CN114449062A - Interactive system and method of QKD key management system - Google Patents

Interactive system and method of QKD key management system Download PDF

Info

Publication number
CN114449062A
CN114449062A CN202111673541.7A CN202111673541A CN114449062A CN 114449062 A CN114449062 A CN 114449062A CN 202111673541 A CN202111673541 A CN 202111673541A CN 114449062 A CN114449062 A CN 114449062A
Authority
CN
China
Prior art keywords
data frame
server
data
check
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111673541.7A
Other languages
Chinese (zh)
Other versions
CN114449062B (en
Inventor
郭邦红
莫礼祯
胡敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Quantum Communication Guangdong Co Ltd
Original Assignee
National Quantum Communication Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Quantum Communication Guangdong Co Ltd filed Critical National Quantum Communication Guangdong Co Ltd
Priority to CN202111673541.7A priority Critical patent/CN114449062B/en
Publication of CN114449062A publication Critical patent/CN114449062A/en
Application granted granted Critical
Publication of CN114449062B publication Critical patent/CN114449062B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Communication Control (AREA)

Abstract

The invention discloses an interactive system and method of a QKD key management system, wherein the method starts a thread and creates a socket of a server corresponding to the thread; the client and the server are connected in a matching way through a socket; the client-side performs code reversal summation on data to be sent to obtain a check bit; the client splices the data to be sent with the check bit and then packs the data into a data frame to be sent to the server; and after receiving the data frame, the server checks and disassembles the format of the data frame, acquires the data frame information and performs corresponding operation or reply. The method disclosed by the invention splices and encapsulates the fields into data frames by adopting a pointer displacement mode when the messages are transmitted by the client, and the server disassembles and analyzes the fields by adopting the pointer displacement mode on the received data frames so as to perform corresponding reply, thereby ensuring the interactive safety among key management systems and improving the interactive efficiency of the systems.

Description

Interactive system and method of QKD key management system
Technical Field
The invention relates to the technical field of quantum cryptography and quantum network communication, in particular to an interactive system and method of a QKD key management system.
Background
The QKD key management system generally uses a key transmission method to perform transmission and interaction during data encryption transmission. The key transmission step is that firstly, the information is encrypted at the sending end of the communication system and then sent out through the TCP/IP protocol stack, and then the information is decrypted after the receiving end receives the information from the TCP/IP protocol stack. But important information transmitted through a TCP/IP protocol stack is easily intercepted, peeped and modified by an attacker, resulting in low security of the interaction between systems.
Therefore, the shortcomings of the prior art need to be improved, a method for solving the security problem in the data encryption transmission process is provided, and meanwhile, the information interaction among all relevant devices of the QKD key management system is facilitated.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and solve the problem of security interaction of a QKD key management system, and provides an interaction method of the QKD key management system.
The utility model provides a QKD key management system's interactive system, includes thread start-up module, monitors module, server, matching module, client and server side, the client is equipped with inspection position generation module and packing module, the server side is provided with form inspection module and disassembles the module, wherein:
the thread starting module is used for starting a thread and creating a socket of a server corresponding to the thread;
the monitoring module binds the address of the server with the socket to monitor the thread;
the socket of the matching module matches a client with a server;
the check bit generation module performs inverse code summation on data to be sent to obtain check bits;
the packaging module is used for splicing the data to be sent and the check bits, packaging the spliced data into a data frame and then sending the data frame to a server;
the format checking module is used for checking the format of the received data frame;
the disassembling module is used for disassembling the data frame, acquiring data frame information and performing corresponding operation or reply.
The method is realized by the following technical scheme:
an interactive method of a QKD key management system, the method applies a server, a client and a server, and the method comprises the following steps:
step 1: starting a thread and creating a socket of a server corresponding to the thread;
step 2: binding the address of the server with the socket so as to monitor the thread;
and step 3: the client and the server are connected in a matching mode through the socket;
and 4, step 4: the client-side performs code reversal summation on data to be sent to obtain a check bit;
and 5: the client splices the data to be sent and the check bit and then packs the data into a data frame to be sent to a server;
step 6: the server side checks the format of the data frame after receiving the data frame;
and 7: if the check is unsuccessful, the server discards the data frame and jumps to the step 3;
and if the check is successful, the server disassembles the data frame, acquires data frame information and performs corresponding operation or reply.
Further, the data frame in step 5 includes a data frame header, a message length, a message type, an extended length, an extended command type, an extended command direction, extended data, a message body, check bits, and a data frame tail.
Further, the message types include active sending and passive acknowledgement.
Further, the extended command types include a heartbeat signal, a request to connect a device, disconnect a device, and send data.
Further, the data frame header, the message length and the message type are set by using a define macro definition command.
Further, the step of splicing the data and the check bits is specifically as follows:
step a: setting a buffer character string;
step b: applying for a block of memory in the buffer character string;
step c: and storing the data and the check bits into the address block corresponding to the memory according to the format of the data frame by adopting a pointer displacement method.
Further, the data frame format check of step 6 includes format validity of the data frame and correctness of check bits.
Further, the validity check of the format of the data frame includes checking whether the length of the data frame, the position of the head of the data frame, and the position of the tail of the data frame are valid.
Further, the correctness checking of the check bits of the data frame specifically includes: comparing the check bit with the result of the check bit after the code inversion summation calculation;
if the comparison result is consistent, judging that the check code is correct;
if the comparison result is inconsistent, the check code is judged to be incorrect.
Further, the step of disassembling the data frame by the server is as follows:
step A: after receiving the data frame, the server side disassembles the data frame by adopting a pointer displacement method to obtain a field;
and B: the server side analyzes the field type of the extended command type and makes corresponding reply according to the field;
when the message type is actively sent, the server side returns a data frame to the client side;
when the message type is the passive response, the server does not need to return a data frame to the client.
The invention has the beneficial effects that:
the fields are spliced and encapsulated into data frames in a pointer displacement mode when the messages are transmitted by the quantum network and the client of the key management system, the data frames are sent to the server, and the server receives the encapsulated data frames and then disassembles and analyzes the fields in a pointer displacement mode so as to perform corresponding reply, so that the interactive safety among the key management systems is ensured, and the interactive efficiency of the systems is improved.
Drawings
FIG. 1 is a functional block diagram of an interactive system of a QKD key management system of the present invention;
FIG. 2 is a flowchart illustrating the steps of an interactive method of a QKD key management system in accordance with the present invention;
FIG. 3 is a data frame format diagram of an interaction method of a QKD key management system according to the present invention;
FIG. 4 is a flow chart of splicing data frames at the server side of an interaction method of the QKD key management system according to the present invention;
fig. 5 is a flowchart of a server-side parsing data frame of an interaction method of the QKD key management system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments, but the scope of the present invention is not limited to the following embodiments.
As shown in fig. 1, an interactive system of a QKD key management system includes a thread start module, a monitoring module, a server, a matching module, a client and a server, where the client is provided with a check bit generation module and a packing module, and the server is provided with a format check module and a disassembly module, where:
the thread starting module is used for starting a thread and creating a socket of a server corresponding to the thread;
the monitoring module binds the address of the server with the socket to monitor the thread;
the socket of the matching module matches a client with a server;
the check bit generation module performs inverse code summation on data to be sent to obtain check bits;
the packaging module is used for splicing the data to be sent and the check bits, packaging the spliced data into a data frame and then sending the data frame to a server;
the format checking module is used for checking the format of the received data frame;
the disassembling module is used for disassembling the data frame, acquiring data frame information and performing corresponding operation or reply.
The method for realizing the module function of the system is consistent with the scheme method with the corresponding part of the following interaction method of the QKD key management system, and the description is omitted here.
As shown in fig. 2-5, an interactive method of a QKD key management system, which applies the above interactive system of a QKD key management system, includes the following specific steps:
step 1: starting a thread, creating a socket of the server according to a preset parameter, and setting the socket in a non-blocking mode;
step 2: binding the address of the server with the socket so as to monitor the thread;
and step 3: the client and the server are connected in a matching mode through the socket, namely, the server and the client respectively store socket sockets and corresponding relations, and the client and the server send and receive data according to the socket sockets;
and 4, step 4: the client-side performs code reversal summation on data to be sent to obtain a check bit;
and 5: the client splices the data to be sent and the check bit and then packs the data into a data frame to be sent to a server;
when data is packaged, the corresponding contents such as message type, message length, data type, data length, extended message type, extended command direction, and the like need to be determined.
As shown in fig. 3, the packed data frame in step 5 includes a data frame header, a message length, a message type, an extended length, an extended command type, an extended command direction, extended data, a message body, check bits, and a data frame trailer.
The data frame header, the message length and the message type are set by adopting a define macro definition command, the content of each field is defined by macro definition, the readability of system codes and the maintainability of a communication protocol are enhanced, and the fields defined by the macro are directly added to a data frame when data needs to be packaged.
Wherein the message types include active sending and passive answering;
the extended command types include a heartbeat signal, a request to connect a device, disconnect a device, and send data.
The data and check bit splicing method specifically comprises the following steps:
step a: setting a buffer character string; the buffer character string is used for temporarily storing the data frame and providing a memory for the spliced data frame;
step b: applying for a block of memory in the buffer character string;
step c: and storing the data and the check bits into the address block corresponding to the memory according to the format of the data frame by adopting a pointer displacement method.
The client sends the packed data frame to the server, and skips to step 6;
step 6: the server side checks the format of the data frame after receiving the data frame;
the data frame format check of step 6 includes format validity of the data frame and correctness of check bits.
Specifically, the validity check of the format of the data frame includes checking whether the length of the data frame, the position of the head of the data frame, and the position of the tail of the data frame are valid.
Specifically, the correctness check of the check bits of the data frame specifically includes: comparing the check bit with the result of the check bit after the code inversion summation calculation;
if the comparison result is consistent, judging that the check code is correct;
if the comparison result is inconsistent, the check code is judged to be incorrect.
And 7: if the check is unsuccessful, the server discards the data frame and jumps to the step 3;
and if the check is successful, the server disassembles the data frame, acquires data frame information and performs corresponding operation or reply.
As shown in fig. 4, step 6 of the server side disassembly flow is:
step A: after receiving the data frame, the server side disassembles the data frame by adopting a pointer displacement method to obtain a field;
and B: the server side analyzes the field type of the extended command type and makes corresponding reply according to the field;
specifically, when the extended command type field is a heartbeat signal, it needs to further confirm whether the message type field is actively sent or passively responded, and when the message type is actively sent, the server writes the heartbeat response into the message body field in the data frame and packs the data frame to be fed back to the sending end. When the message type is the passive response, the server does not need to return a data frame to the client.
In the process of interaction between devices of the key management system, messages sent when a client and a server interact are spliced and encapsulated into data frames in a pointer displacement mode, and the server needs to acquire the messages and needs to disassemble the data frames in the same pointer displacement mode to acquire information; the efficiency of information interaction between all relevant devices of the key management system can be obviously improved.
Variations and modifications to the above-described embodiments may occur to those skilled in the art, which fall within the scope and spirit of the above description. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and some modifications and variations of the present invention should fall within the scope of the claims of the present invention. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (10)

1. The utility model provides a QKD key management system's interactive system which characterized in that, includes thread start module, monitoring module, server, matching module, client and server, the client is equipped with inspection position generation module and packing module, the server is provided with form inspection module and disassembles the module, wherein:
the thread starting module is used for starting a thread and creating a socket of a server corresponding to the thread;
the monitoring module binds the address of the server with the socket to monitor the thread;
the socket of the matching module matches a client with a server;
the check bit generation module performs inverse code summation on data to be sent to obtain check bits;
the packaging module is used for splicing the data to be sent and the check bits, packaging the spliced data into a data frame and then sending the data frame to a server;
the format checking module is used for checking the format of the received data frame;
the disassembling module is used for disassembling the data frame, acquiring data frame information and performing corresponding operation or reply.
2. An interactive method of a QKD key management system, characterized in that an interactive system of a QKD key management system according to claim 1 is applied, the steps of the method are as follows:
step 1: starting a thread and creating a socket of a server corresponding to the thread;
step 2: binding the address of the server with the socket so as to monitor the thread;
and 3, step 3: the client and the server are connected in a matching mode through the socket;
and 4, step 4: the client-side performs code reversal summation on data to be sent to obtain a check bit;
and 5: the client splices the data to be sent and the check bits and packs the spliced data into data frames to be sent to a server;
step 6: the server side checks the format of the data frame after receiving the data frame;
and 7: if the check is unsuccessful, the server discards the data frame and jumps to the step 3;
and if the check is successful, the server disassembles the data frame, acquires data frame information and performs corresponding operation or reply.
3. The method of claim 2, wherein the data frame in step 5 comprises a header, a length, a type, an extended length, an extended command type, an extended command direction, extended data, a body, check bits, and a trailer.
4. The method of claim 3, wherein the message types include active send and passive reply.
5. The method of claim 3, wherein the extended command types include heartbeat signals, request to connect a device, disconnect a device, and send data.
6. The interactive method of a QKD key management system according to claim 3, characterized in that said data frame header, message length and message type are set using define macro definition commands.
7. The method of claim 2, wherein the step of concatenating the data with the check bits is as follows:
step a: setting a buffer character string;
step b: applying for a block of memory in the buffer character string;
step c: and storing the data and the check bits into the address block corresponding to the memory according to the format of the data frame by adopting a pointer displacement method.
8. The interactive method for a QKD key management system according to claim 2, wherein said data frame format check of step 6 includes format validity of the data frame and correctness of check bits;
the validity check of the format of the data frame comprises checking whether the length of the data frame, the position of the head of the data frame and the position of the tail of the data frame are legal or not.
9. The method of claim 8, wherein the checking of the correctness of the check bits of the data frame is specifically as follows: comparing the check bit with the result of the check bit after the code inversion summation calculation;
if the comparison result is consistent, judging that the check code is correct;
if the comparison result is inconsistent, the check code is judged to be incorrect.
10. The method of claim 2, wherein the step of the server disassembling the data frame is:
step A: after receiving the data frame, the server side disassembles the data frame by adopting a pointer displacement method to obtain a field;
and B: the server side analyzes the field type of the extended command type and makes corresponding reply according to the field;
when the message type is actively sent, the server side returns a data frame to the client side;
when the message type is the passive response, the server does not need to return a data frame to the client.
CN202111673541.7A 2021-12-31 2021-12-31 Interactive system and method of QKD key management system Active CN114449062B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111673541.7A CN114449062B (en) 2021-12-31 2021-12-31 Interactive system and method of QKD key management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111673541.7A CN114449062B (en) 2021-12-31 2021-12-31 Interactive system and method of QKD key management system

Publications (2)

Publication Number Publication Date
CN114449062A true CN114449062A (en) 2022-05-06
CN114449062B CN114449062B (en) 2023-10-24

Family

ID=81366742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111673541.7A Active CN114449062B (en) 2021-12-31 2021-12-31 Interactive system and method of QKD key management system

Country Status (1)

Country Link
CN (1) CN114449062B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000016242A1 (en) * 1998-09-14 2000-03-23 Psc Scanning, Inc. Bar code label reconstruction system and methodologies
CN101262304A (en) * 2008-04-24 2008-09-10 浙江大学 A data stream parsing method based on universal communication data format
US20120246542A1 (en) * 2011-03-22 2012-09-27 Freescale Semiconductor, Inc. Selective checkbit modification for error correction
CN103188156A (en) * 2011-12-31 2013-07-03 北京大唐高鸿数据网络技术有限公司 VOIP call routing device and method based on user datagram protocol (UDP) multicast
CN103391289A (en) * 2013-07-16 2013-11-13 中船重工(武汉)凌久高科有限公司 Multilink safety communication method based on completion port model
CN103957241A (en) * 2014-04-16 2014-07-30 中国工商银行股份有限公司 Communication method and device based on message data
CN106790022A (en) * 2016-12-14 2017-05-31 福建天泉教育科技有限公司 Communication means and its system based on many inquiry threads
CN110944010A (en) * 2019-12-13 2020-03-31 辽宁省计量科学研究院 Anti-theft flow device control system and method
CN111654265A (en) * 2020-06-19 2020-09-11 京东方科技集团股份有限公司 Quick checking circuit, method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000016242A1 (en) * 1998-09-14 2000-03-23 Psc Scanning, Inc. Bar code label reconstruction system and methodologies
CN101262304A (en) * 2008-04-24 2008-09-10 浙江大学 A data stream parsing method based on universal communication data format
US20120246542A1 (en) * 2011-03-22 2012-09-27 Freescale Semiconductor, Inc. Selective checkbit modification for error correction
CN103188156A (en) * 2011-12-31 2013-07-03 北京大唐高鸿数据网络技术有限公司 VOIP call routing device and method based on user datagram protocol (UDP) multicast
CN103391289A (en) * 2013-07-16 2013-11-13 中船重工(武汉)凌久高科有限公司 Multilink safety communication method based on completion port model
CN103957241A (en) * 2014-04-16 2014-07-30 中国工商银行股份有限公司 Communication method and device based on message data
CN106790022A (en) * 2016-12-14 2017-05-31 福建天泉教育科技有限公司 Communication means and its system based on many inquiry threads
CN110944010A (en) * 2019-12-13 2020-03-31 辽宁省计量科学研究院 Anti-theft flow device control system and method
CN111654265A (en) * 2020-06-19 2020-09-11 京东方科技集团股份有限公司 Quick checking circuit, method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李海洲;唐竞新;: "嵌入式UDP服务器中数据报的构造", 小型微型计算机系统, no. 07, pages 1289 - 1291 *

Also Published As

Publication number Publication date
CN114449062B (en) 2023-10-24

Similar Documents

Publication Publication Date Title
CN111083161A (en) Data transmission processing method and device and Internet of things equipment
CN112422396B (en) TCP network transmission acceleration method and system based on SSLVPN channel
CN108040065A (en) Webpage redirect after exempt from login method, device, computer equipment and storage medium
CN107294913B (en) Secure communication method based on HTTP, server and client
KR20170005848A (en) Communication protocol testing method, and tested device and testing platform thereof
CN108449357A (en) A kind of mandate login method, device, smart machine and storage medium
CN116016302A (en) HTTPS-based smart card data encryption and decryption test method and system
CN114449062A (en) Interactive system and method of QKD key management system
CN113726895A (en) File transmission method and device and network KTV system
CN107135228B (en) Authentication system and authentication method based on central node
CN107147561B (en) Instant messaging method and system based on XMPP protocol
CN101197825B (en) Method, system and device for compression message transmission
US20140297753A1 (en) Method for transferring network event protocol messages
CN109167809B (en) Internet of things platform docking data transmission format processing method
CN114979259A (en) Message queue agent device
CN106162645B (en) A kind of the quick of Mobile solution reconnects method for authenticating and system
CN113645193B (en) Network security protection method, service management system and computer readable storage medium
CN107819597B (en) Network data transmission method and front-end processor
CN111221764B (en) Cross-link data transmission method and system
CN113141263B (en) Upgrading method, device, system and storage medium
CN112839037A (en) Power distribution network protocol instruction tamper-proofing method and system
CN112104635A (en) Communication method, system and network equipment
CN112953937B (en) Communication end-to-end safety communication system of electric power trusted computing platform
CN117319088B (en) Method, device, equipment and medium for blocking illegal external connection equipment
CN113163025B (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant