CN113784345B - Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel - Google Patents

Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel Download PDF

Info

Publication number
CN113784345B
CN113784345B CN202111335330.2A CN202111335330A CN113784345B CN 113784345 B CN113784345 B CN 113784345B CN 202111335330 A CN202111335330 A CN 202111335330A CN 113784345 B CN113784345 B CN 113784345B
Authority
CN
China
Prior art keywords
key
power distribution
distribution terminal
information
negotiation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111335330.2A
Other languages
Chinese (zh)
Other versions
CN113784345A (en
Inventor
张波
马振宇
罗俊
杜响剑
叶国庆
虞驰
林振
方玉群
王培波
卢旭倩
陈健
汤中恒
于林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongyang Guangming Electric Power Construction Co ltd
Zhejiang Guodun Quantum Power Technology Co ltd
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Quantumctek Co Ltd
Dongyang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Dongyang Guangming Electric Power Construction Co ltd
Zhejiang Guodun Quantum Power Technology Co ltd
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Quantumctek Co Ltd
Dongyang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongyang Guangming Electric Power Construction Co ltd, Zhejiang Guodun Quantum Power Technology Co ltd, Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd, Quantumctek Co Ltd, Dongyang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Dongyang Guangming Electric Power Construction Co ltd
Priority to CN202111335330.2A priority Critical patent/CN113784345B/en
Publication of CN113784345A publication Critical patent/CN113784345A/en
Application granted granted Critical
Publication of CN113784345B publication Critical patent/CN113784345B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/35Services specially adapted for particular environments, situations or purposes for the management of goods or merchandise

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Public Health (AREA)
  • Electromagnetism (AREA)
  • Water Supply & Treatment (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a power distribution terminal point-to-point key negotiation method and a device based on a quantum secure channel, which comprises the following steps: the first power distribution terminal and the relay equipment establish a first channel based on the received first transmission key and the relay key, and the second power distribution terminal and the relay equipment generate a second channel based on the received second transmission key and the relay key; the first power distribution terminal sends the first negotiation key and the intermediate negotiation key to the second power distribution terminal respectively; the second power distribution terminal sends the second negotiation key and the intermediate negotiation key to the first power distribution terminal respectively; the first power distribution terminal and the second power distribution terminal respectively generate a first combined key and a second combined key; and if the relay equipment judges that the first combined key is the same as the second combined key, the first power distribution terminal and the second power distribution terminal establish a data transmission channel based on the first combined key and/or the second combined key.

Description

Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel
Technical Field
The invention relates to the technical field of data transmission, in particular to a power distribution terminal point-to-point key negotiation method and device based on a quantum security channel.
Background
In recent years, the country promotes the deep integration of a power grid and the internet and focuses on constructing an energy internet. By fully applying modern information technologies and advanced communication technologies such as mobile interconnection, artificial intelligence, 5G communication, Beidou and quantum confidentiality, the universal interconnection and man-machine interaction in all links of a power system are realized, an intelligent power grid with comprehensive sensing of states, efficient information processing and convenient and flexible application is created, and powerful data resource support is provided for safe and economic operation of the power grid, improvement of operation performance, improvement of service quality and cultivation and development of strategic emerging industries.
With the gradual maturity of the 5G technology, the power system gradually considers massive power distribution terminal systems, and the 5G technology is adopted for data transmission according to the communication situation of the application scene. However, the distribution service faces new security threats in the aspects of service information, service modes, service carriers and the like, and if the network is invaded, the stable operation of various key systems can be seriously influenced, so that the economic and social stability and the production and life of people are seriously threatened. The traditional depth defense system relying on physical isolation and safety means deployment is not suitable for a 5G network any more, and how to carry out effective service safety protection becomes a brand new problem which needs to be solved urgently.
The quantum secret communication technology utilizes a quantum uncertainty principle and the quantum state uncopyable characteristic to distribute the secure key, an attacker cannot measure and copy the key (quantum state), and once eavesdropping is carried out, the key can be found, so that the quantum secret communication technology has higher security than a traditional key distribution mechanism, and is also the quantum technology with the highest practical degree at present. Therefore, a compatible mechanism of a quantum secret communication safety protection technology and the existing 5G network safety protection technology is explored, the safety level of the 5G network in the application of the power system is improved, and the method has important significance for improving the operation of the dispatching automation service in the 5G system network.
The domestic company completes the verification that the domestic first 5G + quantum communication terminal bears the accurate load control service, and further provides an application solution of the 5G + quantum communication terminal which is strong in popularization and concise in deployment, the 5G + quantum communication terminal has the double functions of 5G communication and quantum confidentiality, can be applied to various service scenes, and solves the problems of safety and reliability of the electricity production control service borne by the public network 5G network. As the fusion application of the 5G communication technology, the quantum encryption technology and the power business equipment for the first time in China, the application not only exerts the advantages of high bandwidth, low time delay and wide link of 5G, but also exerts the advantages of safety and reliability of quantum communication, and can provide all-round supporting capabilities of scientific and technological research, experimental verification, performance test, safety analysis, innovation, research and development and the like for the application of 5G + quantum in power.
As shown in fig. 1, a design diagram of a network infrastructure of a quantum security service platform mainly includes a quantum key generation system, a quantum key scheduling system, and a quantum key application system, and each part has the following functions:
1. the quantum key generation system comprises a quantum key generation and management terminal and a quantum random number generator, and has the main functions of: and quantum key is generated by using quantum characteristics, and quantum key support is provided for a front-end system.
2. Quantum key scheduling system, including exchange cipher machine, quantum cipher service platform system, quantum key fills system, and the main function is: the exchange cipher machine is responsible for quantum key storage and output; the quantum cryptography service platform system is responsible for realizing scheduling and negotiation of quantum keys and ensuring that the quantum keys can be safely and orderly distributed to a quantum key application system; and the quantum key charging system is responsible for charging the quantum key in a U shield/TF card mode and the like and is used at a quantum key application terminal.
3. The quantum key application system comprises a quantum security gateway and a quantum CPE, and has the main functions of: a quantum secure encryption transmission channel is constructed by using a quantum key, the security level of the 5G transmission channel is improved, and the data of a service system can be safely transmitted to a wireless secure access area and transmitted to an electric power intranet master station system through the secure access area.
The existing quantum secret communication scheme is to distribute a quantum key to a quantum CPE and a power distribution terminal through quantum key distribution, and establish a quantum secure channel between the quantum CPE and the power distribution terminal through key negotiation. The quantum key is generally generated by a quantum key generation system, and the distribution of the key is completed by a quantum key distribution system, but there is no efficient way for establishing a secure channel between power distribution terminals.
Disclosure of Invention
The embodiment of the invention provides a power distribution terminal point-to-point key negotiation method and device based on a quantum secure channel, which can obtain a corresponding key through point-to-point negotiation between power distribution terminals and guarantee the security of data transmission.
In a first aspect of the embodiments of the present invention, a method for performing point-to-point key agreement on a power distribution terminal based on a quantum secure channel is provided, where the method includes a first power distribution terminal, a second power distribution terminal, and a relay device, where the first power distribution terminal, the second power distribution terminal, and the relay device are respectively connected to a quantum network base platform, and performing key agreement between the first power distribution terminal and the second power distribution terminal through the following steps:
the first power distribution terminal and the relay equipment establish a first channel based on the received first transmission key and the relay key, and the second power distribution terminal and the relay equipment generate a second channel based on the received second transmission key and the relay key;
the first power distribution terminal generates a first negotiation key based on attribute information and data capture information at the current moment, the first negotiation key is transmitted to the relay equipment through the first channel, the relay equipment generates an intermediate negotiation key based on attributes of the first channel and the second channel, and the first negotiation key and the intermediate negotiation key are respectively sent to the second power distribution terminal;
the second power distribution terminal generates a second negotiation key based on attribute information and data capture information at the current moment, the second negotiation key is transmitted to the relay equipment through the second channel, the relay equipment generates an intermediate negotiation key based on attributes of the second channel and the first channel, and the second negotiation key and the intermediate negotiation key are respectively sent to the first power distribution terminal;
the first power distribution terminal and the second power distribution terminal generate a first combined key and a second combined key respectively based on the first negotiation key, the relay key and the second negotiation key;
and if the relay equipment judges that the first combined key is the same as the second combined key, the first power distribution terminal and the second power distribution terminal establish a data transmission channel based on the first combined key and the second combined key.
Optionally, in a possible implementation manner of the first aspect, the quantum network infrastructure platform is configured to generate a first transmission key, a relay key, and a second transmission key;
and respectively distributing the first transmission key, the relay key and the second transmission key to a first power distribution terminal, relay equipment and a second power distribution terminal based on a quantum security service engine and a terminal key distribution system.
Optionally, in a possible implementation manner of the first aspect, the attribute information of the first power distribution terminal and the second power distribution terminal is preset. Optionally, in a possible implementation manner of the first aspect, the generating, by the first power distribution terminal, the first negotiation key based on the attribute information and the data capture information at the current time includes:
acquiring electric energy monitoring data of a first power distribution terminal at the current moment, and capturing first electric energy information and second electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the first electric energy information and the second electric energy information;
the attribute information comprises a coding information value of the first power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value;
the first negotiation key is calculated by the following formula,
Figure 414517DEST_PATH_IMAGE001
wherein,
Figure 66078DEST_PATH_IMAGE002
in order to negotiate the key for the first time,
Figure 642553DEST_PATH_IMAGE003
is a weight value of the first power information,
Figure 772183DEST_PATH_IMAGE004
is a magnitude of the first power information,
Figure 383293DEST_PATH_IMAGE005
is the weight value of the second power information,
Figure 940176DEST_PATH_IMAGE006
is the magnitude of the second power information,
Figure 3947DEST_PATH_IMAGE007
is the encoded information value of the first power distribution terminal,
Figure 937268DEST_PATH_IMAGE008
a quantized time value for the first power distribution terminal,
Figure 402884DEST_PATH_IMAGE009
is a preset adjustment value;
the relay device generating an intermediate negotiation key based on the attributes of the first channel and the second channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time.
Optionally, in a possible implementation manner of the first aspect, the generating, by the second power distribution terminal, a second negotiation key based on the attribute information and the data capture information at the current time, where the transmitting, by the second power distribution terminal, the second negotiation key to the relay device through the second channel includes:
acquiring electric energy monitoring data of a second power distribution terminal at the current moment, and capturing third electric energy information and fourth electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the third electric energy information and the fourth electric energy information;
the attribute information comprises a coding information value of the second power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value;
the second negotiation key is calculated by the following formula,
Figure 130669DEST_PATH_IMAGE010
wherein,
Figure 681736DEST_PATH_IMAGE011
in order to negotiate the key for the second time,
Figure 949906DEST_PATH_IMAGE012
is a weight value of the third power information,
Figure 207712DEST_PATH_IMAGE013
is the magnitude of the third power information,
Figure 434294DEST_PATH_IMAGE014
is the weight value of the fourth power information,
Figure 410340DEST_PATH_IMAGE015
is the magnitude of the fourth power information,
Figure 482202DEST_PATH_IMAGE016
is the encoded information value of the second power distribution terminal,
Figure 860093DEST_PATH_IMAGE017
a quantized time value for the second power distribution terminal,
Figure 991997DEST_PATH_IMAGE009
is a preset adjustment value;
the relay device generating an intermediate negotiation key based on the attributes of the second channel and the first channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time.
Optionally, in a possible implementation manner of the first aspect, the generating, by the first power distribution terminal and the second power distribution terminal, a first combined key and a second combined key based on the first negotiation key, the relay key, and the second negotiation key, respectively, includes:
and the first power distribution terminal and the second power distribution terminal respectively acquire the coding information values of the first power distribution terminal and the second power distribution terminal, and the first negotiation key, the relay key and the second negotiation key are respectively filled into a preset key generation template based on the coding information values to generate a first combination key and a second combination key.
Optionally, in a possible implementation manner of the first aspect, the filling the first negotiation key, the relay key, and the second negotiation key into a preset key generation template respectively based on the encoding information value to generate a first combination key and a second combination key includes:
the key generation template comprises a first slot position, a second slot position and a third slot position;
and if the coding information value of the first power distribution terminal is larger than that of the second power distribution terminal, the first combined key is placed in the first slot position, the second combined key is placed in the third slot position, and the relay key is arranged in the second slot position.
Optionally, in a possible implementation manner of the first aspect, if the relay device determines that the first combination key and the second combination key are the same, the establishing, by the first power distribution terminal and the second power distribution terminal, a data transmission channel based on the first combination key and the second combination key includes:
the first power distribution terminal and the second power distribution terminal generate the first combined key and the second combined key and then respectively send the first combined key and the second combined key to the relay equipment;
the relay equipment sends a request instruction to a first power distribution terminal and sends a receiving instruction to a second power distribution terminal when judging that the first combined key is the same as the second combined key;
the first power distribution terminal requests the second power distribution terminal to establish a data transmission channel on the basis of the first combined key after receiving the request instruction;
and the second power distribution terminal receives a request of the first power distribution terminal based on the receiving instruction, verifies the first combined key according to the second combined key, and establishes a data transmission channel based on the first combined key if the first combined key is the same as the second combined key.
Optionally, in a possible implementation manner of the first aspect, the first power distribution terminal and the second power distribution terminal respectively have unique coded information values.
In a second aspect of the embodiments of the present invention, a power distribution terminal point-to-point key agreement apparatus based on a quantum secure channel is provided, where the power distribution terminal point-to-point key agreement apparatus includes a first power distribution terminal, a second power distribution terminal, and a relay device, where the first power distribution terminal, the second power distribution terminal, and the relay device are respectively connected to a quantum network basic platform, and key agreement is performed between the first power distribution terminal and the second power distribution terminal through the following apparatus, including:
a first channel establishing module, configured to enable the first power distribution terminal and the relay device to establish a first channel based on a received first transmission key and a relay key, and enable the second power distribution terminal and the relay device to generate a second channel based on a received second transmission key and a relay key;
the first key negotiation module is used for enabling the first power distribution terminal to generate a first negotiation key based on attribute information and data capture information at the current moment, the first negotiation key is transmitted to the relay equipment through the first channel, the relay equipment generates an intermediate negotiation key based on attributes of the first channel and the second channel, and the first negotiation key and the intermediate negotiation key are respectively sent to the second power distribution terminal;
the second key negotiation module is used for enabling a second power distribution terminal to generate a second negotiation key based on attribute information and data capture information at the current moment, the second negotiation key is transmitted to the relay equipment through the second channel, the relay equipment generates an intermediate negotiation key based on attributes of the second channel and the first channel, and the second negotiation key and the intermediate negotiation key are respectively sent to the first power distribution terminal;
the combination module is used for enabling the first power distribution terminal and the second power distribution terminal to generate a first combination key and a second combination key respectively based on the first negotiation key, the relay key and the second negotiation key;
and the second channel establishing module is used for establishing a data transmission channel by the first power distribution terminal and the second power distribution terminal based on the first combined key and the second combined key if the relay equipment judges that the first combined key and the second combined key are the same.
In a third aspect of the embodiments of the present invention, a readable storage medium is provided, in which a computer program is stored, which, when being executed by a processor, is adapted to carry out the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention.
The invention provides a power distribution terminal point-to-point key negotiation method and a device based on a quantum secure channel, which firstly enable a first power distribution terminal, a second power distribution terminal and relay equipment to establish a quantum communication channel according to a quantum network basic platform, then respectively generate a first negotiation key and a second negotiation key according to the attributes of the first power distribution terminal and the second power distribution terminal, respectively transmit the first negotiation key and the second negotiation key through the relay equipment to realize key negotiation between the first power distribution terminal and the second power distribution terminal, enable the first power distribution terminal and the second power distribution terminal to respectively generate corresponding first combined key and second combined key according to the first negotiation key, the second negotiation key and an intermediate negotiation key, enable each terminal to fully consider the conditions of other terminals when generating keys, obtain the information of other terminals, and enable the generated keys to change according to the current data transmission scene, the security of the data transmission channel established between the first power distribution terminal and the second power distribution terminal is ensured.
When the first negotiation key and the second negotiation key are generated, the attribute information of the first power distribution terminal and the second power distribution terminal, the current electric power data capturing information and the current time information are fully considered, and the first negotiation key and the second negotiation key are ensured not to be repeated. And the first negotiation key and the second negotiation key are dynamically changed, and have certain association with the first power distribution terminal and the second power distribution terminal when the first negotiation key and the second negotiation key are dynamically changed, so that the first negotiation key and the second negotiation key are ensured to be recyclable and have certain randomness.
When the first combined key and the second combined key are generated, the first negotiation key, the relay key and the second negotiation key are sequenced according to the coding information of the first power distribution terminal and the second power distribution terminal, and the sequencing result is filled into the corresponding slot position, so that the first negotiation key, the relay key and the second negotiation key can be rapidly combined to obtain the combined key, and the generation efficiency of the combined key is improved.
Drawings
FIG. 1 is a schematic diagram of a connection structure of a quantum network basic platform;
FIG. 2 is a flow chart of a first embodiment of a quantum secure channel-based power distribution terminal point-to-point key agreement method;
FIG. 3 is a flow chart of a second embodiment of a quantum secure channel-based power distribution terminal point-to-point key agreement method;
FIG. 4 is a block diagram of a first embodiment of a quantum secure channel-based point-to-point key agreement device for a power distribution terminal;
FIG. 5 is a schematic diagram of the path between a power distribution terminal and a CPE;
fig. 6 is a schematic diagram of a power distribution terminal and a pathway between power distribution terminals.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
The invention provides a power distribution terminal point-to-point key negotiation method based on a quantum secure channel, which comprises a first power distribution terminal, a second power distribution terminal and a relay device, wherein the first power distribution terminal, the second power distribution terminal and the relay device are respectively connected with a quantum network basic platform, and as shown in figure 1, a quantum secure gateway can be regarded as a gateway connected with the first power distribution terminal or the second power distribution terminal.
The quantum network basic platform is used for generating a first transmission key, a relay key and a second transmission key;
and respectively distributing the first transmission key, the relay key and the second transmission key to a first power distribution terminal, relay equipment and a second power distribution terminal based on a quantum security service engine and a terminal key distribution system. The invention can generate a first transmission key, a relay key and a second transmission key through a quantum key generation system.
The relay equipment is quantum CPE, and the quantum CPE decrypts the relay key through a charging key of the quantum secure TF card; the quantum CPE and the first power distribution terminal establish a first channel based on the relay key and the first transmission key respectively; and the quantum CPE and the second power distribution terminal establish a second channel based on the relay key and the second transmission key respectively. The first channel and the second channel can be regarded as quantum secure encrypted tunnels in the figure.
As shown in fig. 2, the power distribution terminal point-to-point key negotiation method specifically includes:
step S110, the first power distribution terminal and the relay device establish a first channel based on the received first transmission key and the relay key, and the second power distribution terminal and the relay device generate a second channel based on the received second transmission key and the relay key. According to the technical scheme provided by the invention, the first channel and the second channel can be quantum secure encryption tunnels, and the security of data transmission between the first power distribution terminal and the relay equipment and between the second power distribution terminal and the relay equipment can be ensured through the quantum secure encryption tunnels.
Step S120, the first power distribution terminal generates a first negotiation key based on attribute information and data capture information of the current moment, the first negotiation key is transmitted to the relay equipment through the first channel, the relay equipment generates an intermediate negotiation key based on attributes of the first channel and the second channel, and the first negotiation key and the intermediate negotiation key are respectively sent to the second power distribution terminal. The attribute information of the first power distribution terminal and the second power distribution terminal is preset.
In an implementation manner of step S120, step S120 specifically includes:
the method comprises the steps of obtaining electric energy monitoring data of a first power distribution terminal at the current moment, and capturing first electric energy information and second electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the first electric energy information and the second electric energy information. The current time in the present invention may be a time when the first channel is established between the first power distribution terminal and the relay device, and the first time may be 10, 15, 12, 19 minutes in 2020. Since the first power distribution terminal distributes power, a corresponding distribution voltage, a distribution current, a distribution power, and the like are generated during the power distribution process. The first power information and the second power information in the present invention may be distribution voltage, distribution current, distribution power, and the like. The first power information and the second power information may be 1000V, 20A, etc., and the specific form of the first power information and the second power information is not limited in any way.
The attribute information comprises a coding information value of the first power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value. The invention quantizes the time value into a numerical value, for example, 10/15/12/19/2020, and the invention can directly quantize the time value into 202010151219 and count the time value into a number, so that the quantization is convenient for calculating and generating a key. The encoded information value may be preset, in the technical solution of the present invention, each of the first power distribution terminal and the second power distribution terminal has a unique encoded information value, and the encoded information value may be an arabic number, for example, 11100, 11421, and the like.
The first negotiation key is calculated by the following formula,
Figure 455340DEST_PATH_IMAGE001
wherein,
Figure 330892DEST_PATH_IMAGE002
in order to negotiate the key for the first time,
Figure 563290DEST_PATH_IMAGE003
is a weight value of the first power information,
Figure 131675DEST_PATH_IMAGE004
is a magnitude of the first power information,
Figure 816734DEST_PATH_IMAGE005
is the weight value of the second power information,
Figure 495977DEST_PATH_IMAGE006
is the magnitude of the second power information,
Figure 582882DEST_PATH_IMAGE007
is the encoded information value of the first power distribution terminal,
Figure 322168DEST_PATH_IMAGE008
is a first power distribution terminalThe value of the time after the quantization is,
Figure 494523DEST_PATH_IMAGE009
is a preset adjustment value.
By passing
Figure 711878DEST_PATH_IMAGE018
The relative quantitative value of the first distribution terminal in the electric energy dimension can be obtained through
Figure 918868DEST_PATH_IMAGE019
The time value of the first power distribution terminal for coding and collecting the electric energy information can be obtained, wherein
Figure 829055DEST_PATH_IMAGE007
In order to be fixed, the device is provided with a fixing device,
Figure 488707DEST_PATH_IMAGE020
Figure 509752DEST_PATH_IMAGE021
and
Figure 305670DEST_PATH_IMAGE022
the power utilization system is dynamically changed along with the change of time and the change of power utilization scenes. By passing
Figure 386758DEST_PATH_IMAGE009
Can be paired with
Figure 533706DEST_PATH_IMAGE023
Is adjusted so that the first negotiation key can reach the corresponding number of bits.
The generated first negotiation key has the encoding information, the time information and the electric energy information of the first power distribution terminal, and the time information and the electric energy information are dynamically changed, so that the first negotiation key is also dynamically changed, and the first dynamic key is guaranteed not to be decoded.
The relay device generating an intermediate negotiation key based on the attributes of the first channel and the second channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time. When a data transmission channel is established between a first power distribution terminal and a second power distribution terminal, the relay equipment participates, and obtains an intermediate negotiation key according to a first moment when a first channel is established and a second moment when a second channel is established, and the intermediate negotiation key
Figure 358443DEST_PATH_IMAGE024
= first moment
Figure 274446DEST_PATH_IMAGE025
+ second moment
Figure 260857DEST_PATH_IMAGE026
Wherein
Figure 895100DEST_PATH_IMAGE025
And
Figure 257948DEST_PATH_IMAGE026
it may be a certain time of day, for example, 07:52:57 and 10:02:37, 07:52:57 being 75257, 100237 being intermediate negotiated key
Figure 294038DEST_PATH_IMAGE024
=75257+100237。
Step S130, the second power distribution terminal generates a second negotiation key based on attribute information and data capture information of the current moment, the second negotiation key is transmitted to the relay device through the second channel, the relay device generates an intermediate negotiation key based on attributes of the second channel and the first channel, and the second negotiation key and the intermediate negotiation key are respectively sent to the first power distribution terminal.
Wherein, step S130 specifically includes:
the method comprises the steps of obtaining electric energy monitoring data of a second power distribution terminal at the current moment, and capturing third electric energy information and fourth electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the third electric energy information and the fourth electric energy information. The current time in the present invention may be a time when the second channel is established between the first power distribution terminal and the relay device, and the second time may be 10, 15, 14, 21 minutes in 2020. Since the second distribution terminal distributes power, a corresponding distribution voltage, a distribution current, a distribution power, etc. are generated during the distribution process. The third power information and the fourth power information in the present invention may be distribution voltage, distribution current, distribution power, and the like. The third power information and the fourth power information may be 1000V, 20A, etc., and the specific form of the third power information and the fourth power information is not limited in any way.
The attribute information comprises a coding information value of the second power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value. The invention quantizes the time value into a numerical value, for example, 14 hours, 21 minutes, 10 months, 15 days and 14 days in 2020, the invention can directly quantize the time value into 202010151421, and count the time value into a number, and the purpose of quantizing the time value is that the time value is conveniently used for calculating and generating a key. The encoded information value may be preset, in the technical solution of the present invention, each of the first power distribution terminal and the second power distribution terminal has a unique encoded information value, and the encoded information value may be an arabic number, for example, 11100, 11421, and the like.
The second negotiation key is calculated by the following formula,
Figure 451349DEST_PATH_IMAGE010
wherein,
Figure 572889DEST_PATH_IMAGE011
in order to negotiate the key for the second time,
Figure 739428DEST_PATH_IMAGE012
is a weight value of the third power information,
Figure 364445DEST_PATH_IMAGE013
is the magnitude of the third power information,
Figure 958237DEST_PATH_IMAGE014
is the weight value of the fourth power information,
Figure 301494DEST_PATH_IMAGE015
is the magnitude of the fourth power information,
Figure 271724DEST_PATH_IMAGE016
is the encoded information value of the second power distribution terminal,
Figure 16826DEST_PATH_IMAGE017
a quantized time value for the second power distribution terminal,
Figure 781520DEST_PATH_IMAGE027
is a preset adjustment value.
By passing
Figure 612072DEST_PATH_IMAGE028
The relative quantitative value of the second distribution terminal in the electric energy dimension can be obtained through
Figure 120414DEST_PATH_IMAGE029
The time value of the second power distribution terminal for self coding and collecting the electric energy information can be obtained, wherein
Figure 720023DEST_PATH_IMAGE016
In order to be fixed, the device is provided with a fixing device,
Figure 655618DEST_PATH_IMAGE013
Figure 973466DEST_PATH_IMAGE015
and
Figure 19920DEST_PATH_IMAGE017
all in the power utilization scene with the change of timeAnd changes dynamically. By passing
Figure 739614DEST_PATH_IMAGE027
Can be paired with
Figure 846110DEST_PATH_IMAGE030
Is adjusted so that the second negotiation key can reach the corresponding number of bits.
The generated first negotiation key has the encoding information, the time information and the electric energy information of the first power distribution terminal, and the time information and the electric energy information are dynamically changed, so that the first negotiation key is also dynamically changed, and the first dynamic key is guaranteed not to be decoded.
The relay device generating an intermediate negotiation key based on the attributes of the second channel and the first channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time. This step is similar to the step of step S120, and the present invention is not described again.
Step S140, the first power distribution terminal and the second power distribution terminal generate a first combined key and a second combined key respectively based on the first negotiated key, the intermediate negotiated key and the second negotiated key.
In the technical solution provided in the embodiment of the present invention, step S140 specifically includes:
and the first power distribution terminal and the second power distribution terminal respectively acquire the coding information values of the first power distribution terminal and the second power distribution terminal, and the first negotiation key, the intermediate negotiation key and the second negotiation key are respectively filled into a preset key generation template based on the coding information values to generate a first combination key and a second combination key.
The first negotiation key, the intermediate negotiation key and the second negotiation key are respectively filled into a preset key generation template based on the coding information value to generate a first combination key and a second combination key, and the method comprises the following steps:
the key generation template includes a first slot position, a second slot position, and a third slot position. The key generation template may be □ - □ - □ with the first box being the first slot of the key generation template, the second box being the second slot of the key generation template, and the third box being the third slot of the key generation template.
And if the coding information value of the first power distribution terminal is larger than that of the second power distribution terminal, the first combined key is placed in the first slot position, the second combined key is placed in the third slot position, and the relay key is arranged in the second slot position.
When the first negotiation key, the intermediate negotiation key, and the second negotiation key are respectively filled in the key generation template, the determination may be performed according to the encoding information value of each power distribution terminal, for example, the encoding information value of the first power distribution terminal is 11100, the encoding information value of the second power distribution terminal is 11421, and the encoding information value of the second power distribution terminal is greater than the encoding information value of the first power distribution terminal. The first and second combined keys at this time are the digits of the second negotiation key-the digits of the relay key-the digits of the first combined key.
The first negotiation key, the middle negotiation key and the second negotiation key are sequenced according to the coding information of the first power distribution terminal and the second power distribution terminal, and the sequencing result is filled into the corresponding slot position, so that the first negotiation key, the middle negotiation key and the second negotiation key can be rapidly combined to obtain the combined key, and the generation efficiency of the combined key is improved.
Step S150, if the relay device determines that the first combination key and the second combination key are the same, the first power distribution terminal and the second power distribution terminal establish a data transmission channel based on the first combination key and/or the second combination key.
In the technical solution provided by the present invention, as shown in fig. 3, step S150 specifically includes:
step S1501, the first power distribution terminal and the second power distribution terminal generate the first combination key and the second combination key and then respectively send the first combination key and the second combination key to the relay device. The first power distribution terminal and the second power distribution terminal respectively send the first combined key and the second combined key which are respectively generated to the relay equipment to seek verification.
Step S1502, if the relay device determines that the first combination key and the second combination key are the same, sends a request instruction to the first power distribution terminal, and sends a receiving instruction to the second power distribution terminal. When the first combined key and the second combined key are the same, the relay device serving as a third party can respectively send corresponding instructions to the first power distribution terminal and the second power distribution terminal, and before the instructions are sent, the relay device can judge the relationship between the coding information values of the first power distribution terminal and the second power distribution terminal. The setting of the mode can ensure that the relay equipment can fix the establishment mode of the data transmission channel between the first power distribution terminal and the second power distribution terminal. Namely, a request instruction is sent to the first power distribution terminal, and a receiving instruction is sent to the second power distribution terminal.
Step S1503, after receiving the request instruction, the first power distribution terminal requests the second power distribution terminal to establish a data transmission channel based on the first combined key. According to the technical scheme provided by the invention, the first power distribution terminal can request the second power distribution terminal to establish a data transmission channel with the first power distribution terminal after receiving the request instruction.
Step S1504, the second power distribution terminal receives a request of the first power distribution terminal based on the receiving instruction, verifies the first combined key according to the second combined key, and if the first combined key is the same as the second combined key, establishes a data transmission channel based on the first combined key by the first power distribution terminal and the second power distribution terminal. The second power distribution terminal verifies the first combined key sent by the first power distribution terminal after receiving the request of the first power distribution terminal, and when the first combined key is the same as the second combined key, the first power distribution terminal and the second power distribution terminal establish a data transmission channel. At this time, the encryption key of the data transmitted in the data transmission channel is the first combined key.
The embodiment of the present invention further provides a distribution terminal point-to-point key agreement device based on a quantum secure channel, a first distribution terminal, a second distribution terminal, and a relay device, where the first distribution terminal, the second distribution terminal, and the relay device are respectively connected to a quantum network base platform, and key agreement is performed between the first distribution terminal and the second distribution terminal through the following devices, as shown in fig. 4, the distribution terminal point-to-point key agreement device specifically includes:
a first channel establishing module, configured to enable the first power distribution terminal and the relay device to establish a first channel based on a received first transmission key and a relay key, and enable the second power distribution terminal and the relay device to generate a second channel based on a received second transmission key and a relay key;
the first key negotiation module is used for enabling the first power distribution terminal to generate a first negotiation key based on attribute information and data capture information at the current moment, the first negotiation key is transmitted to the relay equipment through the first channel, the relay equipment generates an intermediate negotiation key based on attributes of the first channel and the second channel, and the first negotiation key and the intermediate negotiation key are respectively sent to the second power distribution terminal;
the second key negotiation module is used for enabling a second power distribution terminal to generate a second negotiation key based on attribute information and data capture information at the current moment, the second negotiation key is transmitted to the relay equipment through the second channel, the relay equipment generates an intermediate negotiation key based on attributes of the second channel and the first channel, and the second negotiation key and the intermediate negotiation key are respectively sent to the first power distribution terminal;
the combination module is used for enabling the first power distribution terminal and the second power distribution terminal to generate a first combination key and a second combination key respectively based on the first negotiation key, the intermediate negotiation key and the second negotiation key;
and the second channel establishing module is used for establishing a data transmission channel by the first power distribution terminal and the second power distribution terminal based on the first combined key and/or the second combined key if the relay equipment judges that the first combined key and the second combined key are the same.
In another embodiment of the present invention, as shown in fig. 5, quantum CPE and ith distribution terminal are set
Figure 651255DEST_PATH_IMAGE031
A shared key of
Figure 501400DEST_PATH_IMAGE032
. It is now necessary to establish a secure channel between two distribution terminals, e.g. for distribution terminals
Figure 75601DEST_PATH_IMAGE031
And a power distribution terminal
Figure 352998DEST_PATH_IMAGE033
Establishing a secure channel (i.e. using)
Figure 379860DEST_PATH_IMAGE032
And
Figure 33695DEST_PATH_IMAGE034
is composed of
Figure 462403DEST_PATH_IMAGE031
And
Figure 910701DEST_PATH_IMAGE033
a shared key is negotiated). And designing a key negotiation mechanism between the power distribution terminals. The key agreement between two power distribution terminals is mainly divided into three stages, the first stage
Figure 690439DEST_PATH_IMAGE031
Transit through quantum CPE will
Figure 882385DEST_PATH_IMAGE035
To be transmitted to
Figure 165599DEST_PATH_IMAGE033
And then the second stage
Figure 50379DEST_PATH_IMAGE033
Also through quantum CPE will
Figure 51833DEST_PATH_IMAGE036
To be transmitted to
Figure 47471DEST_PATH_IMAGE031
And finally, the two parties in the third stage use the same hash function to obtain a consistent shared key. The specific contents of the two exchanges are shown in the following table:
Figure 185191DEST_PATH_IMAGE037
the basic idea is as follows:
(1) in the step 001 of the method, the steps of,
Figure 240872DEST_PATH_IMAGE031
randomly generating a number
Figure 995201DEST_PATH_IMAGE038
And through
Figure 263371DEST_PATH_IMAGE031
Secure quantum channel with quantum CPEN i And sending the data to the quantum CPE.
(2) Step 002, quantum CPE by itself with
Figure 786756DEST_PATH_IMAGE033
The safe quantum channel betweenN i Forward to
Figure 951022DEST_PATH_IMAGE033
(3) In the step 003 of the method,
Figure 723805DEST_PATH_IMAGE033
randomly generating a number
Figure 998929DEST_PATH_IMAGE036
And through
Figure 439138DEST_PATH_IMAGE033
Secure quantum channel with quantum CPE
Figure 305462DEST_PATH_IMAGE036
And sending the data to the quantum CPE.
(4) Step 004, Quantum CPE by itself with
Figure 768805DEST_PATH_IMAGE031
The safe quantum channel between
Figure 644357DEST_PATH_IMAGE036
Forward to
Figure 876755DEST_PATH_IMAGE031
(5) As in the first 4 steps, there is no error,
Figure 191279DEST_PATH_IMAGE031
and
Figure 141918DEST_PATH_IMAGE033
each calculating
Figure 821161DEST_PATH_IMAGE039
. K is obtained as
Figure 908065DEST_PATH_IMAGE031
And
Figure 647351DEST_PATH_IMAGE033
a shared key between.
(6) In step 005, if a network failure or transmission ERROR occurs, each party can transmit 005 ERROR to the other two parties, and the party receiving RST clears the message queue established before, and forces the object just participating in the negotiation to start key negotiation again from 001 message.
In another embodiment of the present invention, as shown in fig. 6, a power distribution terminal is set
Figure 819707DEST_PATH_IMAGE031
And
Figure 771482DEST_PATH_IMAGE033
the secure channel between has been established and the shared key is K. There is now a need to authenticate the security and correctness of the negotiated key K. And the correctness of the key negotiation result is ensured. The authentication process between two power distribution terminals is divided into four phases. In the first stage, the first stage is that,
Figure 244052DEST_PATH_IMAGE040
using a shared secret key K and the other party
Figure 888660DEST_PATH_IMAGE033
Is mapped to a value by a hash function
Figure 548311DEST_PATH_IMAGE041
And then sends it to the secure channel established by the two parties
Figure 569357DEST_PATH_IMAGE033
. A second stage in
Figure 427592DEST_PATH_IMAGE033
Receive from
Figure 711942DEST_PATH_IMAGE042
Thereafter, it verifies its own public key
Figure 858890DEST_PATH_IMAGE033
And whether the shared secret key K calculated by the user can obtain the same t value after hash mapping. At the moment, if the verification is passed and the third phase is entered, otherwise the key agreement fails, a 005 number message is sent and the key agreement is carried out againAnd (6) negotiating. In the third stage, the first step is that,
Figure 418047DEST_PATH_IMAGE033
using a shared secret key K and the other party
Figure 334051DEST_PATH_IMAGE031
Is mapped to a value by a hash function
Figure 586040DEST_PATH_IMAGE043
And is combined with
Figure 220284DEST_PATH_IMAGE044
Is sent to
Figure 583132DEST_PATH_IMAGE045
. A fourth stage of
Figure 353642DEST_PATH_IMAGE031
Receive from
Figure 776533DEST_PATH_IMAGE046
Thereafter, it verifies its own public key
Figure 898073DEST_PATH_IMAGE031
And whether the shared secret key K calculated by the user can obtain the same t value after hash mapping. If the two are equal, the authentication is passed, otherwise, the key negotiation fails, and a message of No. 005 is sent for renegotiation. The specific content of the exchanges is shown in the following table:
Figure 799033DEST_PATH_IMAGE047
the basic idea is as follows:
(1) in the step 006, the process is executed,
Figure 689629DEST_PATH_IMAGE031
computing
Figure 283421DEST_PATH_IMAGE048
And is combined with
Figure 626678DEST_PATH_IMAGE049
Is sent to
Figure 596908DEST_PATH_IMAGE033
(2) In a step 007 of the method, the step of the method,
Figure 342010DEST_PATH_IMAGE033
receive from
Figure 106703DEST_PATH_IMAGE050
Then, calculate
Figure 937256DEST_PATH_IMAGE051
And compare
Figure 180019DEST_PATH_IMAGE052
Whether or not equal to
Figure 45206DEST_PATH_IMAGE053
If the two are equal, the verification is passed, otherwise, the key negotiation fails, and a message No. 005 is sent for renegotiation.
If the verification is passed, go to step 008,
Figure 980801DEST_PATH_IMAGE033
computing
Figure 298650DEST_PATH_IMAGE054
And is combined with
Figure 345104DEST_PATH_IMAGE055
Is sent to
Figure 64798DEST_PATH_IMAGE031
(3) In the step 009,
Figure 171294DEST_PATH_IMAGE031
receive from
Figure 976439DEST_PATH_IMAGE056
Then, calculate
Figure 826584DEST_PATH_IMAGE057
And compare
Figure 400784DEST_PATH_IMAGE058
Whether or not equal to
Figure 678182DEST_PATH_IMAGE059
If the two are equal, the verification is passed, otherwise, the key negotiation fails, and a message No. 005 is sent for renegotiation.
The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present invention also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.
In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A power distribution terminal point-to-point key negotiation method based on a quantum secure channel is characterized by comprising a first power distribution terminal, a second power distribution terminal and relay equipment, wherein the first power distribution terminal, the second power distribution terminal and the relay equipment are respectively connected with a quantum network basic platform, and key negotiation is performed between the first power distribution terminal and the second power distribution terminal through the following steps of:
the first power distribution terminal and the relay equipment establish a first channel based on the received first transmission key and the relay key, and the second power distribution terminal and the relay equipment generate a second channel based on the received second transmission key and the relay key;
the first power distribution terminal generates a first negotiation key based on attribute information and data capture information at the current moment, the first negotiation key is transmitted to the relay equipment through the first channel, the relay equipment generates an intermediate negotiation key based on attributes of the first channel and the second channel, and the first negotiation key and the intermediate negotiation key are respectively sent to the second power distribution terminal;
the second power distribution terminal generates a second negotiation key based on attribute information and data capture information at the current moment, the second negotiation key is transmitted to the relay equipment through the second channel, and the relay equipment respectively sends the second negotiation key and the intermediate negotiation key to the first power distribution terminal;
the first power distribution terminal and the second power distribution terminal generate a first combined key and a second combined key respectively based on the first negotiation key, the intermediate negotiation key and the second negotiation key;
and if the relay equipment judges that the first combined key is the same as the second combined key, the first power distribution terminal and the second power distribution terminal establish a data transmission channel based on the first combined key and/or the second combined key.
2. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 1,
the quantum network basic platform is used for generating a first transmission key, a relay key and a second transmission key;
and respectively distributing the first transmission key, the relay key and the second transmission key to a first power distribution terminal, relay equipment and a second power distribution terminal based on a quantum security service engine and a terminal key distribution system.
3. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 2,
and the attribute information of the first power distribution terminal and the second power distribution terminal is preset.
4. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 1,
the first power distribution terminal generating a first negotiation key based on the attribute information and the data capture information at the current moment comprises the following steps:
acquiring electric energy monitoring data of a first power distribution terminal at the current moment, and capturing first electric energy information and second electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the first electric energy information and the second electric energy information;
the attribute information comprises a coding information value of the first power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value;
the first negotiation key is calculated by the following formula,
Figure DEST_PATH_IMAGE001
wherein,
Figure 654588DEST_PATH_IMAGE002
in order to negotiate the key for the first time,
Figure 115656DEST_PATH_IMAGE003
is a weight value of the first power information,
Figure 732451DEST_PATH_IMAGE004
is a magnitude of the first power information,
Figure 865754DEST_PATH_IMAGE005
is the weight value of the second power information,
Figure 734353DEST_PATH_IMAGE006
is the magnitude of the second power information,
Figure 315507DEST_PATH_IMAGE007
is the encoded information value of the first power distribution terminal,
Figure 671578DEST_PATH_IMAGE008
a quantized time value for the first power distribution terminal,
Figure 88915DEST_PATH_IMAGE009
is a preset adjustment value;
the relay device generating an intermediate negotiation key based on the attributes of the first channel and the second channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time.
5. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 1,
the second power distribution terminal generates a second negotiation key based on the attribute information and the data capture information at the current moment, and the transmission of the second negotiation key to the relay device through the second channel comprises the following steps:
acquiring electric energy monitoring data of a second power distribution terminal at the current moment, and capturing third electric energy information and fourth electric energy information in the electric energy monitoring data, wherein the data capturing information comprises the third electric energy information and the fourth electric energy information;
the attribute information comprises a coding information value of the second power distribution terminal and time information of the current moment, and the time information is quantized to obtain a quantized time value;
the second negotiation key is calculated by the following formula,
Figure 370992DEST_PATH_IMAGE010
wherein,
Figure DEST_PATH_IMAGE011
in order to negotiate the key for the second time,
Figure 196865DEST_PATH_IMAGE012
is a weight value of the third power information,
Figure 922507DEST_PATH_IMAGE013
is the magnitude of the third power information,
Figure 810829DEST_PATH_IMAGE014
is the weight value of the fourth power information,
Figure 614706DEST_PATH_IMAGE015
is the magnitude of the fourth power information,
Figure 170452DEST_PATH_IMAGE016
is the encoded information value of the second power distribution terminal,
Figure 801416DEST_PATH_IMAGE017
a quantized time value for the second power distribution terminal,
Figure 177033DEST_PATH_IMAGE009
is a preset adjustment value;
the relay device generating an intermediate negotiation key based on the attributes of the second channel and the first channel comprises:
the relay equipment acquires a first time when the first channel is established and a second time when the second channel is established, and generates an intermediate negotiation key based on the first time and the second time.
6. The distribution terminal point-to-point key agreement method based on the quantum secure channel as claimed in any one of claims 4 or 5,
the first power distribution terminal and the second power distribution terminal respectively generate a first combined key and a second combined key based on the first negotiated key, the intermediate negotiated key and the second negotiated key, and the method comprises the following steps:
and the first power distribution terminal and the second power distribution terminal respectively acquire the coding information values of the first power distribution terminal and the second power distribution terminal, and based on the coding information values, the first negotiation key, the intermediate negotiation key and the second negotiation key are respectively filled into a preset key generation template to generate a first combination key and a second combination key.
7. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 6,
based on the coding information value, filling the first negotiation key, the intermediate negotiation key and the second negotiation key into a preset key generation template respectively to generate a first combination key and a second combination key comprises:
the key generation template comprises a first slot position, a second slot position and a third slot position;
and if the coding information value of the first power distribution terminal is greater than that of the second power distribution terminal, the first negotiation key is arranged in the first slot position, the second negotiation key is arranged in the third slot position, and the relay key is arranged in the second slot position.
8. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 7,
if the relay device determines that the first combined key and the second combined key are the same, the step of establishing a data transmission channel by the first power distribution terminal and the second power distribution terminal based on the first combined key and/or the second combined key comprises:
the first power distribution terminal and the second power distribution terminal generate the first combined key and the second combined key and then respectively send the first combined key and the second combined key to the relay equipment;
the relay equipment sends a request instruction to a first power distribution terminal and sends a receiving instruction to a second power distribution terminal when judging that the first combined key is the same as the second combined key;
after receiving the request instruction, the first power distribution terminal requests the second power distribution terminal to establish a data transmission channel on the basis of the first combined key;
and the second power distribution terminal receives a request of the first power distribution terminal based on the receiving instruction, verifies the first combined key according to the second combined key, and establishes a data transmission channel based on the first combined key if the first combined key is the same as the second combined key.
9. The quantum secure channel-based power distribution terminal point-to-point key agreement method according to claim 6,
the first power distribution terminal and the second power distribution terminal respectively have unique coded information values.
CN202111335330.2A 2021-11-11 2021-11-11 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel Active CN113784345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111335330.2A CN113784345B (en) 2021-11-11 2021-11-11 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111335330.2A CN113784345B (en) 2021-11-11 2021-11-11 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel

Publications (2)

Publication Number Publication Date
CN113784345A CN113784345A (en) 2021-12-10
CN113784345B true CN113784345B (en) 2022-02-08

Family

ID=78956895

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111335330.2A Active CN113784345B (en) 2021-11-11 2021-11-11 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel

Country Status (1)

Country Link
CN (1) CN113784345B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117376404B (en) * 2023-11-10 2024-04-26 国网浙江省电力有限公司绍兴供电公司 Transformer substation communication network frame architecture based on wireless public network and quantum encryption

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809645A (en) * 2018-07-24 2018-11-13 南方电网科学研究院有限责任公司 Key negotiation method and device and power distribution automation system
CN108880800A (en) * 2018-07-03 2018-11-23 北京智芯微电子科技有限公司 Adapted electrical communication system and method based on quantum secret communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108880800A (en) * 2018-07-03 2018-11-23 北京智芯微电子科技有限公司 Adapted electrical communication system and method based on quantum secret communication
CN108809645A (en) * 2018-07-24 2018-11-13 南方电网科学研究院有限责任公司 Key negotiation method and device and power distribution automation system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于Mesh网络的自组网配电终端安全互联设计;戴瑞海 等;《电工技术》;20170710;全文 *

Also Published As

Publication number Publication date
CN113784345A (en) 2021-12-10

Similar Documents

Publication Publication Date Title
Zhang et al. Privacy-preserving profile matching for proximity-based mobile social networking
CN110581854B (en) Intelligent terminal safety communication method based on block chain
CN111935714B (en) Identity authentication method in mobile edge computing network
CN114422115B (en) Power grid data encryption transmission method, system, equipment and readable storage medium
CN104486316A (en) Quantum key classification providing method for improving electric power data transmission security
CN104219056A (en) Privacy protection type real-time electric charge collecting method for intelligent power grid
CN110505053B (en) Quantum key filling method, device and system
CN110505227A (en) Power telecom network access authentication method and device based on block chain
CN113630407A (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN112910861A (en) Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN114286416A (en) Communication control method and device, electronic device and storage medium
CN110932854A (en) Block chain key distribution system and method for Internet of things
CN110620660A (en) Key distribution method for data communication based on block chain
CN110765478A (en) Big data information secure storage encryption system and method thereof
CN112613006A (en) Power data sharing method and device, electronic equipment and storage medium
CN109995739A (en) A kind of information transferring method, client, server and storage medium
CN113784345B (en) Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel
CN107896216B (en) Key management, data encryption and identity authentication method for electric power measuring instrument
CN111342961B (en) Method for realizing data cross-platform sharing by configuring key pair
Li et al. A Group-based End-to-end Identity Authentication Method for Massive Power Wireless Private Network
CN112995939B (en) Wireless sensor network transmission and cloud service access control system
CN116017437A (en) Multiparty collaborative signature method and device suitable for mobile communication
CN113837397B (en) Model training method and device based on federal learning and related equipment
Wang et al. Energy minimum encrypted data aggregation scheme for WSN in smart grid
CN115277090B (en) Security authentication system based on lightweight algorithm and working method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant