CN113452687B - Method and system for encrypting sent mail based on quantum security key - Google Patents
Method and system for encrypting sent mail based on quantum security key Download PDFInfo
- Publication number
- CN113452687B CN113452687B CN202110705150.2A CN202110705150A CN113452687B CN 113452687 B CN113452687 B CN 113452687B CN 202110705150 A CN202110705150 A CN 202110705150A CN 113452687 B CN113452687 B CN 113452687B
- Authority
- CN
- China
- Prior art keywords
- quantum
- key
- sending
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Abstract
The invention provides an encryption method for sending mails based on a quantum security key, which is applied to mail sending equipment and comprises the following steps: s1', before sending an email, an email sending device carries out identity verification through a quantum password management service system, reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result; s2' after the user finishes the login authentication in the step S1 and needs to send the mail, the sender needs to use the key preset in the quantum security chip to apply for obtaining the mail encryption key to the quantum password management service system. By adopting the technical scheme, the threat of the increasingly severe environment of network attack to the mailbox sending environment is solved, the security threat brought by future quantum computers and quantum algorithms is prevented, and the scheme is easy to realize.
Description
Technical Field
The application belongs to the field of safety application products, and particularly relates to a quantum key-based mail sending method.
Background
At present, the increasingly severe environment of network attacks threatens the mailbox transceiving environment, including: the method comprises the following steps of identifying an identity authentication problem of an email receiving and sending entity, stealing email content in the process of email transmission and storage, and possibly solving the problems of sender and receiver tampering and email information tampering in the process of email transmission.
The patent application with the application date of 2019.09.24 and the application number of CN201910904251.5 discloses a mail system and a transmitting and receiving method based on quantum digital signature, and in order to ensure the authenticity of transmitted information, the signature of the message is usually carried out through a specific signature algorithm (such as a Hash algorithm) before the information is transmitted. And attaching the calculated signature information to the message and sending the message to the server, then carrying out the same calculation on the content of the acquired message by the receiving end, and comparing the calculated result with the signature information carried behind the sending end. If the two are the same, the message content is not tampered, otherwise, the message is possibly tampered. The system in this application employs a three-layer structure: a physical layer, a key layer and an application layer; the physical layer is a key generation terminal and is responsible for generating a key string for signing in real time; the key layer is used for storing the key string generated by the physical layer and providing the required key for the upper application layer when required; the application layer is a software part for sending and receiving mail system, and encrypts the information to be sent by extracting the key generated by the physical layer from the key layer. The mail receiving and sending method comprises a quantum key distribution stage, a mail signing stage and a signature verification stage. Compared with the algorithm signature, the invention more powerfully guarantees the safety of the mail encrypted by the sub-digital signature. But the method omits a complex signature cryptographic algorithm, uses a quantum digital signature mode, improves the authenticity and non-repudiation of the mail according to the quantum mechanics principle, but does not improve the encryption security of the mail. Meanwhile, the quantum key is required to be exchanged between terminals of an application layer, the exchange process of the quantum key is not described in detail, and the key is exposed in the exchange process.
An application date is 2019.04.24, and an application number is CN201910331987.8, and discloses a mail secure transmission method based on a quantum key public cloud service platform, which relates to the technical field of quantum secret communication and comprises the following steps: the quantum key public cloud service platform acquires and stores the quantum key from the quantum key distribution QKD equipment; negotiating between a client A and a client B which are to be subjected to mail transmission to generate a pairing verification code; the client A and the client B send a request message for downloading the quantum key to the public cloud service platform of the quantum key; the quantum key public cloud service platform receives request messages for downloading the quantum keys, sent by a middle client A and a client B, matches verification codes, distributes the quantum keys if the pairing is successful, enters the next step, and prompts pairing errors if the pairing is failed; the client A encrypts and sends the mail to the public mail server, and the client B receives and decrypts the encrypted mail from the public mail server. The invention realizes the absolute safety of the transmission of the encrypted information of the e-mail in the network. The patent uses the random method in JAVA to generate pseudo random numbers, i.e. its random number is generated by a pseudo random number generator. In the method, the quantum key is generated into a quantum key compression packet, a receiving and sending part carries out downloading and decompression to obtain the quantum key, and the security of the compression and sending process is not credible. In addition, the client AB both sides send verification codes, and the platform compares the verification codes, so that the security risk is extremely high, and the client AB can be attacked by a man-in-the-middle.
Future quantum computers and quantum algorithms may also pose security threats, including: the public key cryptographic algorithm based on the big factorization problem is decoded, and the security threat brought by a quantum computer and the threat of the quantum algorithm to the existing cryptographic system are realized.
And the existing mail transmission system also needs a large amount of participation of a third party, which can increase the labor cost.
Disclosure of Invention
The invention aims to solve the technical problem of how to solve the threat of the increasingly severe environment of network attack to the environment of sending mails by mailboxes.
The invention provides an encryption method for sending mails based on a quantum security key, which is applied to mail sending equipment and comprises the following steps:
s1', before sending an email, an email sending device carries out identity verification through a quantum password management service system, reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result;
s2', after the user finishes the login authentication in the step S1 and needs to send the mail, the sender needs to use a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system.
By adopting the technical scheme, the threat of the increasingly severe network attack environment to the mailbox transceiving environment is solved, and particularly the identity authentication problem of the mail sending equipment entity is solved: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
By adopting the technical scheme, the security threat brought by future quantum computers and quantum algorithms is prevented, and particularly the problem that the public key cryptographic algorithm based on the factorization problem is decoded is prevented: using quantum symmetric keys, cannot be deciphered by factorization;
the technical scheme is easy to realize, the quantum security chip is a feasible existing technology, and the security authentication based on the quantum symmetric key is also an realizable technology.
As an optimized technical scheme, after the symmetric entity identity authentication is started by using a mailbox program of mail sending equipment, a quantum security chip is automatically called to complete the identity authentication of a symmetric key based on a quantum security key.
As an optimized technical scheme, in step S1', the specific process of identity authentication of the symmetric entity is as follows:
s11', the user opens the mailbox application on the mail sending equipment, inputs the account number and the password to carry out login authorization of the mailbox application, and logs in the mailbox;
s12', the mail sending equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and the step S2' is performed after the user login authentication is completed.
As an optimized technical solution, in step S1', the specific process of identity authentication of the symmetric entity is as follows:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the vector sub security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and a device physical address, and the good scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum password management service system, wherein the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system.
As an optimized technical solution, the sending encryption process of step S2' is:
s211', the sender uses the mail sending equipment to locally edit and complete the local mail;
s212', the mail sending equipment selects a secret key B with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to the quantum password management service system together, and applies for obtaining a mail encryption secret key;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key B B’ ;
S215', the mail sending device receives the encrypted mail encryption password M B’ Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216', the sender uses the Hash algorithm to generate a message digest gamma for the encrypted mail;
s217': the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using a mail encryption password M, and performs encryption transmission and storage by using the mail encryption password M;
s218': the mail sending equipment encrypts and sends the mail number, the recipient information, the recipient verification code beta and the message digest gamma to a quantum cipher management service system by using a quantum key with a sequence of Z + 1;
s219': the mail sending device sends the encrypted mail packet, the information of the receiving and sending person and the mail number to the mail system together.
As an optimized technical scheme, the quantum security chip is an SIM card or a U disk.
As an optimized technical scheme, a safety key in a quantum safety chip is pre-built, the quantum safety chip is filled in advance through a quantum key filling machine when the quantum safety chip issues a card, the used quantum safety chips are all provided with preset quantum passwords, each quantum safety chip is provided with a serial number, each quantum key is provided with a serial number, the serial number of the quantum safety chip and the serial number of the quantum key are provided, and the corresponding key can be found in a quantum exchange password.
As an optimized technical solution, the mail sending device includes: the system comprises a mobile phone and a fixed device, wherein mailbox users and quantum security chips are bound in advance, and one mailbox user is bound with one quantum security chip.
The invention also provides an encryption system for sending the mail based on the quantum secure key corresponding to the encryption method, which comprises the following steps:
the entity authentication module is used for verifying the identity of the mail sending equipment through the quantum password management service system before sending the mail, reading a quantum security key preset in a built-in quantum security chip and the quantum password management service system by the mail sending equipment to carry out symmetric entity identity authentication, and finally returning an authentication result;
the encryption key application and mail sending module is used for applying to obtain a mail encryption key to the quantum password management service system by using a key preset in the quantum security chip and sending the mail by a sender when the mail is sent;
wherein the entity authentication module comprises:
the login unit is used for sending an authentication request to the sub-security chip by the mail sending equipment after the user logs in;
the key returning unit is used for returning the quantum key and the sequence Z-1 of the quantum key to the mail sending equipment by the quantum security chip;
the authentication request unit is used for sending an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system by the mail sending equipment;
the mail sending equipment receives a certain good scheme which is sent by the quantum password management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and an equipment physical address, and is used for verifying that the quantum password management service system is the person;
the mail sending equipment verifies the sending unit, the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and the secret key corresponding to the quantum secret key sequence Z-1 is used for encrypting and sending the mail sending equipment to a quantum password management service system, and the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system after both sides pass the verification.
As an optimized technical scheme, the encryption key application and mail sending module comprises:
the mail editing unit is used for locally editing and finishing a local mail by a sender by using mail sending equipment;
a mail encryption key application unit, wherein mail sending equipment selects a key B with a password sequence Z in a quantum security chip, sends a mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption key;
a mail encryption password receiving unit, a mail sending device receives a mail encryption password M which is returned by the quantum password management service system and encrypted by using a symmetric key B B’ ;
A mail encryption password decryption unit, the mail sending device receives the encrypted mail encryption password M B’ Then, a key B which is symmetrical to the symmetrical key B' is used for decryption to obtain a mail encryption password M;
a message digest generation unit, which is used by a sender to generate a message digest gamma by using a Hash algorithm on the encrypted mail;
an encrypted mail packet transmission unit, wherein the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using a mail encryption password M, and performs encryption transmission and storage by using the mail encryption password M;
the mail information sending unit is used for encrypting and sending a mail number, recipient information, a recipient verification code beta and a message digest gamma to the quantum password management service system by using a quantum key with a sequence of Z +1 by using mail sending equipment;
and the mail sending unit is used for sending the encrypted mail packet, the information of the sender and the mail number to the mail system together by the mail sending equipment.
The invention has the advantages that:
1. the invention uses the quantum password management service system to carry out identity authentication and distribute the mail encryption password, thereby increasing the security.
(1) The threat of the increasingly severe environment of network attack to the mailbox receiving and sending environment is solved:
(1) the identity authentication problem of the mail receiving and sending entity is solved: and carrying out identity authentication by using a quantum symmetric key built in the quantum security chip, and authenticating one key at a time.
(2) The problem that the mail content is stolen in the mail transmission and storage processes is solved: the mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key which is generated by a quantum password management service system and is safely issued through a quantum password technology. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
(3) The problems of sender and receiver tampering and mail content tampering possibly existing in the mail transmission process are solved: the quantum password management service system can carry out verification code authentication on the sender and the receiver, so as to ensure the authenticity of the sender and the receiver. The entities use a Hash algorithm (such as a national secret SM 3) to digest the message of the mail content, use the mail encryption password to encrypt, transmit and store in a one-time pad mode, and check after decrypting the mail to avoid the risk of tampering the content.
(2) The security threat brought by future quantum computers and quantum algorithms is prevented;
(1) the problem that the public key cryptographic algorithm based on the large factorization puzzle is decoded is solved: using quantum symmetric keys, cannot be deciphered by factorization;
(2) the method can prevent the security threat brought by quantum computers appearing in the future: the quantum security password is used for encryption transmission, and the transmission process is completely safe and credible theoretically;
(3) the method prevents the threat of quantum algorithm which possibly appears in the future to the existing cryptosystem: the quantum security password is used for encrypted transmission, and the quantum security key is a true random number generated by a quantum random number generator and cannot be deciphered through an algorithm.
(3) Third party issuance and certification without digital certificates;
(1) the certification-free authentication method is provided, and the participation of a third party is reduced: and the entity authentication of both users is carried out by using an entity authentication protocol based on a symmetric password without a third party issuing a certificate. The number of participants in the process is reduced, and the risk of the three-party agreement is reduced.
2. Easy to realize, strong universality and good ductility
(1) The development technology is easy to realize
The quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the mail encryption password for encrypting the mail can be generated by using a quantum random number, the technology is mature, and the security is high.
(2) Strong universality and good ductility
The invention has few places for reforming the mailbox system, mainly improves the safety by adding a quantum key service system and has strong universality. The invention can be integrated on a quantum security service platform, provides a functional interface for the outside and has good ductility.
3. Economic benefits
(1) The network security capability is obviously improved
The invention can defend against the existing attack mode and possible quantum computing threat in the future, and can greatly reduce the economic loss caused by information leakage.
(2) Mailbox security service upgrade
The invention can greatly enhance the safety of the mail and provide a better and safer mail communication service. If the mail system of the existing 3W user (10 Yuan/month) is modified, the income revenue before modification is 30 Yuan/month, the service upgrade monthly lease after modification is 15 Yuan/month, and the income revenue after modification is 45W/month.
(3) Low reconstruction cost
The invention can be modified on the existing system, the platform side has almost no modification amount, the application end is only needed to be butted, and the modification cost is low.
Drawings
FIG. 1 is a system architecture diagram for authenticating and encrypting mailboxes based on quantum secure keys according to an embodiment of the present invention;
FIG. 2 is a timing diagram illustrating the operation of a system for authenticating and encrypting a mailbox based on a quantum security key according to an embodiment of the present invention;
FIG. 3 is a flow chart of login authentication in an embodiment of the invention;
FIG. 4 is a detailed flowchart of identity authentication according to an embodiment of the present invention;
FIG. 5 is a flow chart of transmit encryption in an embodiment of the present invention;
FIG. 6 is a storage flow diagram of a quantum key management service system in an embodiment of the invention;
FIG. 7 is a storage flow diagram of a mail system in an embodiment of the present invention;
fig. 8 is a reception decryption flow chart in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment discloses an encryption method for sending an email based on a quantum security key, which is applied to email sending equipment
The embodiment discloses an encryption method for sending an email based on a quantum security key, which is applied to email sending equipment.
And the mail sending equipment is used for sending mails and internally or externally connected with a quantum security chip.
Quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, and the quantum security chip can be forms such as SIM card or USB flash disk, and the security key in the quantum security chip is built-in advance, just fills in advance through quantum key filler when the quantum security chip hairpin, and the quantum security chip of use all has preset quantum password, and the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cryptograph as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail sending apparatus includes: the method includes that a mailbox user needs to be bound with a quantum security chip in advance, only the mailbox binding user can send mails by using mail sending equipment with the quantum security chip built in, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for safety, it is preferable that a mailbox user is bound to a quantum security chip, that is, the mailbox user cannot use the mailbox after replacing the mail sending device, or the mailbox user cannot use the mailbox after replacing the mail sending device.
The quantum safety key based encryption method for sending the mail is applied to mail sending equipment and comprises the following steps:
s1', before sending the mail, the mail sending equipment carries out identity verification through the quantum password management service system, reads a quantum security key preset in a quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result.
And after the symmetric entity identity authentication can be started by using a mailbox program of the mail sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
The specific process of the identity authentication of the symmetric entity is as follows:
s11', a user opens a mailbox application on mail sending equipment, inputs an account password to carry out login authorization of the mailbox application, and logs in a mailbox;
s12', the mail sending equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and the step S2' is performed after the user logs in and authenticates;
in actual operation, if entity authentication is performed again during each login, the entity authentication process is complex and long in time consumption, and the user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required during multiple logins within the login validity period, and the specific steps are as follows:
s12' a, detecting whether a quantum security chip built in the mail sending equipment is in the login validity period of a quantum password management service system, directly entering the step S2 in the validity period, and if not, carrying out entity authentication on the mail sending equipment by using a GB/T15843.2 standard based on a symmetric key through the built-in quantum security chip and the quantum password management service system;
and S12' b, completing the login authentication process of the user, wherein the login valid period of the quantum password management service system can be set to be one month after each authentication.
In the step S12' a, if the quantum security chip built in the mail sending device is bound with the mail user one by one, it may also be detected whether the mail user is in the validity period.
The mail sending equipment performs entity authentication by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system based on a symmetric key, and comprises the following specific steps:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by the key corresponding to the quantum key sequence Z-1, such as a time stamp and a device physical address, and the scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a time stamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum secret key management service system, wherein the quantum secret key management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and step S126', after both sides pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system.
The quantum symmetric key preset by the quantum secure chip is used for identity authentication, the quantum symmetric key is initially filled and preset by a quantum key filling machine when the quantum secure chip is sent, and one key is authenticated at one time, so that the problem of identity authentication of a mail sending entity is solved, and a third party for issuing a certificate is not required. The number of the participators in the process is reduced, and the risk of the three-party agreement is reduced;
s2' after the user finishes the login authentication in the step S1 and needs to send the mail, the sender needs to use the key preset in the quantum security chip to apply for obtaining the mail encryption key to the quantum password management service system and send the mail.
Specifically, the sending encryption process is as follows:
s211', the sender uses the mail sending device to edit and complete the local mail locally;
s212', assuming that the sent mail is sent for the first time after authentication, the mail sending equipment selects a secret key B with a password sequence Z in a quantum security chip, sends the mail number and the password sequence Z together to a quantum password management service system, applies for obtaining a mail encryption secret key, which serves as an optional rule, the secret keys in all the quantum security chips are used according to the secret key sequence, if the sequence used during authentication is the secret key Z-1, the sequence selected for the time is the secret key Z, the sequence selected for the next time is Z +1, the used secret keys are discarded, and of course, other sequences can be used;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key B B’ ;
S215', the mail sending device receives the encrypted mail encryption password M B’ Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216', the sender uses Hash algorithm to generate a message digest gamma for the encrypted mail, thereby avoiding the risk of content tampering;
s217': the mail sending equipment encrypts the local mail and the message digest gamma together into an encrypted mail packet by using the mail encryption password M, and encrypts, transmits and stores the local mail and the message digest gamma by using the mail encryption password M so as to further avoid the risk of content tampering;
s218': the mail sending device encrypts and sends a mail number, recipient information, a recipient verification code beta and a message digest gamma to a quantum password management service system by using a quantum key with a sequence of Z +1, wherein the quantum password management service system stores the corresponding relation between a sender and a mail, the recipient verification code stored in the quantum password management service system is represented as beta ', the recipient verification code is used for preventing the recipient information from being distorted in a plaintext transmission process (the recipient information needs plaintext transmission), the recipient verification code is generated by the recipient information and the mail number through a Hash algorithm and is sent to the quantum password management service system, when the identity of the recipient is verified, the quantum password service management system can enable the recipient information (the recipient requesting the recipient) and the mail number to generate the recipient verification code again by using the same algorithm and compare the previously stored verification codes, so that the identity of the recipient is changed, the relation between beta' and the sender is set as a corresponding account/a sender of the mail, and the sender are bound as a corresponding account of the mail sending device;
s219': the mail sending equipment sends the encrypted mail packet, the information of the sender and the mail number to the mail system, the mail system receives the encrypted mail and stores the encrypted mail, the mail system can receive the non-encrypted mail and the encrypted mail, and the mail system stores the encrypted mail packet, the information of the sender and the mail number.
The mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key generated by the quantum password management service system. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
As can be seen from the above mail sending process, the whole mail sending process always consumes three keys. (1) Is used for identity authentication; (2) used for obtaining the mail encryption key; (3) the system is used for sending the mail information to the quantum password management service system safely.
The quantum password management service system realizes data interaction with the mailbox system and the quantum security chip through the network respectively and is used for providing a mail encryption key and an identity authentication function.
Embodiment two mail transmission method based on quantum security key
This embodiment is a mail transmission and reception method that employs the encryption method of the transmission mail of the first embodiment, and includes transmission and reception processes.
As shown in fig. 1, this embodiment discloses a method for transmitting a quantum-secure-key-based email, which uses a quantum-secure-key-based email transmission system, and the system includes:
the mailbox system is used for providing the function of sending and receiving mails;
the quantum random number generator is used for generating a quantum key;
the quantum exchange cipher machine receives a quantum key sent by the quantum random number generator and is used for providing key service, a key is stored in the quantum exchange cipher machine in advance, the key is the key pre-generated by the quantum random number generator and is stored in the quantum exchange cipher machine, and the key in the quantum safety chip is a symmetric key;
the quantum key filling machine is connected with the output end of the quantum exchange cipher machine and is used for filling the quantum key;
the quantum password management service system is respectively in data interaction with the mailbox system and the quantum security chip through a network, is directly connected with the quantum password switch and is used for providing a mail encryption key and an identity authentication function;
quantum security chip, storage quantum security key, the security key in the quantum security chip carries out the authentication of symmetric entity through network and quantum password management service system, and the quantum security chip can be forms such as SIM card or USB flash disk, and the security key in the quantum security chip is built-in advance, just fills in advance through quantum key filler when the quantum security chip hairpin, and the quantum security chip of use all has preset quantum password, and the principle is promptly: the quantum security chip is initialized before use (pre-charging password), the quantum security chip is charged with quantum security keys through a quantum password charging machine, and the charged keys of each quantum security chip and the keys preset in the quantum exchange password machine are symmetric keys (namely keys corresponding to one another). Each quantum security chip has a number, each quantum key has a serial number, and the corresponding key can be found in the quantum exchange cipher machine as long as the number of the quantum security chip and the serial number of the quantum key are provided;
the mail receiving and sending device is used for receiving and sending mails, the quantum security chip is internally or externally connected with the mail receiving and sending device, and the mail receiving and sending device comprises: the mailbox user needs to be bound with the quantum security chip in advance, only the mailbox binding user can send mails by using the mail receiving and sending device with the quantum security chip built in, theoretically, one quantum security chip can bind a plurality of mailbox users, or one mailbox user can be bound with a plurality of quantum security chips. However, for security, it is preferable that a mailbox user is bound with a quantum security chip, that is, the mailbox user is not available after replacing the mail sending and receiving device, or the mailbox user is not available after replacing the mail sending and receiving device.
As shown in fig. 2, the method for transmitting the mail based on the quantum security key includes the following steps:
s1, before sending or receiving the mail, the mail sending and receiving equipment carries out identity verification through a quantum password management service system, reads a quantum security key preset in a quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result.
The identity authentication of the symmetric entity can be started by using a mailbox program of the mail receiving and sending equipment, and then the quantum security chip is automatically called to finish the identity authentication of the symmetric key based on the quantum security key.
As shown in fig. 3, the specific process of symmetric entity identity authentication is as follows:
s11, a user opens a mailbox application on the mail receiving and sending equipment, inputs an account number and a password to carry out login authorization of the mailbox application, and logs in a mailbox;
s12, the mail receiving and sending equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and the step S2 is performed after the user logs in and authenticates;
in actual operation, if entity authentication is performed again in each login, the entity authentication process is complex and long-consuming, and user experience is poor, so that as an optimal scheme, a login validity period is set, and entity authentication is not required in multiple logins within the login validity period, and the specific steps are as follows:
s12a, detecting whether a quantum security chip built in the mail receiving and sending equipment is in a login validity period of a quantum password management service system, directly entering the step S2 in the validity period, and if not, using a GB/T15843.2 standard to perform entity authentication based on a symmetric key by the mail receiving and sending equipment through the built-in quantum security chip and the quantum password management service system;
and S12b, completing the login authentication process of the user, wherein the login valid period of the quantum password management service system can be set to be one month after each authentication.
In the step S12a, if the quantum security chip built in the e-mail receiving and sending device is bound with the e-mail user one by one, it may also be detected whether the e-mail user is in the validity period.
Referring to fig. 4, the specific steps of the mail receiving and sending device using the GB/T15843.2 standard to perform entity authentication based on a symmetric key through the built-in quantum security chip and the quantum cryptography management service system are as follows:
step S121, after the user logs in, the mail receiving and sending device automatically sends an authentication request to the sub-security chip;
s122, the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail receiving and sending device;
step S123, the mail receiving and sending device sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
s124, the quantum cipher management service system searches a cipher key corresponding to the quantum cipher key sequence Z-1 through a quantum cipher key exchange cipher machine;
step S125, the quantum key exchange cipher machine returns a key corresponding to the quantum key sequence Z-1, namely a symmetric key to the quantum key management service system;
step S126, the quantum password management service system adopts a certain good scheme such as a timestamp and an equipment physical address, encrypts and sends a key corresponding to the quantum key sequence Z-1 to the mail receiving and sending equipment for verifying that the quantum password management service system is the person;
step S127, the mail receiving and sending device adopts a certain good scheme such as a time stamp and a device physical address, and uses the key encryption corresponding to the quantum key sequence Z-1 to send to a quantum password management service system for verifying that the mail receiving and sending device is the owner and is not an application for resending after intercepting information by others;
and S128, after both parties pass the verification, the quantum password management service system encrypts and sends an authentication result to the mail receiving and sending equipment.
The quantum symmetric key preset by the quantum secure chip is used for identity authentication, the quantum symmetric key is initially filled and preset by a quantum key filling machine when the quantum secure chip is sent, and one key is authenticated at one time, so that the problem of identity authentication of a mail receiving and sending entity is solved, and a third party for issuing a certificate is not required. The number of participants in the process is reduced, and the risk of the three-party protocol is reduced;
s2, after the user finishes login authentication in the step S1 and needs to send and receive mails, the sender needs to use a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system, the quantum password management service system encrypts the mail encryption key by using a preset symmetric key with the key preset in the quantum security chip and sends the encrypted mail encryption key to the receiver, the mail system receives the mails encrypted by the mail encryption key and stores the mails in a platform, and the receiver can decrypt the mail encryption key by using the quantum security key built in the mail sending and receiving equipment to obtain the mail encryption key.
Specifically, as shown in fig. 5 to 7, the transmission encryption process is:
s211, the sender uses the sending end mail receiving and sending equipment to edit the local mail locally;
s212, supposing that the sent email is sent for the first time after authentication, the email sending and receiving equipment of the sending party selects a secret key B with a password sequence Z in a quantum security chip, sends the email number and the password sequence Z together to a quantum password management service system, applies for obtaining an email encryption secret key, wherein the secret key is used as an optional rule, the secret keys in all the quantum security chips are used according to the secret key sequence, if the sequence used during authentication is a secret key of Z-1, the secret key with the sequence Z is selected for the current time, the sequence of the secret key selected for the next time is Z +1, the used secret key is discarded, of course, other sequences can be adopted, and if the sent email is sent for the first time after non-authentication, the secret keys of the password sequences in corresponding sequences can be used;
s213, the quantum cipher management service system uses a quantum random number generator to generate a safe random mail encryption cipher M, finds a symmetric cipher key B 'with a cipher sequence Z by using a quantum secure cipher key stored in a quantum exchange cipher machine, encrypts the mail encryption cipher M by using the symmetric cipher key B', and generates an encrypted mail encryption cipher M B’ ;
S214, the quantum password management service system encrypts the mail encryption password M encrypted by using the symmetric key B B’ Sending the information to a mail receiving and sending device of a mail sender;
s215, the mail transmitting-receiving device of the sender receives the encrypted mail encryption password M B’ Decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216, the sender uses a Hash algorithm to generate a message digest gamma for the encrypted mail, so that the content tampering risk is avoided;
s217: the mail receiving and sending equipment of the sender uses the mail encryption password M to encrypt the local mail and the message digest gamma into an encrypted mail packet, and uses the mail encryption password M to carry out encryption transmission and storage, so that the risk of content tampering is further avoided;
s218: the sender-side mail receiving and sending device encrypts and sends a mail number, recipient information, a recipient verification code beta and a message digest gamma to a quantum secret key symmetric C with the sequence of Z +1 and sends the encrypted mail number, the recipient verification code, as shown in FIG. 5, is stored in the quantum secret key management service system, the recipient verification code stored in the quantum secret key management service system is represented as beta ', the recipient verification code is used for preventing the recipient information from being tampered in the plaintext transmission process (the recipient information needs plaintext transmission), the recipient verification code is generated by the recipient information and the mail number through a Hash algorithm and is sent to the quantum secret key management service system, when the identity of the recipient is verified, the quantum secret key management system can enable the recipient information (the recipient requesting the recipient) and the mail number to generate the recipient verification code again through the same algorithm, the verification codes stored in the past are compared, the identity of the recipient is verified, the relation between beta and beta' is that beta is stored after the sender is stored in the quantum secret key management service system, the relation between the sender information and the recipient verification code is the same, the recipient verification code is set in the sending and receiving information, but the account number/receiving information is also set as a binding account number of the sender/receiving and the sending-side device, so that the sender-side mail can be bound by the sender-side mail;
s219: the quantum password management service system generates a sender verification code alpha' according to the mail number and the information of the sender authenticated in the step S1;
s220: the sender email transceiver sends the encrypted email packet, the sender receiving information and the email number to the email system, the email system receives the encrypted email and stores the encrypted email, the email system can receive the non-encrypted email and also receive the encrypted email, as shown in fig. 5, the email system stores the encrypted email packet, the sender receiving information and the email number.
The mail is transmitted in a ciphertext mode, the ciphertext is stored, and the encryption key is a quantum true random key generated by the quantum password management service system. Even if the mail is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information.
As can be seen from the above mail sending process, the whole mail sending process always consumes three keys. (1) Is used for identity authentication; (2) used for obtaining an email encryption key; (3) the system is used for sending the mail information to the quantum password management service system.
As shown in fig. 8, the receiving decryption process is:
after the user logs in the mailbox by using the mail receiving and sending equipment of the receiving party and finishes identity authentication, clicking the receiving mail, receiving the encrypted mail sent by other people and triggering a key acquisition process. If the receiving party mail receiving and sending equipment has passed the identity authentication process of the step S1, the receiving party mail sending and receiving equipment can directly click to receive the mail, if not, the identity authentication is required to be completed according to the steps S11-S13, the quantum password management service system sends the encryption of the mail to the receiving party mail receiving and sending equipment by using a secret key stored in a quantum exchange password machine by the receiving party mail sending and receiving equipment, and the receiving party mail sending and receiving equipment carries out decryption reading locally.
The method comprises the following specific steps:
s221: the mail receiving and sending equipment of the receiving party receives the encrypted mail from the mailbox system, and the encrypted mail comprises an encrypted mail packet, sender receiving information and a mail number;
s222: the mail receiving and sending equipment of the receiving party generates a sender verification code alpha according to the sender information and the mail number;
s223: the mail receiving and sending equipment of the receiver selects a secret key D with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption secret key;
s224: the quantum password management service system searches a mail encryption password M, a sender verification code alpha' and a mail message abstract gamma through the mail number;
s225: the quantum password management service system generates a receiver verification code beta by using the receiver information and the mail number provided by the receiver mail receiving and sending equipment, and compares whether the verification beta is consistent with a receiver verification code beta' stored in the quantum password management service system or not;
s226: the quantum cipher management service system finds a corresponding key D ' with a cipher sequence Z through a quantum security key stored in a quantum exchange cipher machine, encrypts a mail encryption cipher M, a mail message digest gamma ' and a sender verification code alpha ' stored in the quantum cipher management service system by using the key D ', and records the numerical values stored in the quantum cipher management service system as ' corresponding to the mail message digest gamma for the convenience of identification;
s227: the quantum password management service system sends the mail encryption password M and the mail message digest gamma ' which are encrypted by using the secret key D ' and the sender verification code alpha ' to the mail receiving and sending equipment of the receiving party;
s228: the mail receiving and sending device of the receiving party decrypts the encrypted mail encryption password M by using the local symmetric key D to obtain the mail encryption password M, the sender verification code alpha 'and the mail message digest gamma'. Decrypting the encrypted mail content by using the mail encryption password M to obtain a mail body and a mail message digest gamma encrypted together with the mail body;
s229: the receiver compares the mail message digest γ ', the sender verification code α' and the mail message digest γ decrypted from the mail packet, and the sender verification code α ″ generated in step S222. If the two are not consistent, the encrypted mail is possible to be tampered or the sender is not trusted. If the mail is consistent with the mail, the mail is credible;
s230: and the receiver obtains the decrypted trusted mail.
The verification mode of the verification code is adopted:
1. the sender and the receiver do not need to send verification codes, and only the sender verification code is generated again according to the sender information and the mail number and compared with the sender verification code stored before, so that the sender is verified, and the sender information is prevented from being forged by others; or regenerating a recipient verification code according to the recipient information and the mail number, comparing the recipient verification code with the previously stored recipient verification code, verifying the recipient, and preventing an unauthorized user from obtaining the mail information; verifying the mail content to prevent the mail content from being tampered; therefore, the sender, the receiver and the mail can be verified, and the mail and the identity can be prevented from being forged.
2. Meanwhile, the verification modes of the verification code are encrypted transmission, the transmission process is safe, the risk that the verification code is attacked by a man-in-the-middle is avoided, and the safety of mail receiving and sending is guaranteed.
3. The verification code at the platform side is generated according to the information, so that the risk of man-in-the-middle attack can be prevented.
4. The certificate code is automatically generated by the platform and the receiving and sending party without modifying and adapting the mailbox system, so the verification method has high applicability.
The above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A quantum security key-based encryption method for sending mails is applied to mail sending equipment and is characterized in that: the method comprises the following steps:
s1', before sending an email, an email sending device carries out identity verification through a quantum password management service system, reads a quantum security key preset in a built-in quantum security chip and the quantum password management service system to carry out symmetric entity identity authentication, and finally returns an authentication result;
' the specific process of identity authentication of the symmetric entity is as follows:
step S121', after the user finishes logging in, the mail sending equipment automatically sends an authentication request to the sub-security chip;
step S122', the quantum security chip returns the quantum key and the sequence Z-1 of the quantum key to the mail sending device;
step S123', the mail sending equipment sends an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system;
step S124', the mail sending device receives a certain good scheme which is sent by the quantum cipher management service system and encrypted by the key corresponding to the quantum key sequence Z-1, such as a time stamp and a device physical address, and the scheme is used for verifying that the quantum cipher management service system is the user;
step S125', the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and uses a secret key corresponding to the quantum secret key sequence Z-1 to encrypt and send the secret key to a quantum password management service system, wherein the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
step S126', after both parties pass the verification, the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system;
s2', after the user finishes the login authentication in the step S1 and needs to send the mail, the sender needs to use a key preset in the quantum security chip to apply for obtaining a mail encryption key to the quantum password management service system.
2. The quantum-secure-key-based encryption method for sending mail according to claim 1, wherein: and after the symmetric entity identity authentication is started by using a mailbox program of the mail sending equipment, automatically calling the quantum security chip to finish the identity authentication of the symmetric key based on the quantum security key.
3. The quantum-secure-key-based encryption method for sending mail according to claim 1, wherein: in step S1', the specific process of identity authentication of the symmetric entity is as follows:
s11', a user opens a mailbox application on mail sending equipment, inputs an account password to carry out login authorization of the mailbox application, and logs in a mailbox;
s12', the mail sending equipment performs entity authentication based on a symmetric key by using a GB/T15843.2 standard through a built-in quantum security chip and a quantum password management service system, and the step S2' is performed after the user login authentication is completed.
4. The encryption method for sending mail based on quantum secure key according to claim 1, characterized in that: the sending encryption process of the step S2' is as follows:
s211', the sender uses the mail sending device to edit and complete the local mail locally;
s212', the mail sending equipment selects a secret key B with a password sequence Z in the quantum security chip, sends the mail number and the password sequence Z to a quantum password management service system together, and applies for obtaining a mail encryption password;
s213', the mail sending device receives the mail encryption password M which is returned by the quantum password management service system and encrypted by using the symmetric key B B’ ;
S215', the mail sending device receives the encrypted mail encryption password M B’ Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
s216', the sender uses the Hash algorithm to generate a message digest gamma for the encrypted mail;
s217': the mail sending equipment encrypts the local mail and the message digest gamma into an encrypted mail packet by using a mail encryption password M, and performs encryption transmission and storage by using the mail encryption password M;
s218': the mail sending equipment encrypts and sends the mail number, the recipient information, the recipient verification code beta and the message digest gamma to a quantum cipher management service system by using a quantum key with a sequence of Z + 1;
s219': the mail sending device sends the encrypted mail packet, the information of the receiver and the sender and the mail number to the mail system together.
5. The encryption method for sending mail based on quantum security key according to any one of claims 1-4, characterized in that: the quantum security chip is a SIM card or a U disk.
6. The encryption method for sending mail based on quantum security key according to any one of claims 1-4, characterized in that: the safety key in the quantum safety chip is built-in advance, the quantum safety chip fills in advance through the quantum key filling machine when issuing a card and fills in, and the quantum safety chip that uses all has the preset quantum password, and every quantum safety chip has own serial number, and every quantum key has own serial number, provides the serial number and the quantum key serial number of quantum safety chip, can find corresponding key in the quantum exchange crypto-system.
7. The encryption method for sending mail based on quantum secure key according to any one of claims 1 to 4, characterized in that: the mail sending apparatus includes: the system comprises a mobile phone and a fixed device, wherein mailbox users and quantum security chips are bound in advance, and one mailbox user is bound with one quantum security chip.
8. An encryption system for sending mails based on quantum security keys is characterized in that: the method comprises the following steps:
the entity authentication module is used for verifying the identity of the mail sending equipment through the quantum password management service system before sending the mail, reading a quantum security key preset in a built-in quantum security chip and the quantum password management service system by the mail sending equipment to carry out symmetric entity identity authentication, and finally returning an authentication result;
the encryption key application and mail sending module is used for applying to obtain a mail encryption key to the quantum password management service system by using a key preset in the quantum security chip and sending the mail by a sender when the mail is sent;
wherein the entity authentication module comprises:
the login unit is used for sending an authentication request to the sub-security chip by the mail sending equipment after the user logs in;
the key returning unit is used for returning the quantum key and the sequence Z-1 of the quantum key to the mail sending equipment by the quantum security chip;
the authentication request unit is used for sending an authentication request and a quantum key sequence Z-1 returned by the quantum security chip to the quantum password management service system by the mail sending equipment;
the mail sending equipment receives a certain good scheme which is sent by the quantum password management service system and encrypted by a key corresponding to the quantum key sequence Z-1, such as a timestamp and an equipment physical address, and is used for verifying that the quantum password management service system is the person;
the mail sending equipment verifies the sending unit, the mail sending equipment adopts a certain good scheme such as a timestamp and an equipment physical address, and the secret key corresponding to the quantum secret key sequence Z-1 is used for encrypting and sending the mail sending equipment to a quantum password management service system, and the quantum password management service system is used for verifying that the mail sending equipment is the owner and is not an application for resending after others intercept information;
and the mail sending equipment receives the encrypted authentication result sent by the quantum password management service system after both sides pass the verification.
9. The quantum-secure-key-based encryption system for sending mail according to claim 8, wherein: the encryption key application and mail sending module comprises:
the mail editing unit is used for editing the local mail locally by a sender by using mail sending equipment;
the mail encryption key application unit is used for enabling the mail sending equipment to select a key B with a password sequence Z in the quantum security chip, sending the mail number and the password sequence Z to the quantum password management service system together, and applying for obtaining a mail encryption password;
a mail encryption password receiving unit, a mail sending device receives a mail encryption password M which is returned by the quantum password management service system and encrypted by using a symmetric key B B’ ;
A mail encryption password decryption unit, a mail sending device receives the encrypted mail encryption password M B’ Then, decrypting by using a key B which is symmetrical to the symmetric key B' to obtain a mail encryption password M;
a message digest generation unit, which is used by a sender to generate a message digest gamma by using a Hash algorithm on the encrypted mail;
an encrypted mail packet transmission unit, wherein the mail sending device uses a mail encryption password M to encrypt the local mail and the message digest gamma into an encrypted mail packet, and uses the mail encryption password M to carry out encryption transmission storage;
the mail information sending unit is used for encrypting and sending a mail number, recipient information, a recipient verification code beta and a message digest gamma to the quantum password management service system by using a quantum key with a sequence of Z +1 through mail sending equipment;
and the mail sending unit is used for sending the encrypted mail packet, the information of the sender and the mail number to the mail system together by the mail sending equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110705150.2A CN113452687B (en) | 2021-06-24 | 2021-06-24 | Method and system for encrypting sent mail based on quantum security key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110705150.2A CN113452687B (en) | 2021-06-24 | 2021-06-24 | Method and system for encrypting sent mail based on quantum security key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113452687A CN113452687A (en) | 2021-09-28 |
| CN113452687B true CN113452687B (en) | 2022-12-09 |
Family
ID=77812426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110705150.2A Active CN113452687B (en) | 2021-06-24 | 2021-06-24 | Method and system for encrypting sent mail based on quantum security key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113452687B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114363838A (en) * | 2021-12-30 | 2022-04-15 | 中国电信股份有限公司卫星通信分公司 | Method for realizing satellite communication quantum key distribution through short message channel |
| CN114205084B (en) * | 2022-02-16 | 2022-05-17 | 国网浙江省电力有限公司金华供电公司 | Quantum key-based electronic mail multi-operation encryption method and device |
| CN116527259B (en) * | 2023-07-03 | 2023-09-19 | 中电信量子科技有限公司 | Cross-domain identity authentication method and system based on quantum key distribution network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006203559A (en) * | 2005-01-20 | 2006-08-03 | Mitsubishi Electric Corp | Quantum cryptographic communication system and method |
| CN101150533A (en) * | 2006-09-18 | 2008-03-26 | 联想(北京)有限公司 | A secure system and method for multi-point mail push |
| CN101466079A (en) * | 2009-01-12 | 2009-06-24 | 中兴通讯股份有限公司 | Method, system and WAPI terminal for transmitting e-mail |
| CN102055685A (en) * | 2010-12-21 | 2011-05-11 | 常熟理工学院 | Method for encrypting webmail information |
| KR20110057448A (en) * | 2009-11-24 | 2011-06-01 | 한국전자통신연구원 | A method of user-authenticated quantum key distribution |
| CN105553648A (en) * | 2014-10-30 | 2016-05-04 | 阿里巴巴集团控股有限公司 | Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system |
| CN105763563A (en) * | 2016-04-19 | 2016-07-13 | 浙江神州量子网络科技有限公司 | Identity authentication method during quantum secret key application process |
| KR102021739B1 (en) * | 2018-06-04 | 2019-11-05 | 채령 | The product information data by quantum code and the quantum marking apparatus for prevention of forgery by x-y coordinate of hash function matrix and the product management system marked by quantum |
| CN110494842A (en) * | 2017-01-27 | 2019-11-22 | 肖恩·哈钦森 | Safety certification and Financial Attribute service |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7181762B2 (en) * | 2001-01-17 | 2007-02-20 | Arcot Systems, Inc. | Apparatus for pre-authentication of users using one-time passwords |
| US20070162961A1 (en) * | 2005-02-25 | 2007-07-12 | Kelvin Tarrance | Identification authentication methods and systems |
| US8166404B2 (en) * | 2005-10-04 | 2012-04-24 | Disney Enterprises, Inc. | System and/or method for authentication and/or authorization |
| US20070156836A1 (en) * | 2006-01-05 | 2007-07-05 | Lenovo(Singapore) Pte. Ltd. | System and method for electronic chat identity validation |
| US20080144836A1 (en) * | 2006-12-13 | 2008-06-19 | Barry Sanders | Distributed encryption authentication methods and systems |
| LV14456B (en) * | 2011-10-04 | 2012-04-20 | Relative Cc, Sia | Method for determination of user's identity |
| US9374369B2 (en) * | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
| CN110138548B (en) * | 2019-04-22 | 2023-09-01 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol |
| CN110176989B (en) * | 2019-05-15 | 2023-03-14 | 如般量子科技有限公司 | Quantum communication service station identity authentication method and system based on asymmetric key pool |
| CN110380859B (en) * | 2019-05-30 | 2022-10-14 | 如般量子科技有限公司 | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol |
| CN110266483B (en) * | 2019-06-25 | 2023-06-06 | 如般量子科技有限公司 | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD |
| CN110493177B (en) * | 2019-07-02 | 2021-08-31 | 如般量子科技有限公司 | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number |
| CN110535626B (en) * | 2019-07-16 | 2023-06-06 | 如般量子科技有限公司 | Secret communication method and system for identity-based quantum communication service station |
| CN110677253B (en) * | 2019-08-28 | 2022-11-15 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC |
-
2021
- 2021-06-24 CN CN202110705150.2A patent/CN113452687B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006203559A (en) * | 2005-01-20 | 2006-08-03 | Mitsubishi Electric Corp | Quantum cryptographic communication system and method |
| CN101150533A (en) * | 2006-09-18 | 2008-03-26 | 联想(北京)有限公司 | A secure system and method for multi-point mail push |
| CN101466079A (en) * | 2009-01-12 | 2009-06-24 | 中兴通讯股份有限公司 | Method, system and WAPI terminal for transmitting e-mail |
| KR20110057448A (en) * | 2009-11-24 | 2011-06-01 | 한국전자통신연구원 | A method of user-authenticated quantum key distribution |
| CN102055685A (en) * | 2010-12-21 | 2011-05-11 | 常熟理工学院 | Method for encrypting webmail information |
| CN105553648A (en) * | 2014-10-30 | 2016-05-04 | 阿里巴巴集团控股有限公司 | Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system |
| CN105763563A (en) * | 2016-04-19 | 2016-07-13 | 浙江神州量子网络科技有限公司 | Identity authentication method during quantum secret key application process |
| CN110494842A (en) * | 2017-01-27 | 2019-11-22 | 肖恩·哈钦森 | Safety certification and Financial Attribute service |
| KR102021739B1 (en) * | 2018-06-04 | 2019-11-05 | 채령 | The product information data by quantum code and the quantum marking apparatus for prevention of forgery by x-y coordinate of hash function matrix and the product management system marked by quantum |
Non-Patent Citations (2)
| Title |
|---|
| Authenticated Quantum Dialogue Without Information Leakage;WANG He等;《Chinese Journal of Electronics》;20180309(第02期);全文 * |
| 身份认证技术及其发展趋势;周楝淞等;《通信技术》;20091010(第10期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113452687A (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN113452687B (en) | Method and system for encrypting sent mail based on quantum security key | |
| CN113346995B (en) | Method and system for preventing falsification in mail transmission process based on quantum security key | |
| US8499156B2 (en) | Method for implementing encryption and transmission of information and system thereof | |
| CN109962784A (en) | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN101631305B (en) | Encryption method and system | |
| CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN113630407B (en) | Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN113079022B (en) | Secure transmission method and system based on SM2 key negotiation mechanism | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN113204760B (en) | Method and system for establishing secure channel for software cryptographic module | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| JP2008535427A (en) | Secure communication between data processing device and security module | |
| CN112020038A (en) | Domestic encryption terminal suitable for rail transit mobile application | |
| CN103795966A (en) | Method and system for realizing safe video call based on digital certificate | |
| EP1079565A2 (en) | Method of securely establishing a secure communication link via an unsecured communication network | |
| CN111917543A (en) | User access cloud platform security access authentication system and application method thereof | |
| CN113438074B (en) | Decryption method of received mail based on quantum security key | |
| CN112054905B (en) | Secure communication method and system of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |