method, system, device and server

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471584B (en) * 2015-12-04 2019-02-22 长春大学 A kind of identity identifying method based on quantum key encryption
CN105812367B (en) * 2016-03-15 2018-08-17 浙江神州量子网络科技有限公司 The Verification System and authentication method of network access equipment in a kind of quantum network
CN108234501B (en) * 2018-01-11 2020-12-11 北京中电普华信息技术有限公司 Quantum key fusion-based virtual power plant secure communication method
CN116886288A (en) * 2019-03-28 2023-10-13 广东国盾量子科技有限公司 Quantum session key distribution method and device
CN110601838A (en) * 2019-10-24 2019-12-20 国网山东省电力公司信息通信公司 Identity authentication method, device and system based on quantum key

Also Published As

Publication number Publication date
CN113242238A (en) 2021-08-10

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
US10554420B2 (en) Wireless connections to a wireless access point
CN109410406B (en) Authorization method, device and system
CN102099810B (en) Mobile device assisted secure computer network communications
CN107248075B (en) Method and device for realizing bidirectional authentication and transaction of intelligent key equipment
CN102217277B (en) Method and system for token-based authentication
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN111615105B (en) Information providing and acquiring method, device and terminal
JP6911122B2 (en) Permission method and system to acquire terminal attack warning message log
JP2005102163A (en) Equipment authentication system, server, method and program, terminal and storage medium
CN109981665B (en) Resource providing method and device, and resource access method, device and system
KR20220086580A (en) Non-custodial tool for building decentralized computer applications
CN108809633B (en) Identity authentication method, device and system
CN107800675A (en) A kind of data transmission method, terminal and server
CN108322416B (en) Security authentication implementation method, device and system
CN113242238B (en) Secure communication method, device and system
CN109462572B (en) Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey
JP2008269381A (en) Authentication server and on-line service system
CN110891065A (en) Token-based user identity auxiliary encryption method
CN114338201B (en) Data processing method and device, electronic equipment and storage medium
CN102025748A (en) Method, device and system for acquiring user name of Kerberos authentication mode
KR101206854B1 (en) Authentication system and method based by unique identifier
JP4998314B2 (en) Communication control method and communication control program
JP4409497B2 (en) How to send confidential information
CN109981667B (en) User data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant