CN113452687A - Method and system for encrypting sent mail based on quantum security key - Google Patents

Method and system for encrypting sent mail based on quantum security key Download PDF

Info

Publication number
CN113452687A
CN113452687A CN202110705150.2A CN202110705150A CN113452687A CN 113452687 A CN113452687 A CN 113452687A CN 202110705150 A CN202110705150 A CN 202110705150A CN 113452687 A CN113452687 A CN 113452687A
Authority
CN
China
Prior art keywords
mail
quantum
key
sending
management service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110705150.2A
Other languages
Chinese (zh)
Other versions
CN113452687B (en
Inventor
刘驰
李杏桃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Quantum Technology Co ltd
Original Assignee
China Telecom Quantum Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Quantum Technology Co ltd filed Critical China Telecom Quantum Technology Co ltd
Priority to CN202110705150.2A priority Critical patent/CN113452687B/en
Publication of CN113452687A publication Critical patent/CN113452687A/en
Application granted granted Critical
Publication of CN113452687B publication Critical patent/CN113452687B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The invention provides an encryption method for sending mails based on a quantum security key, which is applied to mail sending equipment and comprises the following steps: s1', before sending the mail, the mail sending device carries out identity verification through the quantum password management service system, the mail sending device reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result; s2', when the user needs to send the mail after logging in and authenticating in step S1, the sender needs to apply for obtaining the mail encryption key to the quantum password management service system by using the key preset in the quantum security chip. By adopting the technical scheme, the threat of the increasingly severe environment of network attack to the mailbox sending environment is solved, the security threat brought by future quantum computers and quantum algorithms is prevented, and the scheme is easy to realize.

Description

Method and system for encrypting sent mail based on quantum security key
Technical Field
The application belongs to the field of safety application products, and particularly relates to a quantum key-based mail sending method.
Background
At present, the increasingly severe environment of network attacks threatens the mailbox transceiving environment, including: the identity authentication problem of the mail receiving and sending entity, the problem that the mail content is stolen in the processes of mail transmission and storage, and the problems of tampering of a receiver and a sender and tampering of mail information possibly existing in the process of mail transmission.
2019.09.24, application No. CN201910904251.5, discloses a mail system and a transmission and reception method based on quantum digital signature, in order to ensure the authenticity of the transmitted information, the signature of the message is usually performed by a specific signature algorithm (such as Hash algorithm) before the information is transmitted. And attaching the calculated signature information to the message and sending the message to the server, then carrying out the same calculation on the content of the acquired message by the receiving end, and comparing the calculated result with the signature information carried behind the sending end. If the two are the same, the message content is not tampered, otherwise, the message is possibly tampered. The system in this application employs a three-layer structure: a physical layer, a key layer and an application layer; the physical layer is a key generation terminal and is responsible for generating a key string for signing in real time; the key layer is used for storing the key string generated by the physical layer and providing the required key to the upper application layer when required; the application layer is a software part for sending and receiving mail system, and encrypts the information to be sent by extracting the key generated by the physical layer from the key layer. The mail receiving and sending method comprises a quantum key distribution stage, a mail signature stage and a signature verification stage. Compared with the algorithm signature, the invention more powerfully guarantees the safety of the mail encrypted by the sub-digital signature. But the method omits a complex signature cryptographic algorithm, uses a quantum digital signature mode, improves the authenticity and non-repudiation of the mail according to the quantum mechanics principle, but does not improve the encryption security of the mail. Meanwhile, the quantum key is required to be exchanged between terminals of an application layer, the exchange process of the quantum key is not described in detail, and the key is exposed in the exchange process.
The patent application with the application number of 2019.04.24 and the application number of CN201910331987.8 discloses a mail secure transmission method based on a quantum key public cloud service platform, which relates to the technical field of quantum secret communication and comprises the following steps: the quantum key public cloud service platform acquires and stores a quantum key from the quantum key distribution QKD equipment; negotiating between a client A and a client B which are to perform mail transmission to generate a pairing verification code; the client A and the client B send a request message for downloading the quantum key to the public cloud service platform of the quantum key; the quantum key public cloud service platform receives request messages for downloading the quantum keys, sent by a middle client A and a client B, matches verification codes, distributes the quantum keys if the pairing is successful, enters the next step, and prompts pairing errors if the pairing is failed; the client A encrypts and sends the mail to the public mail server, and the client B receives and decrypts the encrypted mail from the public mail server. The invention realizes the absolute safety of the transmission of the encrypted information of the e-mail in the network. The patent uses the random method in JAVA to generate pseudo random numbers, i.e. its random number is generated by a pseudo random number generator. In the method, the quantum key is generated into a quantum key compression package, the receiving and sending part carries out downloading and decompression to obtain the quantum key, and the security of the compression and sending process is not credible. In addition, the client AB both sides send verification codes, and the platform compares the verification codes, so that the security risk is extremely high, and the client AB can be attacked by a man-in-the-middle.
Future quantum computers and quantum algorithms may also pose security threats, including: the public key cryptographic algorithm based on the big factorization problem is decoded, and the security threat brought by a quantum computer and the threat of the quantum algorithm to the existing cryptographic system are realized.
And the existing mail transmission system also needs a large amount of participation of a third party, which can increase the labor cost.
Disclosure of Invention
The invention aims to solve the technical problem of how to solve the threat of the increasingly severe environment of network attack to the environment of sending mails by mailboxes.
The invention provides an encryption method for sending mails based on a quantum security key, which is applied to mail sending equipment and comprises the following steps:
s1', before sending the mail, the mail sending device carries out identity verification through the quantum password management service system, the mail sending device reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result;
s2', when the user needs to send the mail after logging in and authenticating in step S1, the sender needs to apply for obtaining the mail encryption key to the quantum password management service system by using the key preset in the quantum security chip.
By adopting the technical scheme, the threat of the increasingly severe environment of network attack to the mailbox receiving and sending environment is solved, and particularly the identity authentication problem of the mail sending equipment entity is solved: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
By adopting the technical scheme, the security threat brought by future quantum computers and quantum algorithms is prevented, and particularly the problem that the public key cryptographic algorithm based on the factorization problem is decoded is prevented: using quantum symmetric keys, cannot be deciphered by factorization;
the technical scheme is easy to realize, the quantum security chip is a feasible existing technology, and the security authentication based on the quantum symmetric key is also an realizable technology.
As an optimized technical scheme, after the symmetric entity identity authentication is started by using a mailbox program of mail sending equipment, a quantum security chip is automatically called to complete the identity authentication of a symmetric key based on a quantum security key.
As an optimized technical solution, in step S1', the specific process of symmetric entity identity authentication is as follows:
s11', the user opens the mailbox application on the mail sending device, inputs the account password to log in the mailbox application for authorization, and logs in the mailbox;
s12 ', the mail sending device uses GB/T15843.2 standard to authenticate the entity based on the symmetric key through the built-in quantum security chip and the quantum password management service system, and the step S2' is entered after the user logs in and authenticates.
As an optimized technical solution, in step S1', the specific process of symmetric entity identity authentication is as follows:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and a device physical address, and the good scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum password management service system, wherein the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system.
As an optimized technical solution, the sending encryption process of step S2' is:
s211', the sender uses the mail sending device to edit and complete the local mail locally;
s212', the mail sending equipment selects a secret key B with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to the quantum password management service system together, and applies for obtaining a mail encryption secret key;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key BB’
S215', the mail sending device receives the encrypted mail encryption password MB’Then, using and symmetric key B' symmetryDecrypting the key B to obtain an E-mail encryption password M;
s216', the sender uses the Hash algorithm to generate a message digest gamma for the encrypted mail;
s217': the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using a mail encryption password M, and performs encryption transmission and storage by using the mail encryption password M;
s218': the mail sending equipment encrypts and sends the mail number, the recipient information, the recipient verification code beta and the message digest gamma to a quantum cipher management service system by using a quantum key with a sequence of Z + 1;
s219': the mail sending device sends the encrypted mail packet, the information of the receiving and sending person and the mail number to the mail system together.
As an optimized technical scheme, the quantum security chip is an SIM card or a U disk.
As an optimized technical scheme, a safety key in a quantum safety chip is pre-built, the quantum safety chip is filled in advance through a quantum key filling machine when the quantum safety chip issues a card, the used quantum safety chips are all provided with preset quantum passwords, each quantum safety chip is provided with a serial number, each quantum key is provided with a serial number, the serial numbers of the quantum safety chips and the serial numbers of the quantum keys are provided, and the corresponding keys can be found in a quantum exchange password.
As an optimized technical solution, the mail sending device includes: the system comprises a mobile phone and a fixed device, wherein mailbox users and quantum security chips are bound in advance, and one mailbox user is bound with one quantum security chip.
The invention also provides an encryption system for sending the mail based on the quantum secure key corresponding to the encryption method, which comprises the following steps:
the entity authentication module is used for verifying the identity of the mail sending equipment through the quantum password management service system before sending the mail, reading a quantum security key preset in a built-in quantum security chip and the quantum password management service system by the mail sending equipment to carry out symmetric entity identity authentication, and finally returning an authentication result;
the encryption key application and mail sending module is used for applying to obtain a mail encryption key to the quantum password management service system by using a key preset in the quantum security chip and sending the mail by a sender when the mail is sent;
wherein the entity authentication module comprises:
the login unit is used for sending an authentication request to the sub-security chip by the mail sending equipment after the user logs in;
the key returning unit is used for returning the quantum key and the sequence Z-1 of the quantum key to the mail sending equipment by the quantum security chip;
the authentication request unit is used for sending an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system by the mail sending equipment;
the mail sending equipment receives a certain good scheme which is sent by the quantum password management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and an equipment physical address, and is used for verifying that the quantum password management service system is the person;
the mail sending equipment verifies the sending unit, the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and the secret key corresponding to the quantum secret key sequence Z-1 is used for encrypting and sending the mail sending equipment to a quantum password management service system, and the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system after both the mail sending equipment and the quantum password management service system pass the verification.
As an optimized technical scheme, the encryption key application and mail sending module comprises:
the mail editing unit is used for editing the local mail locally by a sender by using mail sending equipment;
a mail encryption key application unit, wherein mail sending equipment selects a key B with a password sequence Z in a quantum security chip, sends a mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption key;
a mail encryption password receiving unit, a mail sending device receives a mail encryption password M which is returned by the quantum password management service system and encrypted by using a symmetric key BB’
A mail encryption password decryption unit, a mail sending device receives the encrypted mail encryption password MB’Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
a message digest generation unit, which is used by a sender to generate a message digest gamma by using a Hash algorithm on the encrypted mail;
an encrypted mail packet transmission unit, wherein the mail sending device uses a mail encryption password M to encrypt the local mail and the message digest gamma into an encrypted mail packet, and uses the mail encryption password M to carry out encryption transmission storage;
the mail information sending unit is used for encrypting and sending a mail number, recipient information, a recipient verification code beta and a message digest gamma to the quantum password management service system by using a quantum key with a sequence of Z +1 through mail sending equipment;
and the mail sending unit is used for sending the encrypted mail packet, the information of the receiving and sending person and the mail number to the mail system together by the mail sending equipment.
The invention has the advantages that:
1. the invention uses the quantum password management service system to carry out identity authentication and distribute the mail encryption password, thereby increasing the security.
(1) The threat of the increasingly severe environment of network attack to the mailbox receiving and sending environment is solved:
solve the identity authentication problem of the entity of the mail receiving and sending party: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
Secondly, the problem that the mail content is stolen in the mail transmission and storage process is solved: the mail is transmitted in a ciphertext mode, the mail is stored in the ciphertext mode, and the encryption key is a quantum true random key which is generated by a quantum cipher management service system and is safely issued through a quantum cipher technology. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
Solving the problems of sender-receiver tampering and mail content tampering possibly existing in the mail transmission process: the quantum password management service system can carry out verification code authentication on the sender and the receiver, so as to ensure the authenticity of the sender and the receiver. The entities use a hash algorithm (such as the SM3) to digest the mail content, and use the mail encryption password to encrypt, transmit and store in a one-time pad mode, and check after decrypting the mail to avoid the risk of content tampering.
(2) The security threat brought by future quantum computers and quantum algorithms is prevented;
the method comprises the following steps of preventing a public key cryptographic algorithm based on a large-factor decomposition problem from being decoded: using quantum symmetric keys, cannot be deciphered by factorization;
security threat brought by quantum computers appearing in the future is prevented: the quantum security password is used for encryption transmission, and the transmission process is completely safe and credible theoretically;
preventing the threat of quantum algorithm possibly appearing in the future to the existing password system: the quantum security password is used for encrypted transmission, and the quantum security key is a true random number generated by a quantum random number generator and cannot be deciphered through an algorithm.
(3) Third party issuance and certification without digital certificates;
the method provides a certificate-free authentication mode, reduces participation of a third party: and the entity authentication of both users is carried out by using an entity authentication protocol based on the symmetric password without a third party issuing a certificate. The number of participants in the process is reduced, and the risk of the three-party agreement is reduced.
2. Easy to realize, strong universality and good ductility
(1) The development technology is easy to realize
The quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the mail encryption password for encrypting the mail can be generated by using a quantum random number, the technology is mature, and the security is high.
(2) Strong universality and good ductility
The invention has few places for reforming the mailbox system, mainly improves the safety by adding a quantum key service system and has strong universality. The invention can be integrated on a quantum security service platform, provides a functional interface for the outside and has good ductility.
3. Economic benefits
(1) The network security capability is obviously improved
The invention can defend against the existing attack mode and possible quantum computing threat in the future, and can greatly reduce the economic loss caused by information leakage.
(2) Mailbox security service upgrade
The invention can greatly enhance the safety of the mail and provide a better and safer mail communication service. If the mail system of the existing 3W user (10 Yuan/month) is modified, the income revenue before modification is 30 Yuan/month, the service upgrade monthly lease after modification is 15 Yuan/month, and the income revenue after modification is 45W/month.
(3) Low reconstruction cost
The invention can be modified on the existing system, the platform side has almost no modification amount, the application end is only needed to be butted, and the modification cost is low.
Drawings
FIG. 1 is a system architecture diagram for authenticating and encrypting mailboxes based on quantum security keys according to an embodiment of the present invention;
FIG. 2 is a timing diagram illustrating the operation of a system for authenticating and encrypting a mailbox based on a quantum security key according to an embodiment of the present invention;
FIG. 3 is a flow chart of login authentication in an embodiment of the invention;
FIG. 4 is a detailed flowchart of identity authentication according to an embodiment of the present invention;
FIG. 5 is a flow chart of transmit encryption in an embodiment of the present invention;
FIG. 6 is a storage flow diagram of a quantum key management service system in an embodiment of the invention;
FIG. 7 is a storage flow diagram of a mail system in an embodiment of the present invention;
fig. 8 is a reception decryption flow chart in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment discloses an encryption method for sending an email based on a quantum security key, which is applied to email sending equipment
The embodiment discloses an encryption method for sending an email based on a quantum security key, which is applied to email sending equipment.
And the mail sending equipment is used for sending mails and internally or externally connected with a quantum security chip.
Quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, and the quantum security chip can be forms such as SIM card or USB flash disk, and the security key in the quantum security chip is built-in advance, just fills in advance through quantum key filler when the quantum security chip hairpin, and the quantum security chip of use all has preset quantum password, and the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cryptograph as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail sending apparatus includes: the method includes that a mailbox user needs to be bound with a quantum security chip in advance, only the mailbox binding user can send mails by using mail sending equipment with the quantum security chip built in, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for safety, it is preferable that a mailbox user is bound with a quantum security chip, that is, the mailbox user is not available after replacing the mail sending device, or the mailbox user is not available after replacing the mail sending device.
The quantum security key-based encryption method for sending the mails is applied to mail sending equipment and comprises the following steps:
s1', before sending the mail, the mail sending device carries out identity verification through the quantum password management service system, the mail sending device reads the quantum security key preset in the quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns the authentication result.
And after the symmetric entity identity authentication can be started by using a mailbox program of the mail sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
The specific process of the identity authentication of the symmetric entity is as follows:
s11', the user opens the mailbox application on the mail sending device, inputs the account password to log in the mailbox application for authorization, and logs in the mailbox;
s12 ', the mail sending device uses GB/T15843.2 standard to authenticate the entity based on the symmetric key through the built-in quantum security chip and the quantum password management service system, and the step S2' is carried out after the user logs in and authenticates;
in actual operation, if entity authentication is performed again in each login, the entity authentication process is complex and long-consuming, and user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required in multiple logins within the login validity period, and the specific steps are as follows:
s12' a, detecting whether a quantum security chip built in the mail sending equipment is in the login validity period of a quantum password management service system, directly entering the step S2 in the validity period, and if not, using a GB/T15843.2 standard to perform entity authentication based on a symmetric key by the mail sending equipment through the built-in quantum security chip and the quantum password management service system;
and S12' b, completing the login authentication process of the user, wherein the login valid period of the quantum password management service system can be set to be one month after each authentication.
In the step S12' a, if the quantum security chip built in the e-mail sending device is bound with the e-mail user one by one, it can also be detected whether the e-mail user is in the validity period.
The mail sending device performs entity authentication by using a GB/T15843.2 standard based on a symmetric key through a built-in quantum security chip and a quantum password management service system, and comprises the following specific steps:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and a device physical address, and the good scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum password management service system, wherein the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system.
The quantum symmetric key preset by the quantum security chip is used for identity authentication, the quantum symmetric key is initially filled and preset when the quantum security chip is sent through a quantum key filling machine, and one key is authenticated at one time, so that the identity authentication problem of a mail sending entity is solved, and a third party for issuing a certificate is not needed. The number of participants in the process is reduced, and the risk of the three-party protocol is reduced;
s2', when the user needs to send the mail after logging in and authenticating in step S1, the sender needs to apply for obtaining the mail encryption key to the quantum password management service system by using the key preset in the quantum security chip, and sends the mail.
Specifically, the transmission encryption process is as follows:
s211', the sender uses the mail sending device to edit and complete the local mail locally;
s212', supposing that the sent email is the first email sending after authentication, the email sending equipment selects a secret key B with a password sequence Z in a quantum security chip, sends the email number and the password sequence Z together to a quantum password management service system, applies for obtaining an email encryption secret key, wherein the secret key is used as an optional rule, the secret keys in all the quantum security chips are used according to the secret key sequence, if the sequence used during authentication is a secret key Z-1, the secret key with the sequence Z is selected at the time, the sequence of the secret key selected at the next time is Z +1, the used secret key is discarded, of course, other sequences can be adopted, and if the sent email is the first email sending after non-authentication, the secret keys of the password sequences in corresponding sequences can be used;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key BB’
S215', the mail sending device receives the encrypted mail encryption password MB’Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216', the sender uses a Hash algorithm to generate a message digest gamma for the encrypted mail, and the risk of content tampering is avoided;
s217': the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using the mail encryption password M, and encrypts, transmits and stores the encrypted mail packet by using the mail encryption password M, so that the risk of content tampering is further avoided;
s218': the mail sending device sends the mail number, the recipient information, a recipient verification code beta and a message digest gamma to a quantum password management service system by using symmetric C encryption of a quantum key with the sequence of Z +1, the quantum password management service system stores the corresponding relation between a sender and a recipient and a mail, the recipient verification code stored in the quantum password management service system is represented as beta', the recipient verification code is used for preventing the recipient information from being distorted in the plaintext transmission process (the recipient information needs plaintext transmission), the recipient verification code is generated by the recipient information and the mail number through a Hash algorithm and is sent to the quantum password management service system, when the identity of the recipient is verified, the quantum password management system can enable the recipient information (the recipient requesting the recipient) and the mail number to generate the recipient verification code again by using the same algorithm and compare the recipient verification code stored previously, the identity of the receiver is verified, the relation between beta and beta' is that beta is renamed after being stored in a quantum password management service system, the essence is the same, the receiver information and the sender information mentioned here and below are preset accounts of the receiver/sender, but the accounts of the receiver/sender and the mail sending equipment are in a corresponding binding relation, so the information can also be information of the mail sending equipment;
s219': the mail sending equipment sends the encrypted mail packet, the sender receiving information and the mail number to the mail system, the mail system receives the encrypted mail and stores the encrypted mail, the mail system can receive the non-encrypted mail and the encrypted mail, and the mail system stores the encrypted mail packet, the sender receiving information and the mail number.
The mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key generated by the quantum password management service system. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
As can be seen from the above mail sending process, the whole mail sending process always consumes three keys. Firstly, the method is used for identity authentication; obtaining an encryption key of the mail; and thirdly, the system is used for sending the mail information to the quantum password management service system safely.
The quantum password management service system realizes data interaction with the mailbox system and the quantum security chip through the network respectively and is used for providing a mail encryption key and an identity authentication function.
Embodiment two mail transmission method based on quantum security key
This embodiment is a mail transmission and reception method using the encryption method of the transmission mail of the first embodiment, including transmission and reception processes.
As shown in fig. 1, this embodiment discloses a quantum security key-based mail transmission method, and a quantum security key-based mail transmission system is used, the system including:
the mailbox system is used for providing the function of sending and receiving mails;
the quantum random number generator is used for generating a quantum key;
the quantum exchange cipher machine receives a quantum key sent by the quantum random number generator and is used for providing key service, a key is stored in the quantum exchange cipher machine in advance, the key is the key pre-generated by the quantum random number generator and is stored in the quantum exchange cipher machine, and the key in the quantum safety chip is a symmetric key;
the quantum key filling machine is connected with the output end of the quantum exchange cipher machine and is used for filling the quantum key;
the quantum password management service system is respectively in data interaction with the mailbox system and the quantum security chip through a network, is directly connected with the quantum password switch and is used for providing a mail encryption key and an identity authentication function;
quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, and the quantum security chip can be forms such as SIM card or USB flash disk, and the security key in the quantum security chip is built-in advance, just fills in advance through quantum key filler when the quantum security chip hairpin, and the quantum security chip of use all has preset quantum password, and the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cryptograph as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail receiving and sending device is used for receiving and sending mails, the quantum security chip is internally or externally connected with the mail receiving and sending device, and the mail receiving and sending device comprises: the mailbox user needs to be bound with the quantum security chip in advance, only the mailbox binding user can send mails by using the mail receiving and sending device with the quantum security chip built in, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for security, it is preferable that a mailbox user is bound with a quantum security chip, that is, the mailbox user is not available after replacing the mail sending and receiving device, or the mailbox user is not available after replacing the mail sending and receiving device.
As shown in fig. 2, the method for transmitting the mail based on the quantum security key includes the following steps:
s1, before sending or receiving the mail, the mail receiving and sending device carries out identity verification through the quantum password management service system, the mail receiving and sending device reads a quantum security key preset in the quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result.
And after the symmetric entity identity authentication can be started by using a mailbox program of the mail receiving and sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
As shown in fig. 3, the specific process of symmetric entity identity authentication is as follows:
s11, opening a mailbox application on the mail receiving and sending device by the user, inputting an account password to carry out login authorization of the mailbox application, and logging in the mailbox;
s12, the mail receiving and sending device uses GB/T15843.2 standard to authenticate the entity based on the symmetric key through the built-in quantum security chip and the quantum password management service system, and the step S2 is carried out after the user logs in and authenticates;
in actual operation, if entity authentication is performed again in each login, the entity authentication process is complex and long-consuming, and user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required in multiple logins within the login validity period, and the specific steps are as follows:
s12a, detecting whether the quantum security chip built in the mail receiving and sending equipment is in the login validity period of the quantum password management service system, if so, directly entering the step S2, and if not, the mail receiving and sending equipment performs entity authentication based on a symmetric key by using the GB/T15843.2 standard through the built-in quantum security chip and the quantum password management service system;
and S12b, completing the login authentication process of the user, wherein the login validity period of the quantum password management service system can be set to be one month after each authentication.
In step S12a, if the quantum security chip built in the mailer and the mailer are bound one by one, it may also be detected whether the mailer is in the validity period.
Referring to fig. 4, the mail receiving and sending device performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum cryptography management service system, specifically including the steps of:
step S121, after the user logs in, the mail receiving and sending device automatically sends an authentication request to the sub-security chip;
s122, the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving and sending equipment;
step S123, the mail receiving and sending device sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
s124, the quantum cipher management service system searches a cipher key corresponding to the quantum cipher key sequence Z-1 through a quantum cipher key exchange cipher machine;
step S125, the quantum key exchange cipher machine returns a key corresponding to the quantum key sequence Z-1, namely a symmetric key to the quantum key management service system;
step S126, the quantum password management service system adopts a certain good scheme such as a timestamp and an equipment physical address, encrypts and sends a key corresponding to the quantum key sequence Z-1 to the mail receiving and sending equipment for verifying that the quantum password management service system is the person;
step S127, the mail receiving and sending device adopts a certain good scheme such as a time stamp and a device physical address, and uses the key encryption corresponding to the quantum key sequence Z-1 to send to a quantum password management service system for verifying that the mail receiving and sending device is the owner and is not an application for resending after intercepting information by others;
and S128, after both parties pass the verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving and sending equipment.
The quantum symmetric key preset by the quantum security chip is used for identity authentication, the quantum symmetric key is initially filled and preset when the quantum security chip is sent by a quantum key filling machine, and one key is authenticated at one time, so that the identity authentication problem of a mail receiving and sending entity is solved, and a third party for issuing a certificate is not needed. The number of participants in the process is reduced, and the risk of the three-party protocol is reduced;
s2, after the user finishes logging authentication in step S1 and needs to send and receive mails, the sender needs to use a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system, the quantum password management service system encrypts the mail encryption key by using a symmetric key of the key preset in the quantum security chip and then sends the encrypted mail encryption key to the receiver, the mail system receives the mails encrypted by the mail encryption key and then performs platform storage, and the receiver can decrypt the mail encryption key by using the quantum security key built in the mail sending and receiving equipment to obtain the mail encryption key.
Specifically, as shown in fig. 5 to 7, the transmission encryption process is:
s211, the sender uses the sending end mail receiving and sending equipment to edit the local mail locally;
s212, supposing that the sent email is sent for the first time after authentication, the email sending and receiving equipment of the sending party selects a secret key B with a password sequence Z in a quantum security chip, sends the email number and the password sequence Z together to a quantum password management service system, applies for obtaining an email encryption secret key, wherein the secret key is used as an optional rule, the secret keys in all the quantum security chips are used according to the secret key sequence, if the sequence used during authentication is a secret key of Z-1, the secret key with the sequence Z is selected for the current time, the sequence of the secret key selected for the next time is Z +1, the used secret key is discarded, of course, other sequences can be adopted, and if the sent email is sent for the first time after non-authentication, the secret keys of the password sequences in corresponding sequences can be used;
s213, the quantum cipher management service system uses a quantum random number generator to generate a safe random mail encryption cipher M, finds a symmetric cipher key B 'with a cipher sequence Z by using a quantum secure cipher key stored in a quantum exchange cipher machine, encrypts the mail encryption cipher M by using the symmetric cipher key B', and generates an encrypted mail encryption cipher MB’
S214, the quantum password management service system encrypts the mail encryption password M encrypted by using the symmetric key BB’Sending the information to a mail receiving and sending device of a mail sender;
s215, the mail transmitting-receiving device of the sender receives the encrypted mail encryption password MB’Decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216, the sender uses a Hash algorithm to generate a message digest gamma for the encrypted mail, so that the content tampering risk is avoided;
s217: the mail receiving and sending equipment of the sender uses the mail encryption password M to encrypt the local mail and the message digest gamma into an encrypted mail packet, and uses the mail encryption password M to carry out encryption transmission and storage, so that the risk of content tampering is further avoided;
s218: the sending-side e-mail receiving and sending device encrypts and sends the e-mail number, the receiver information, the receiver verification code beta and the message digest gamma to the quantum password management service system by using a quantum key with a sequence of Z +1, as shown in FIG. 5, the quantum password management service system stores the corresponding relation between the sender and the receiver and the e-mail, the receiver verification code stored in the quantum password management service system is represented as beta', the receiver verification code is used for preventing the receiver information from being distorted in the plaintext transmission process (the receiver information needs to be transmitted in the plaintext), the receiver verification code is generated by the receiver information and the e-mail number through a Hash algorithm and is sent to the quantum password management service system, when the identity of the receiver is verified, the quantum password management system can enable the receiver information (the receiver requesting the receiver) and the e-mail number to generate the receiver verification code again by using the same algorithm, comparing the verification codes stored previously so as to verify the identity of the receiver, wherein the relation between beta and beta 'is that beta' is renamed after the beta is stored in a quantum password management service system, the essence is the same, and the receiver information and the sender information mentioned here and below are preset with the account number of the receiver/sender, but the account number of the receiver/sender and the mail receiving and sending equipment are in a corresponding binding relation, so that the receiver/sender information can also be the information of the mail receiving and sending equipment;
s219: the quantum password management service system generates a sender verification code alpha' according to the mail number and the information of the sender authenticated in the step S1;
s220: the sender email transceiver sends the encrypted email packet, the sender receiving information and the email number to the email system, the email system receives the encrypted email and stores the encrypted email, the email system can receive the non-encrypted email and also receive the encrypted email, as shown in fig. 5, the email system stores the encrypted email packet, the sender receiving information and the email number.
The mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key generated by the quantum password management service system. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
As can be seen from the above mail sending process, the whole mail sending process always consumes three keys. Firstly, the method is used for identity authentication; obtaining an encryption key of the mail; and thirdly, the system is used for sending the mail information to the quantum password management service system safely.
As shown in fig. 8, the receiving decryption process is:
after the user logs in the mailbox by using the receiver mail receiving and sending equipment and completes identity authentication, the user clicks a receiving mail, receives an encrypted mail sent by other people and triggers a key acquisition process. If the receiving party e-mail receiving and sending equipment has passed the identity authentication process of the step S1, the receiving party e-mail can be clicked directly, if not, the identity authentication is required to be completed according to the steps S11-S13, the quantum cipher management service system sends the encryption of the mail to the receiving party e-mail receiving and sending equipment by using the secret key stored in the quantum exchange cipher machine of the receiving party e-mail receiving and sending equipment, and the receiving party e-mail receiving and sending equipment carries out decryption reading locally.
The method comprises the following specific steps:
s221: the mail receiving and sending equipment of the receiving party receives the encrypted mail from the mailbox system, and the encrypted mail comprises an encrypted mail packet, sender receiving information and a mail number;
s222: the mail receiving and sending equipment of the receiving party generates a sender verification code alpha according to the sender information and the mail number;
s223: the mail receiving and sending equipment of the receiving party selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224: the quantum password management service system searches a mail encryption password M, a sender verification code alpha' and a mail message abstract gamma through the mail number;
s225: the quantum password management service system generates a receiver verification code beta by using the receiver information and the mail number provided by the receiver mail receiving and sending equipment, and compares whether the verification beta is consistent with a receiver verification code beta' stored in the quantum password management service system or not;
s226: the quantum cipher management service system finds a corresponding key D ' with a cipher sequence Z through a quantum security key stored in a quantum exchange cipher machine, encrypts a mail encryption cipher M, a mail message digest gamma ' and a sender verification code alpha ' stored in the quantum cipher management service system by using the key D ', and records the numerical values stored in the quantum cipher management service system as ' corresponding to the mail message digest gamma for the convenience of identification;
s227: the quantum password management service system sends the mail encryption password M and the mail message digest gamma ' which are encrypted by using the secret key D ' and the sender verification code alpha ' to the mail receiving and sending equipment of the receiving party;
s228: the mail receiving and sending device of the receiving party decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma'. Decrypting the encrypted mail content by using the mail encryption password M to obtain a mail body and a mail message digest gamma encrypted together with the mail body;
s229: the receiver compares the mail message digest γ ', the sender verification code α' and the mail message digest γ decrypted from the mail packet, and the sender verification code α ″ generated in step S222. If the two are not consistent, the encrypted mail is possible to be tampered or the sender is not trusted. If the mail is consistent with the mail, the mail is credible;
s230: and the receiver obtains the decrypted trusted mail.
The verification mode of the verification code is adopted:
1. the sender and the receiver do not need to send verification codes, and only the sender verification code is generated again according to the sender information and the mail number and compared with the sender verification code stored before, so that the sender is verified, and the sender information is prevented from being forged by others; or regenerating a recipient verification code according to the recipient information and the mail number, comparing the recipient verification code with the previously stored recipient verification code, verifying the recipient, and preventing an unauthorized user from obtaining the mail information; verifying the mail content to prevent the mail content from being tampered; therefore, the sender, the receiver and the mail can be verified, and the mail and the identity forgery can be prevented.
2. Meanwhile, the verification modes of the verification code are encrypted transmission, the transmission process is safe, the risk that the verification code is attacked by a man-in-the-middle is avoided, and the safety of mail receiving and sending is guaranteed.
3. The verification code at the platform side is generated according to the information, so that the risk of man-in-the-middle attack can be prevented.
4. The certificate code is automatically generated by the platform and the receiving and sending party without modifying and adapting the mailbox system, so the verification method has high applicability.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A quantum security key-based encryption method for sending mails is applied to mail sending equipment and is characterized in that: the method comprises the following steps:
s1', before sending the mail, the mail sending device carries out identity verification through the quantum password management service system, the mail sending device reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result;
s2', when the user needs to send the mail after logging in and authenticating in step S1, the sender needs to apply for obtaining the mail encryption key to the quantum password management service system by using the key preset in the quantum security chip.
2. The encryption method for sending mail based on quantum secure key according to claim 1, characterized in that: and after the symmetric entity identity authentication is started by using a mailbox program of the mail sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
3. The encryption method for sending mail based on quantum secure key according to claim 1, characterized in that: in step S1', the specific process of symmetric entity identity authentication is:
s11', the user opens the mailbox application on the mail sending device, inputs the account password to log in the mailbox application for authorization, and logs in the mailbox;
s12 ', the mail sending device uses GB/T15843.2 standard to authenticate the entity based on the symmetric key through the built-in quantum security chip and the quantum password management service system, and the step S2' is entered after the user logs in and authenticates.
4. The encryption method for sending mail based on quantum secure key according to claim 1, characterized in that: in step S1', the specific process of symmetric entity identity authentication is:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and a device physical address, and the good scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum password management service system, wherein the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system.
5. The encryption method for sending mail based on quantum secure key according to claim 1, characterized in that: the transmission encryption process of step S2' is:
s211', the sender uses the mail sending device to edit and complete the local mail locally;
s212', the mail sending equipment selects a secret key B with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to the quantum password management service system together, and applies for obtaining a mail encryption secret key;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key BB’
S215', the mail sending device receives the encrypted mail encryption password MB’Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216', the sender uses the Hash algorithm to generate a message digest gamma for the encrypted mail;
s217': the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using a mail encryption password M, and performs encryption transmission and storage by using the mail encryption password M;
s218': the mail sending equipment encrypts and sends the mail number, the recipient information, the recipient verification code beta and the message digest gamma to a quantum cipher management service system by using a quantum key with a sequence of Z + 1;
s219': the mail sending device sends the encrypted mail packet, the information of the receiving and sending person and the mail number to the mail system together.
6. The encryption method for sending mail based on quantum secure key according to any one of claims 1 to 5, characterized in that: the quantum security chip is a SIM card or a U disk.
7. The encryption method for sending mail based on quantum secure key according to any one of claims 1 to 5, characterized in that: the safety key in the quantum safety chip is built in advance, the quantum safety chip is filled in advance through a quantum key filling machine when the quantum safety chip sends a card, the quantum safety chips used are all provided with preset quantum passwords, each quantum safety chip is provided with a serial number, each quantum key is provided with a serial number, the serial number of the quantum safety chip and the serial number of the quantum key are provided, and the corresponding key can be found in the quantum exchange password machine.
8. The encryption method for sending mail based on quantum secure key according to any one of claims 1 to 5, characterized in that: the mail sending apparatus includes: the system comprises a mobile phone and a fixed device, wherein mailbox users and quantum security chips are bound in advance, and one mailbox user is bound with one quantum security chip.
9. An encryption system for sending mails based on quantum security keys is characterized in that: the method comprises the following steps:
the entity authentication module is used for verifying the identity of the mail sending equipment through the quantum password management service system before sending the mail, reading a quantum security key preset in a built-in quantum security chip and the quantum password management service system by the mail sending equipment to carry out symmetric entity identity authentication, and finally returning an authentication result;
the encryption key application and mail sending module is used for applying to obtain a mail encryption key to the quantum password management service system by using a key preset in the quantum security chip and sending the mail by a sender when the mail is sent;
wherein the entity authentication module comprises:
the login unit is used for sending an authentication request to the sub-security chip by the mail sending equipment after the user logs in;
the key returning unit is used for returning the quantum key and the sequence Z-1 of the quantum key to the mail sending equipment by the quantum security chip;
the authentication request unit is used for sending an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system by the mail sending equipment;
the mail sending equipment receives a certain good scheme which is sent by the quantum password management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and an equipment physical address, and is used for verifying that the quantum password management service system is the person;
the mail sending equipment verifies the sending unit, the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and the secret key corresponding to the quantum secret key sequence Z-1 is used for encrypting and sending the mail sending equipment to a quantum password management service system, and the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system after both the mail sending equipment and the quantum password management service system pass the verification.
10. The quantum-secure-key-based encryption system for sending mail according to claim 9, wherein: the encryption key application and mail sending module comprises:
the mail editing unit is used for editing the local mail locally by a sender by using mail sending equipment;
a mail encryption key application unit, wherein mail sending equipment selects a key B with a password sequence Z in a quantum security chip, sends a mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption key;
mail encryption password receiving unit, mail sending methodThe sending equipment receives an E-mail encryption password M which is returned by the quantum password management service system and encrypted by using a symmetric key BB’
A mail encryption password decryption unit, a mail sending device receives the encrypted mail encryption password MB’Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
a message digest generation unit, which is used by a sender to generate a message digest gamma by using a Hash algorithm on the encrypted mail;
an encrypted mail packet transmission unit, wherein the mail sending device uses a mail encryption password M to encrypt the local mail and the message digest gamma into an encrypted mail packet, and uses the mail encryption password M to carry out encryption transmission storage;
the mail information sending unit is used for encrypting and sending a mail number, recipient information, a recipient verification code beta and a message digest gamma to the quantum password management service system by using a quantum key with a sequence of Z +1 through mail sending equipment;
and the mail sending unit is used for sending the encrypted mail packet, the information of the receiving and sending person and the mail number to the mail system together by the mail sending equipment.
CN202110705150.2A 2021-06-24 2021-06-24 Method and system for encrypting sent mail based on quantum security key Active CN113452687B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110705150.2A CN113452687B (en) 2021-06-24 2021-06-24 Method and system for encrypting sent mail based on quantum security key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110705150.2A CN113452687B (en) 2021-06-24 2021-06-24 Method and system for encrypting sent mail based on quantum security key

Publications (2)

Publication Number Publication Date
CN113452687A true CN113452687A (en) 2021-09-28
CN113452687B CN113452687B (en) 2022-12-09

Family

ID=77812426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110705150.2A Active CN113452687B (en) 2021-06-24 2021-06-24 Method and system for encrypting sent mail based on quantum security key

Country Status (1)

Country Link
CN (1) CN113452687B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205084A (en) * 2022-02-16 2022-03-18 国网浙江省电力有限公司金华供电公司 Quantum key-based electronic mail multi-operation encryption method and device
CN114363838A (en) * 2021-12-30 2022-04-15 中国电信股份有限公司卫星通信分公司 Method for realizing satellite communication quantum key distribution through short message channel
CN116527259A (en) * 2023-07-03 2023-08-01 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095569A1 (en) * 2001-01-17 2002-07-18 Jerdonek Robert A. Apparatus for pre-authentication of users using one-time passwords
JP2006203559A (en) * 2005-01-20 2006-08-03 Mitsubishi Electric Corp Quantum cryptographic communication system and method
US20070079384A1 (en) * 2005-10-04 2007-04-05 Disney Enterprises, Inc. System and/or method for authentication and/or authorization
US20070156836A1 (en) * 2006-01-05 2007-07-05 Lenovo(Singapore) Pte. Ltd. System and method for electronic chat identity validation
US20070162961A1 (en) * 2005-02-25 2007-07-12 Kelvin Tarrance Identification authentication methods and systems
CN101150533A (en) * 2006-09-18 2008-03-26 联想(北京)有限公司 A secure system and method for multi-point mail push
US20080144836A1 (en) * 2006-12-13 2008-06-19 Barry Sanders Distributed encryption authentication methods and systems
CN101466079A (en) * 2009-01-12 2009-06-24 中兴通讯股份有限公司 Method, system and WAPI terminal for transmitting e-mail
CN102055685A (en) * 2010-12-21 2011-05-11 常熟理工学院 Method for encrypting webmail information
KR20110057448A (en) * 2009-11-24 2011-06-01 한국전자통신연구원 A method of user-authenticated quantum key distribution
US20140189808A1 (en) * 2012-12-28 2014-07-03 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
EP2764655A1 (en) * 2011-10-04 2014-08-13 Relative CC, SIA Method for determination of user's identity
CN105553648A (en) * 2014-10-30 2016-05-04 阿里巴巴集团控股有限公司 Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system
CN105763563A (en) * 2016-04-19 2016-07-13 浙江神州量子网络科技有限公司 Identity authentication method during quantum secret key application process
CN110138548A (en) * 2019-04-22 2019-08-16 如般量子科技有限公司 Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
CN110176989A (en) * 2019-05-15 2019-08-27 如般量子科技有限公司 Quantum communications service station identity identifying method and system based on unsymmetrical key pond
CN110266483A (en) * 2019-06-25 2019-09-20 如般量子科技有限公司 Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment
CN110380859A (en) * 2019-05-30 2019-10-25 如般量子科技有限公司 Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system
KR102021739B1 (en) * 2018-06-04 2019-11-05 채령 The product information data by quantum code and the quantum marking apparatus for prevention of forgery by x-y coordinate of hash function matrix and the product management system marked by quantum
CN110494842A (en) * 2017-01-27 2019-11-22 肖恩·哈钦森 Safety certification and Financial Attribute service
CN110493177A (en) * 2019-07-02 2019-11-22 如般量子科技有限公司 Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN110535626A (en) * 2019-07-16 2019-12-03 如般量子科技有限公司 The quantum communications service station secret communication method and system of identity-based
CN110677253A (en) * 2019-08-28 2020-01-10 如般量子科技有限公司 Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095569A1 (en) * 2001-01-17 2002-07-18 Jerdonek Robert A. Apparatus for pre-authentication of users using one-time passwords
JP2006203559A (en) * 2005-01-20 2006-08-03 Mitsubishi Electric Corp Quantum cryptographic communication system and method
US20070162961A1 (en) * 2005-02-25 2007-07-12 Kelvin Tarrance Identification authentication methods and systems
US20070079384A1 (en) * 2005-10-04 2007-04-05 Disney Enterprises, Inc. System and/or method for authentication and/or authorization
US20070156836A1 (en) * 2006-01-05 2007-07-05 Lenovo(Singapore) Pte. Ltd. System and method for electronic chat identity validation
CN101150533A (en) * 2006-09-18 2008-03-26 联想(北京)有限公司 A secure system and method for multi-point mail push
US20080144836A1 (en) * 2006-12-13 2008-06-19 Barry Sanders Distributed encryption authentication methods and systems
CN101466079A (en) * 2009-01-12 2009-06-24 中兴通讯股份有限公司 Method, system and WAPI terminal for transmitting e-mail
KR20110057448A (en) * 2009-11-24 2011-06-01 한국전자통신연구원 A method of user-authenticated quantum key distribution
CN102055685A (en) * 2010-12-21 2011-05-11 常熟理工学院 Method for encrypting webmail information
EP2764655A1 (en) * 2011-10-04 2014-08-13 Relative CC, SIA Method for determination of user's identity
US20140189808A1 (en) * 2012-12-28 2014-07-03 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
CN105553648A (en) * 2014-10-30 2016-05-04 阿里巴巴集团控股有限公司 Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system
CN105763563A (en) * 2016-04-19 2016-07-13 浙江神州量子网络科技有限公司 Identity authentication method during quantum secret key application process
CN110494842A (en) * 2017-01-27 2019-11-22 肖恩·哈钦森 Safety certification and Financial Attribute service
KR102021739B1 (en) * 2018-06-04 2019-11-05 채령 The product information data by quantum code and the quantum marking apparatus for prevention of forgery by x-y coordinate of hash function matrix and the product management system marked by quantum
CN110138548A (en) * 2019-04-22 2019-08-16 如般量子科技有限公司 Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
CN110176989A (en) * 2019-05-15 2019-08-27 如般量子科技有限公司 Quantum communications service station identity identifying method and system based on unsymmetrical key pond
CN110380859A (en) * 2019-05-30 2019-10-25 如般量子科技有限公司 Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system
CN110266483A (en) * 2019-06-25 2019-09-20 如般量子科技有限公司 Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment
CN110493177A (en) * 2019-07-02 2019-11-22 如般量子科技有限公司 Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN110535626A (en) * 2019-07-16 2019-12-03 如般量子科技有限公司 The quantum communications service station secret communication method and system of identity-based
CN110677253A (en) * 2019-08-28 2020-01-10 如般量子科技有限公司 Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
WANG HE等: "Authenticated Quantum Dialogue Without Information Leakage", 《CHINESE JOURNAL OF ELECTRONICS》 *
周楝淞等: "身份认证技术及其发展趋势", 《通信技术》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363838A (en) * 2021-12-30 2022-04-15 中国电信股份有限公司卫星通信分公司 Method for realizing satellite communication quantum key distribution through short message channel
CN114205084A (en) * 2022-02-16 2022-03-18 国网浙江省电力有限公司金华供电公司 Quantum key-based electronic mail multi-operation encryption method and device
CN116527259A (en) * 2023-07-03 2023-08-01 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network
CN116527259B (en) * 2023-07-03 2023-09-19 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network

Also Published As

Publication number Publication date
CN113452687B (en) 2022-12-09

Similar Documents

Publication Publication Date Title
CN113285803B (en) Mail transmission system and transmission method based on quantum security key
CN113346995B (en) Method and system for preventing falsification in mail transmission process based on quantum security key
CN113452687B (en) Method and system for encrypting sent mail based on quantum security key
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN109962784A (en) A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope
CN111615105B (en) Information providing and acquiring method, device and terminal
CN105553654B (en) Key information processing method and device, key information management system
CN101631305B (en) Encryption method and system
CN113630407B (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN113472793B (en) Personal data protection system based on hardware password equipment
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN108809633B (en) Identity authentication method, device and system
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN113204760B (en) Method and system for establishing secure channel for software cryptographic module
CN113079022B (en) Secure transmission method and system based on SM2 key negotiation mechanism
JP2008535427A (en) Secure communication between data processing device and security module
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN113918967A (en) Data transmission method, system, computer equipment and medium based on security check
CN111917543A (en) User access cloud platform security access authentication system and application method thereof
CN114553441A (en) Electronic contract signing method and system
CN113438074B (en) Decryption method of received mail based on quantum security key
CN114650181A (en) E-mail encryption and decryption method, system, equipment and computer readable storage medium
CN112822015A (en) Information transmission method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant