CN114531238B - Secret key safe filling method and system based on quantum secret key distribution - Google Patents

Abstract

The invention discloses a secret key safe charging method and a secret key safe charging system based on quantum secret key distribution, which belong to the technical field of quantum communication, wherein the method comprises the steps that a charging machine sends a first charging secret key request to a secret key management system and receives charging information returned by the secret key management system; the charging machine sends charging information to the first key manager so that the first key manager establishes a key distribution link with the second key manager through the QKDN controller, and charging key pairs are stored in the first key manager and the second key manager; the charging machine sends a second charging key request to the first key manager and charges the obtained charging key pair to the security chip; the key management system sends a third charging key request to the second key manager and charges the obtained charging key pair into the server crypto machine. The invention can realize the safe filling of the secret key without cryptograph transmission on the Internet under the condition of different places.

Description

Secret key safe filling method and system based on quantum secret key distribution

Technical Field

The invention relates to the technical field of quantum communication, in particular to a secret key safe charging method and a secret key safe charging system based on quantum secret key distribution.

Background

At present, a charger is usually directly connected to a key management system or a cryptographic engine, and a key is safely charged into a security chip or a special carrier. For example, in the related art, the patent application with publication number CN114095167A discloses a quantum key charging method for a communication terminal, which establishes a connection relationship between a charging terminal, a quantum random number generator, an exchange cryptographic machine and a cryptographic service platform, replaces a quantum key distribution device with the exchange cryptographic machine, generates a quantum key based on a quantum random number, and generates a charging key pair with the quantum key. The invention patent application with publication number CN113824556A discloses a method and a system for protecting an operating system of a quantum key filling machine, and the implementation steps comprise: (1) an initialization stage: defining a set of quantum key filler system installer by user, generating an s-check value for verifying the legality of the operating system of the quantum key filler by combining a security password module, and storing the s-check value into the security password module; (2) and (3) system installation stage: the operating system to be installed is obtained through the quantum key filling machine system installer, the check value of the safety password module is called to check the operating system to be installed, if the check is passed, the installation is permitted, otherwise, the installation is prevented; (3) and (3) a system operation stage: and starting the quantum key filling machine, calling the check value of the secure password module by a core filling program of the quantum key filling machine to check the installed operating system, if the check is passed, normally running, otherwise, stopping running.

However, these techniques are only applicable to the scenario that the filled device, the filling terminal, the cryptographic service platform/system, etc. are at the same position, so as to realize the security certification of the filler device and the filled device. In practical application, there is a scenario that the key needs to be filled in different places due to the security requirement of the key and the diversified requirement of the actual use scenario.

In the related art, the invention patent application with the publication number CN111865589A discloses a quantum communication encryption system and a method thereof for realizing mobile communication quantum encryption transmission, which distributes a quantum key based on a quantum communication network, and respectively accesses the quantum communication network through quantum key distribution equipment at a quantum key charger end and quantum key distribution equipment at a service platform end, and a service platform end and a quantum key charger; at the business service platform end, the quantum security service platform provides a quantum key for the quantum encryption equipment; at the mobile terminal, under the unified management and scheduling of a quantum security service platform, a quantum key charging machine charges a quantum key to a quantum terminal encryption module; and carrying out key agreement between the quantum encryption equipment and the quantum terminal encryption module to form an encrypted working key.

Although the scheme is suitable for key interaction of the charging machine and the cryptosystem at different positions, the scheme is only suitable for acquiring the working key and cannot be suitable for acquiring the charging key pair, and the working key needs to be transmitted through an internet channel connecting the charging machine and the cryptosystem, so that the working key is exposed under the internet environment, and potential safety hazards are increased.

Disclosure of Invention

The technical problem to be solved by the invention is how to realize the safe charging of the key without ciphertext transmission on the Internet under the condition of different places.

The invention solves the technical problems through the following technical means:

in one aspect, the present invention provides a secure key charging method based on quantum key distribution, where the method includes:

the charging machine agent sends a first charging key request to a key management system and receives charging information returned by the key management system;

the charging machine sends the charging information to a first key manager so that the first key manager establishes a key distribution link with a second key manager through a QKDN controller, wherein the first key manager is connected with the charging machine, the second key manager is connected with the key management system, and charging key pairs are stored in the first key manager and the second key manager;

the charging machine sends a second charging key request to the first key manager and charges the obtained charging key pair to the secure chip;

and the key management system sends a third charging key request to the second key manager and charges the acquired charging key pair into the server cipher machine.

The method comprises the steps that a charging machine is directly connected to a first key manager, a key management system is connected to a second key manager, the charging machine and the key management system respectively obtain charging key pairs from the first key manager and the second key manager and respectively send the charging key pairs to a security chip/server cipher machine, the process that keys are sent from the first key manager/the second key manager to the security chip/server cipher machine is completed at the same physical position, and under the condition that the key management system and the key charging machine are not at the same position, the key charging machine can safely charge keys for security chips, interaction between the charging machine and the key management system is the transmission of no key information, and the charged key information, Ciphertext information is not transmitted through an internet channel, and the security of key charging is improved.

Further, the method for enabling the filler to proxy the security chip to send a first request for charging a key to a key management system and receive charging information returned by the key management system includes:

the filling machine acquires the ID of the security chip and the key amount required to be filled;

the key management system sends a first charging key request to the charging machine;

and the filling machine acquires the filling information returned by the key management system.

Further, the fillerator sends the filleration information to a first key manager to cause the first key manager to establish a key distribution link with a second key manager via a QKDN controller, including:

the charging machine sends a fourth charging key request to the first key manager, wherein the fourth charging key request carries the charging information;

the first key manager sends key distribution channel data to the QKDN controller based on the fourth fill key request;

the QKDN controller establishes a quantum distribution and relay channel according to the key distribution channel data, and provides the charging key pair for the first key manager and the second key manager respectively;

and the filling machine acquires response information returned by the first key manager.

Further, the filler sending a second request for a filler key to the first key manager and filling the acquired pair of filler keys to the secure chip includes:

the charging machine acquires a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

the charging machine sends the second charging key request to the first key manager so that the first key manager encrypts the charging key pair by using the first public key to obtain a first ciphertext, wherein the second charging key request carries the first public key;

the charging machine acquires the first ciphertext and decrypts the first ciphertext by using the first private key to obtain the charging key pair;

and the filling machine fills the filling key pair into the secure chip so that the secure chip encrypts and stores the filling key pair by using a first master key.

Further, after the first key manager obtains the second join key request, the method further comprises:

the first key manager generates a first temporary key, encrypts the charging key pair by using the first temporary key to obtain a second ciphertext and sends the second ciphertext to the charging machine;

the first key manager encrypts the first temporary key by using the first public key to obtain a first encrypted key and sends the first encrypted key to the charging machine;

the filler decrypts the first encryption key by using the first private key to obtain the first temporary key;

and the charging machine decrypts the second ciphertext by using the first temporary key to obtain the charging key pair.

Further, after the first key manager obtains the second inflation key request, the method further comprises:

the first key manager generates a second temporary key and a first tamper-resistant key, and encrypts the charging key pair by using the second temporary key to obtain a third ciphertext;

the first key manager performs HMAC operation on the third ciphertext by using the first anti-tampering key to obtain a fourth ciphertext and sends the fourth ciphertext to the charger;

the first key manager uses the first public key to encrypt the second temporary key and the first tamper-resistant key respectively to obtain a second encryption key and a third encryption key, and sends the second encryption key and the third encryption key to the charger;

the filler decrypts the second encryption key and the third encryption key respectively by using the first private key to obtain a second temporary key and a first tamper-resistant key;

the filling machine performs HMAC operation on the third ciphertext by using the first anti-tampering key, and compares an operation result with the fourth ciphertext;

and when the charging machine determines that the operation result is consistent with the fourth ciphertext, decrypting the third ciphertext by using the second temporary key to obtain the charging key pair.

Further, the key management system sends a third charging key request to the second key manager, and charges the acquired charging key pair to the server crypto engine, including:

the key management system acquires a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

the key management system sends the third charging key request to the second key manager so that the second key manager encrypts the charging key pair by using the second public key to obtain a fifth ciphertext, wherein the third charging key request carries the second public key;

the key management system acquires the fifth ciphertext, and decrypts the fifth ciphertext by using the second private key to obtain the charging key pair;

and the key management system charges the charging key pair to the server cipher machine so that the server cipher machine encrypts and stores the charging key pair by using a second master key.

Further, after the second key manager obtains the third join key request, the method further comprises:

the second key manager generates a third temporary key, encrypts the charging key pair by using the third temporary key to obtain a sixth ciphertext and sends the sixth ciphertext to the key management system;

the second key manager encrypts the third temporary key by using the second public key to obtain a fourth encryption key and sends the fourth encryption key to the key management system;

the key management system decrypts the fourth encryption key by using the second private key to obtain the third temporary key;

and the key management system decrypts the sixth ciphertext by using the third temporary key to obtain the charging key pair.

Further, after the second key manager obtains the third join key request, the method further comprises:

the second key manager generates a fourth temporary key and a second tamper-resistant key, and encrypts the charging key pair by using the fourth temporary key to obtain a seventh ciphertext;

the second key manager performs HMAC operation on the seventh ciphertext by using the second tamper-resistant key to obtain an eighth ciphertext and sends the eighth ciphertext to the key management system;

the second key manager uses the second public key to encrypt the fourth temporary key and the second tamper-resistant key respectively to obtain a fifth encryption key and a sixth encryption key, and sends the fifth encryption key and the sixth encryption key to the key management system;

the key management system decrypts the fifth encryption key and the sixth encryption key respectively by using the second private key to obtain a fourth temporary key and a second tamper-proof key;

the key management system performs HMAC operation on the seventh ciphertext by using the second anti-tampering key, and compares an operation result with the eighth ciphertext;

and when the key management system determines that the operation result is consistent with the eighth ciphertext, decrypting the seventh ciphertext by using the fourth temporary key to obtain the charging key pair.

In addition, the invention also provides a key secure charging system based on quantum key distribution, which comprises: the system comprises a filling machine, a security chip, a key management system, a server cipher machine, a first key manager, a second key manager, a third key manager, a first quantum key distribution module, a second quantum key distribution module, a third quantum key distribution module and a QKDN controller;

the security chip is installed on the charger, the server cryptographic engine is connected with the key management system, the first key manager, the second key manager and the third key manager are all connected with the QKDN controller, the first quantum key distribution module is connected with the charger through the first key manager, the second quantum key distribution module is connected with the key management system through the second key manager, the third quantum key distribution module is connected with the QKDN controller through the third key manager, and the charger is connected with the key management system through a data communication channel, wherein:

the charging machine agent sends a first charging key request to a key management system and receives charging information returned by the key management system;

the charging machine sends the charging information to a first key manager so that the first key manager establishes a key distribution link with a second key manager through a QKDN controller, wherein the first key manager is connected with the charging machine, the second key manager is connected with the key management system, and charging key pairs are stored in the first key manager and the second key manager;

the charging machine sends a second charging key request to the first key manager and charges the obtained charging key pair to the security chip;

and the key management system sends a third charging key request to the second key manager, and charges the acquired charging key pair into the server cipher machine.

The invention has the advantages that:

(1) in the invention, a first key manager and a second key manager store charging key pairs generated by a quantum key distribution system, a charging machine is directly connected to the first key manager, a key management system is connected to the second key manager, the charging machine and the key management system respectively obtain the charging key pairs from the first key manager and the second key manager and respectively send the charging key pairs to a security chip/server cipher machine, the process of sending keys from the first key manager/the second key manager to the security chip/server cipher machine is completed at the same physical position, under the condition that the key management system and the key charging machine are not at the same position, the key charging machine can also realize the safe charging of keys for the security chip, and the interaction between the charging machine and the key management system is the transmission without key information, the key information and the ciphertext information which are filled are not transmitted through an internet channel, and the security of key filling is improved.

(2) When the charger/key management system charges the key, the key is protected by a public-private key algorithm and is sent to the secure chip/server cipher machine.

(3) In order to solve the problem of low charging rate caused by large amount of charging keys, a temporary key is generated in the first key manager/the second key manager, a public key generated in a security chip/server crypto-machine is used for encrypting the temporary key, and the charging key is encrypted by using the temporary key; in the decryption process, a private key corresponding to the security chip/server cipher machine is used for decryption to obtain a temporary key, the temporary key is used for decryption to obtain a charging key, and the temporary key generally uses a fixed length, so that a symmetric algorithm is adopted when the charging key is decrypted and restored, and the speed is good.

(4) In order to realize the integrity check of the charging key in the key charging process, a tamper-proof key is generated in the first key manager/the second key manager, a cryptographic hash message authentication code function is used for protecting a charging key ciphertext, the tamper-proof key is encrypted through a public key generated by the security chip/server cipher machine and is decrypted through a corresponding private key in the security chip/server cipher machine, and the charging key can be checked through the cryptographic hash message authentication code function after the charging key and the tamper-proof key are received by the security chip/server cipher machine, so that tampering and counterfeiting are prevented.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

FIG. 1 is a flow chart of a secure key population method based on quantum key distribution according to an embodiment of the present invention;

FIG. 2 is a schematic diagram illustrating the subdivision of step S30 according to an embodiment of the present invention;

FIG. 3 is a schematic diagram illustrating the subdivision of step S40 according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a key secure charging system based on quantum key distribution in an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, an embodiment of the present invention provides a quantum key distribution-based secure key charging method, where the quantum key distribution-based secure key charging method includes the following steps:

s10, the filling machine agent sends a first filling key request to the key management system and receives filling information returned by the key management system;

it should be noted that the secure chip is installed on the charger, the charger is connected to the key management system through a data communication channel, and the charger proxies the secure chip to initiate a key charging application to the key management system through the data communication channel between the charger and the key management system, but the charged key information and the charged ciphertext information are not transmitted through the data communication channel.

S20, the filler sending the charging information to a first key manager to enable the first key manager to establish a key distribution link with a second key manager via a QKDN controller, wherein the first key manager is connected to the charger, the second key manager is connected to the key management system, and charging key pairs are stored in the first key manager and the second key manager;

it should be noted that the first key manager and the second key manager are configured to receive and manage the pair of charging keys generated by the quantum key distribution module, and to relay the charging keys and provide the charging keys to the application requiring the password.

It should be noted that, in this embodiment, a key pair generated by the quantum key distribution module is used to replace a conventional random number source, and the generation of a symmetric key is realized by the quantum key distribution module, which provides a basis for obtaining the same charging key for the security chip/server cryptographic machine.

S30, the filling machine sends a second filling key request to the first key manager, and fills the obtained filling key pair to the secure chip;

and S40, the key management system sends a third charging key request to the second key manager, and charges the acquired charging key pair to the server cipher machine.

In this embodiment, the quantum key distribution module generates a key pair and stores the key pair in the first key manager and the second key manager, the charger/key management system is directly connected to the first key manager/the second key manager, the charger/key management system sends the charging key in the first key manager/the second key manager to the secure chip/server crypto-machine, the process of sending the key from the first key manager/the second key manager to the secure chip/server crypto-machine is completed in the same physical location, and under the condition that the key management system and the key charger are not in the same location, the key charger can safely charge the key for the secure chip, and the interaction between the charger and the key management system is the transmission of no key information, the charging key information, Ciphertext information is not transmitted through an internet channel, and the security of key charging is improved.

In addition, the invention is different from the solution described in the invention application with the publication number CN 111865589A: the embodiment is suitable for key filling into the security chip as a master key, and the scheme described in the invention application with the publication number of CN111865589A is suitable for generating a working key. The security management requirements of the master key and the working key in the cryptosystem are different, the security requirement of the master key is higher, and the master key is required to be prevented from being exposed in a transmission channel as much as possible in the production and transmission processes.

The scheme described in the invention application with the publication number of CN111865589A is suitable for use between a quantum terminal encryption module and a quantum encryption device of a business service module, and cryptographic information such as a public key and a public key encrypted K1 needs to be transmitted between the quantum terminal encryption module and the quantum encryption device, and the security of the scheme is not sufficient. In the embodiment, the key pair generated by the quantum key distribution system is used as the master key, then the key managers connected with the two ends of the quantum key distribution system encrypt and safely issue the master key, and the ciphertext of the master key are not transmitted in an internet channel between the key filler and the key management system, so that the method is safe and reliable.

In an embodiment, the step S10 specifically includes the following steps:

s11, the filling machine obtains the ID of the security chip and the key amount required to be filled;

it should be noted that, after the security chip is mounted on the filling machine, the ID of the security chip is sent to the filling machine, and the key amount required to be filled at this time is configured through the device interface of the filling machine.

S12, the charging machine sends the first charging key request to the key management system;

and S13, the charging machine acquires the charging information returned by the key management system.

The information carried by the first charging KEY request comprises a CHR _ ID, a KM _ ID _ CHR, an SE _ ID and a KEY _ NUM, the charging information comprises a SESSION _ ID, a CHR _ ID, a KM _ ID _ CHR, a KM _ ID _ KMS, an SE _ ID and a KEY _ NUM, the SESSION _ ID represents a SESSION ID, the CHR _ ID represents the charging ID, the KM _ ID _ CHR represents the ID of the first KEY manager, the SE _ ID represents the ID of the security chip, the KEY _ NUM represents the KEY amount, and the KM _ ID _ KMS represents the ID of the second KEY manager.

In one embodiment, the step S20 includes the following steps:

s21, the charging machine sends a fourth charging key request to the first key manager, wherein the fourth charging key request carries the charging information;

s22, the first key manager sending key distribution channel data to the QKDN controller based on the fourth fill key request;

s23, the QKDN controller establishes a quantum distribution and relay channel according to the key distribution channel data, and provides the charging key pair to the first key manager and the second key manager respectively;

and S24, the filling machine acquires the response information returned by the first key manager.

The KEY distribution channel data includes KM _ ID _ CHR, KM _ ID _ KMs and KEY _ NUM, the response information includes SESSION _ ID, CHR _ ID, KM _ ID _ CHR, KM _ ID _ KMs and KEY _ NUM, the SESSION _ ID indicates SESSION ID, CHR _ ID indicates ID of the charging machine, KM _ ID _ CHR indicates ID of the first KEY manager, KM _ ID _ KMs indicates ID of the second KEY manager, and KEY _ NUM indicates KEY amount.

Specifically, the QKDN controller establishes a quantum distribution and relay channel according to KM _ ID _ CHR and KM _ ID _ KMs, and provides the pair of charging KEYs to the first KEY manager and the second KEY manager, respectively, according to KEY _ NUM.

In an embodiment, referring to fig. 2, the step S30 includes the following steps:

s31, the filling machine obtains a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

s32, the charging machine sends the second charging key request to the first key manager, so that the first key manager encrypts the charging key pair by using the first public key to obtain a first ciphertext, wherein the second charging key request carries the first public key;

s33, the charging machine acquires the first ciphertext, and decrypts the first ciphertext by using the first private key to obtain the charging key pair;

and S34, the filling machine fills the filling key pair into the secure chip so that the secure chip encrypts and stores the filling key pair by using a first master key.

The information carried by the second KEY charging request includes SESSION _ ID, CHR _ ID, KM _ ID _ CHR, KM _ ID _ KMs, KEY _ NUM, SE _ ID and PUB _ SE, and the encrypted information includes SESSION _ ID, CHR _ ID, KM _ ID _ CHR, KM _ ID _ KMs, KEY _ NUM, SE _ ID, PUB _ SE and E (PUB _ SE, KEY _ CHR), the SESSION _ ID represents SESSION ID, CHR _ ID represents ID of the charging machine, KM _ ID _ CHR represents ID of the first KEY manager, KM _ ID _ s represents ID of the second KEY manager, KEY _ NUM represents KEY amount, SE _ ID represents ID of the security chip, PUB _ SE represents the first public KEY, and KEY E (PUB _ SE, KEY _ CHR) represents the first public KEY encrypted by the encryption function.

Specifically, when the first ciphertext is decrypted, E (PUB _ SE, KEY _ CHR) is decrypted by the first private KEY PRI _ SE D (PRI _ SE, E (PUB _ SE, KEY _ CHR)), and the charging KEY _ CHR is obtained.

Specifically, a first master KEY LMK _ SE is generated in the secure chip, and a charging KEY _ CHR is encrypted E (LMK _ SE, KEY _ CHR) using LMK _ SE and stored in the secure chip.

It should be noted that, the first public key generated in the security chip encrypts the charging key, and the corresponding first private key generated by the security chip is used for decryption, so as to ensure that the key is safely charged to the security chip.

In practical application, the private key generated by the security chip is used for decryption, and this scheme may result in a low charging rate when the charging key amount is large, and in order to increase the charging rate, the present embodiment makes a further improvement, where the step S30 specifically includes the following steps:

s31', the filling machine obtains a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

s32', the charging machine sending the second charging key request to the first key manager, where the second charging key request carries the first public key;

s33', the first key manager generates a first temporary key, and encrypts the charging key pair by using the first temporary key to obtain a second ciphertext and sends the second ciphertext to the charging machine;

s34', the first key manager encrypts the first temporary key by using the first public key to obtain a first encryption key and sends the first encryption key to the charger;

it should be noted that the first KEY manager generates a first temporary KEY _ TEM _1, encrypts the charging KEY with the first temporary KEY _ TEM _1 to obtain a second ciphertext E (KEY _ TEM _1, KEY _ CHR), and sends the second ciphertext E (KEY _ TEM _1, KEY _ CHR) to the charging machine, and encrypts the first temporary KEY _ TEM _1 with the first public KEY PUB _ SE to obtain a first encryption KEY E (PUB _ SE, KEY _ TEM _1), and sends the first encryption KEY E (PUB _ SE, KEY _ TEM _1) to the charging machine. The first KEY manager returns the following information SESSION _ ID, CHR _ ID, KM _ ID _ CHR, KM _ ID _ KMs, KEY _ NUM, SE _ ID, PUB _ SE, E (KEY _ TEM _1, KEY _ CHR), E (PUB _ SE, KEY _ TEM _1) to the filler.

S35', the filler uses the first private key to decrypt the first encryption key to obtain the first temporary key;

s36', the filling machine decrypts the second ciphertext by using the first temporary key to obtain the filling key pair;

it should be noted that, the charger decrypts the first encryption KEY E (PUB _ SE, KEY _ TEM _1) by the first private KEY PRI _ SE (PRI _ SE, E (PUB _ SE, KEY _ TEM _ 1)) to obtain the first temporary KEY _ TEM _ 1; the second ciphertext E (KEY _ TEM _1, KEY _ CHR) is decrypted D (KEY _ TEM _1, E (KEY _ TEM _1, KEY _ CHR)) by the first temporary KEY _ TEM _1, to obtain the charging KEY _ CHR.

S37', the filler fills the pair of filling keys to the secure chip, so that the secure chip encrypts and stores the pair of filling keys using the first master key.

In this embodiment, a first temporary secret key is generated in a first secret key manager, a first public key generated in a security chip is used to encrypt the first temporary secret key, a charging secret key is encrypted by using the first temporary secret key to obtain a second ciphertext, and then the second ciphertext is sent to a charging machine; in the decryption process, a first private key generated by the security chip is used for decryption to obtain a first temporary secret key, the first temporary secret key is used for decryption of the second ciphertext to obtain a charging secret key, and the first temporary secret key generally uses a fixed length, so that a symmetric algorithm is adopted when the charging secret key is decrypted and restored, and the speed is good.

In practical applications, in order to implement integrity verification on a charging key in a key charging process, the present embodiment is further improved, and the step S30 specifically includes the following subdivided steps:

s31 '', the filler acquires a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

s32 '', the charging machine sends the second charging key request to the first key manager, wherein the second charging key request carries the first public key;

s33 '', the first key manager generates a second temporary key and a first tamper-proof key, and encrypts the charging key pair by using the second temporary key to obtain a third ciphertext;

s34 '' the first key manager performs HMAC operation on the third ciphertext by using the first anti-tampering key to obtain a fourth ciphertext and sends the fourth ciphertext to the charger;

s35 ″, where the first key manager uses the first public key to encrypt the second temporary key and the first tamper-resistant key, respectively, so as to obtain a second encryption key and a third encryption key, and send them to the charger;

it should be noted that, the first KEY manager generates a second temporary KEY _ TEM _2 and a first tamper-resistant KEY _ MAC _1, encrypts the charging KEY with the second temporary KEY to obtain a third ciphertext E (KEY _ TEM _2, KEY _ CHR), and sends the third ciphertext E to the charging machine; encrypting the second temporary secret KEY and the first tamper-resistant secret KEY respectively by using a first public KEY of the security chip to obtain a second encryption secret KEY E (PUB _ SE, KEY _ TEM _2) and a third encryption secret KEY E (PUB _ SE, KEY _ MAC _1), and issuing the second encryption secret KEY and the third encryption secret KEY E to a filling machine; and performing HMAC algorithm processing on the third ciphertext based on the first tamper-resistant KEY to obtain a fourth ciphertext HMAC (KEY _ MAC _1, E (KEY _ TEM _2, KEY _ CHR)), and sending the fourth ciphertext HMAC to the charger.

The first key manager returns the following information to the filler: SESSION _ ID, CHR _ ID, KM _ ID _ CHR, KM _ ID _ KMS, KEY _ NUM, SE _ ID, PUB _ SE, E (KEY _ TEM _2, KEY _ CHR), E (PUB _ SE, KEY _ TEM _2), E (PUB _ SE, KEY _ MAC _1), HMAC (KEY _ MAC _1, E (KEY _ TEM _2, KEY _ CHR)).

S36 ″, the filler decrypting the second encryption key and the third encryption key respectively using the first private key to obtain the second temporary key and the first tamper-resistant key;

s37 ″, the filler performing HMAC operation on the third ciphertext using the first tamper resistant key, and comparing the operation result with the fourth ciphertext;

s38 '', when the filler determines that the operation result is consistent with the fourth ciphertext, decrypting the third ciphertext by using the second temporary key to obtain the filler key pair;

it should be noted that the charger decrypts E (PUB _ SE, KEY _ TEM _2) by PRI _ SE, and obtains KEY _ TEM _2 by D (PRI _ SE, E (PUB _ SE, KEY _ TEM _ 2)), decrypts E (PUB _ SE, KEY _ MAC _1) by PRI _ SE, and obtains KEY _ MAC _1 by D (PRI _ SE, E (PUB _ SE, KEY _ MAC _ 1)), performs HMAC operation on KEY _ MAC _1 and E (KEY _ TEM _2, KEY _ CHR), compares the HMAC operation with the received HMAC (KEY _ MAC _1, E (KEY _ TEM _2, KEY _ CHR)) to determine the consistency of the KEY, and after the consistency is passed, decrypts E (KEY _ TEM _2, KEY _ CHR) by D (KEY _ TEM _2, E (KEY _ TEM _2, KEY _ CHR)) by KEY _ SE.

S39 '', the filling machine fills the filling key pair to the security chip, so that the security chip encrypts and stores the filling key pair by using a first master key.

In the embodiment, the anti-tampering key is generated in the first key manager, the charging key ciphertext is protected by using the encrypted hash message authentication code function, the anti-tampering key is encrypted by the first public key generated by the security chip and is decrypted by the corresponding first private key in the security chip, and after the charging key and the first anti-tampering key are received by the charging machine, the charging key can be verified by using the encrypted hash message authentication code function, so that tampering and counterfeiting are prevented.

In an embodiment, referring to fig. 3, the step S40 includes the following steps:

s41, the key management system acquires a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

s42, the key management system sends the third charging key request to the second key manager, so that the second key manager encrypts the charging key pair using the second public key to obtain a fifth ciphertext, where the third charging key request carries the second public key;

the information carried by the third charging KEY request comprises SESSION _ ID, KMS _ ID, KM _ ID _ CHR, KM _ ID _ KMS, KEY _ NUM, HSM _ ID and a second public KEY PUB _ HSM; the HSM _ ID is a server cipher machine ID, and the KMS _ ID is a key management system ID.

And the second KEY manager encrypts the charging KEY pair by using the second public KEY to obtain a fifth ciphertext E (PUB _ HSM, KEY _ CHR).

The information returned to the KEY management system by the second KEY manager comprises SESSION _ ID, KMS _ ID, KM _ ID _ CHR, KM _ ID _ KMS, KEY _ NUM, HSM _ ID, PUB _ HSM and E (PUB _ HSM, KEY _ CHR) which carry the following information.

S43, the key management system acquires the fifth ciphertext, and decrypts the fifth ciphertext by using the second private key to obtain the charging key pair;

the KEY management system decrypts the fifth ciphertext E (PUB _ HSM, KEY _ CHR) by using the second private KEY PRI _ HSM to obtain the KEY _ CHR.

And S44, the key management system charges the charging key pair to the server cryptographic machine so that the server cryptographic machine encrypts and stores the charging key pair by using a second master key.

And the KEY _ CHR is encrypted by using the second master KEY LMK _ HSM (LMK _ HSM, KEY _ CHR) and stored in the server cryptograph.

It should be noted that the second public key generated in the server crypto-engine encrypts the charging key, and the corresponding second private key generated by the server crypto-engine is used for decryption, so as to ensure that the key is safely charged to the server crypto-engine.

In practical application, the private key generated by the server crypto engine is used for decryption, and this scheme results in a low charging rate when the charging key amount is large, and in order to increase the charging rate, the present embodiment makes a further improvement, where the step S40 specifically includes the following subdivided steps:

s41', the key management system obtains a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

s42', the key management system sends the third charging key request to the second key manager, where the second charging key request carries the second public key;

s43', the second key manager generates a third temporary key, encrypts the charging key pair by using the third temporary key to obtain a sixth ciphertext and sends the sixth ciphertext to the key management system;

s44', the second key manager encrypts the third temporary key by using the second public key to obtain a fourth encryption key and sends the fourth encryption key to the key management system;

the second KEY manager generates a third temporary KEY KEY _ TEM _3, encrypts the charging KEY by using the third temporary KEY to obtain a sixth ciphertext E (KEY _ TEM _3 and KEY _ CHR), and sends the sixth ciphertext E to the KEY management system; and encrypting the third temporary KEY by using a second public KEY PUB _ HSM generated by the server cipher machine to obtain a fourth encryption KEY E (PUB _ HSM, KEY _ TEM _3), and issuing the fourth encryption KEY E (PUB _ HSM, KEY _ TEM _3) to the KEY management system.

The second KEY manager returns the following information SESSION _ ID, KMS _ ID, KM _ ID _ CHR, KM _ ID _ KMS, KEY _ NUM, HSM _ ID, PUB _ HSM, E (KEY _ TEM _3, KEY _ CHR), E (PUB _ HSM, KEY _ TEM _3) to the KEY management system.

S45', the key management system decrypting the fourth encryption key using the second private key to obtain the third temporary key;

s46', the key management system decrypts the sixth ciphertext using the third temporary key to obtain the pair of padding keys;

the KEY management system decrypts E (PUB _ HSM, KEY _ TEM _3) through PRI _ HSM to obtain D (PRI _ HSM, E (PUB _ HSM, KEY _ TEM)) and KEY _ TEM _3, and decrypts E (KEY _ TEM _3, KEY _ CHR) through KEY _ TEM _3 to obtain KEY _ CHR.

S47', the key management system charges the charging key pair to the server crypto-machine, so that the server crypto-machine encrypts and stores the charging key pair using a second master key.

And the server cryptograph generates a second main KEY LMK _ HSM, and encrypts E (LMK _ HSM and KEY _ CHR) by using the LMK _ HSM and stores the E in the server cryptograph.

In this embodiment, a third temporary secret key is generated in the second secret key manager, the second public key generated in the security chip is used to encrypt the third temporary secret key, the third temporary secret key is used to encrypt the charging secret key, a sixth ciphertext is obtained, and then the sixth ciphertext is sent to the secret key management system; in the decryption process, a second private key generated by the security chip is used for decryption to obtain a third temporary secret key, the third temporary secret key is used for decryption of the sixth ciphertext to obtain a charging secret key, and the third temporary secret key generally uses a fixed length, so that a symmetric algorithm is adopted when the charging secret key is decrypted and restored, and the speed is good.

In practical applications, in order to implement integrity verification on a charging key in a key charging process, the present embodiment is further improved, and the step S40 specifically includes the following subdivided steps:

s41 '', the key management system obtaining a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

s42 '', the key management system sends the third charging key request to the second key manager, and the second charging key request carries the second public key;

s43 '', the second key manager generates a fourth temporary key and a second tamper-resistant key, and encrypts the charging key pair by using the fourth temporary key to obtain a seventh ciphertext;

s44 '' the second key manager performs HMAC operation on the seventh ciphertext by using the second tamper-resistant key to obtain an eighth ciphertext and sends the eighth ciphertext to the key management system;

s45 ″, where the second key manager uses the second public key to encrypt the fourth temporary key and the second tamper-resistant key, respectively, so as to obtain a fifth encryption key and a sixth encryption key, and send the fifth encryption key and the sixth encryption key to the key management system;

the second KEY manager generates a fourth temporary KEY KEY _ TEM _4 and a second tamper-resistant KEY KEY _ MAC _2, encrypts the charging KEY by using the fourth temporary KEY to obtain a seventh ciphertext E (KEY _ TEM _4, KEY _ CHR and sends the seventh ciphertext E to the KEY management system, encrypts the fourth temporary KEY and the second tamper-resistant KEY by using a second public KEY of the server cipher machine respectively to obtain a fifth cryptographic KEY E (PUB _ HSM, KEY _ TEM _4 and a sixth cryptographic KEY E (PUB _ HSM, KEY _ MAC _2) and sends the fifth cryptographic KEY E to the KEY management system, and obtains an eighth ciphertext HMAC (KEY _ MAC _2, E (KEY _ TEM _4, KEY _ CHR)) and transmits the eighth ciphertext HMAC (KEY _ MAC _2, E (KEY _ TEM _4, KEY _ CHR)) to the KEY management system after the seventh ciphertext is subjected to HMAC algorithm processing based on the second tamper-resistant KEY.

Wherein the second key manager returns the following information to the key management system: SESSION _ ID, KMS _ ID, KM _ ID _ CHR, KM _ ID _ KMS, KEY _ NUM, HSM _ ID, PUB _ HSM, E (KEY _ TEM _4, KEY _ CHR), E (PUB _ HSM, KEY _ TEM _4), E (PUB _ HSM, KEY _ MAC _2), HMAC (KEY _ MAC _2, E (KEY _ TEM _4, KEY _ CHR)).

S46 ″, the key management system decrypts the fifth encryption key and the sixth encryption key using the second private key, respectively, to obtain the fourth temporary key and the second tamper-resistant key;

s47 ″, the key management system performing HMAC operation on the seventh ciphertext using the second tamper resistant key, and comparing the operation result with the eighth ciphertext;

s48 ″, when the key management system determines that the operation result is consistent with the eighth ciphertext, decrypting the seventh ciphertext using the fourth temporary key to obtain the charging key pair;

the KEY management system decrypts E (PUB _ HSM, KEY _ TEM _4) through the second private KEY PRI _ HSM to obtain KEY _ TEM _4, decrypts E (PUB _ HSM, KEY _ TEM _4) through the second private KEY PRI _ HSM to obtain KEY _ MAC _2, decrypts E (PUB _ HSM, KEY _ MAC _ 2)) through the second private KEY PRI _ HSM to obtain KEY _ MAC _2, performs HMAC operation on KEY _ MAC _2 and E (KEY _4, KEY _ CHR), compares the KEY _ MAC _2 with the received HMAC (KEY _ MAC _2, E (KEY _ TEM _4, KEY _ CHR) to determine the consistency of the KEYs, and decrypts E (KEY _ HSM _4, KEY _ TEM _4, KEY _ TEM _ CHR) through the KEY _ HSM _4 to obtain TEM _ CHR.

S49 ", the key management system charges the charging key pair to the server crypto-machine, so that the server crypto-machine encrypts and stores the charging key pair with the second master key.

And generating a second master KEY LMK _ HSM in the server cryptograph, and encrypting E (LMK _ HSM and KEY _ CHR) by using the LMK _ HSM for KEY _ CHR and storing the encrypted E in the server cryptograph.

In the embodiment, a second anti-tampering key is generated in the second key manager, the charging key ciphertext is protected by using the encrypted hash message authentication code function, the anti-tampering key is encrypted by a second public key generated by the server cipher machine and is decrypted by a corresponding second private key in the server cipher machine, and after the charging key and the second anti-tampering key are received by the key management system, the charging key can be verified by using the encrypted hash message authentication code function, so that tampering and counterfeiting are prevented.

In addition, referring to fig. 4, another embodiment of the present invention further provides a key secure population system based on quantum key distribution, including: the system comprises a filling machine 8, a security chip 9, a key management system 10, a server cipher machine 11, a first key manager 4, a second key manager 5, a third key manager 6, a first quantum key distribution module 1, a second quantum key distribution module 2, a third quantum key distribution module 3 and a QKDN controller 7;

the secure chip 9 is installed on the charging machine 8, the server cryptographic machine 11 is connected to the key management system 10, the first key manager 4, the second key manager 5, and the third key manager 6 are all connected to the QKDN controller 7, the first quantum key distribution module 1 is connected to the charging machine 8 through the first key manager 4, the second quantum key distribution module 2 is connected to the key management system 10 through the second key manager 5, the third quantum key distribution module 3 is connected to the QKDN controller 7 through the third key manager 6, the charging machine 8 is connected to the key management system 10 through a data communication channel, where:

the charging machine 8 sends a first charging key request to a key management system 10 by taking the proxy of the secure chip 9, and receives charging information returned by the key management system 10;

the filler 8 sends the filling information to a first key manager 4, so that the first key manager establishes a key distribution link with a second key manager 5 through a QKDN controller 7, wherein the first key manager 4 is connected with the filler 8, the second key manager 5 is connected with the key management system 10, and a filling key pair is stored in the first key manager 4 and the second key manager 5;

the charging machine 8 sends a second charging key request to the first key manager 4, and charges the obtained charging key pair to the secure chip 9;

the key management system 10 sends a third charging key request to the second key manager 5 and charges the obtained pair of charging keys into the server crypto engine 11.

Note that, the quantum key distribution module (QKD): the quantum key distribution module is used for realizing quantum key distribution of the quantum key distribution module connected with the node, so that the two parties obtain a key pair. The first quantum key distribution module 1 distributes the quantum key to the first key manager 4, and the second quantum key distribution module 2 distributes the quantum key to the second key manager 5; after the physical connection is completed, the third quantum key distribution module 3 performs quantum key distribution with the first quantum key distribution module 1 and the second quantum key distribution module 2, respectively, and obtains a key K13 in the first and third quantum key distribution modules, and obtains a key K23 in the second and third quantum key distribution modules.

Key Manager (KM): responsible for receiving and managing the keys generated by the QKD relaying the keys and providing the keys to applications requiring cryptography. After the physical connection is completed, the third key manager 6 establishes key relay channels with the first key manager 4 and the second key manager 5, respectively, and receives the QKDN controller 7 to control key relay, so that the first key manager 4 and the second key manager 5 provide a key pair to the outside.

QKDN controller: the system is used for controlling various resources of the QKD network so as to ensure the safe, stable, efficient and robust operation of the QKD network.

Charger (CHR): the security chip is used for charging a key externally provided by KM into the security chip.

Security chip (SE): the key storage device is used for being connected to the filling machine and is used for storing the key provided by the filling machine.

Key Management System (KMS): the system is used for being responsible for creating and managing keys, protecting confidentiality, integrity and availability of the keys and meeting the key management requirements of applications and services.

Server crypto machine (HSM): is used for safely storing the key and providing various cryptographic operation services.

In this embodiment, the key pair generated by the quantum key distribution module is used to replace a conventional random number source, and the generation of the symmetric key is realized by the quantum key distribution module, thereby providing a basis for obtaining the same charging key for the security chip/server cryptographic machine.

The security chip is installed on the charging machine, the charging machine is connected with the key management system through a data communication channel, the charging machine agent security chip initiates a key charging application to the key management system through the data communication channel between the charging machine and the key management system, but the charged key information and the charged ciphertext information are not transmitted through the data communication channel.

In this embodiment, the quantum key distribution module generates a key pair and stores the key pair in the first key manager and the second key manager, the charger/key management system is directly connected to the first key manager/the second key manager, the charger/key management system sends the charging key in the first key manager/the second key manager to the secure chip/server crypto-machine, the process of sending the key from the first key manager/the second key manager to the secure chip/server crypto-machine is completed in the same physical location, and the key management system and the key charger are not in the same location, so that the key charger can safely charge the key for the secure chip, and the interaction between the charger and the key management system is the transmission without key information, and the charged key information, Ciphertext information is not transmitted through an internet channel, and the security of key charging is improved.

In one embodiment, the filler includes:

the first public and private key acquisition module is used for acquiring a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

a first key request module, configured to send the second charging key request to the first key manager, so that the first key manager encrypts the charging key pair using the first public key to obtain a first ciphertext, where the second charging key request carries the first public key;

the first decryption module is used for acquiring the first ciphertext and decrypting the first ciphertext by using the first private key to obtain the charging key pair;

and the first charging module is used for charging the charging key pair to the secure chip so that the secure chip encrypts and stores the charging key pair by using a first master key.

It should be noted that, the first public key generated in the security chip encrypts the charging key, and the corresponding first private key generated by the security chip is used for decryption, so as to ensure that the key is safely charged to the security chip.

In practical application, the private key generated by the security chip is used for decryption, the filling rate is low when the filling key amount is large in the scheme, in order to improve the filling rate, further improvement is made in the embodiment, and the first key request module is specifically used for:

sending the second charging key request to the first key manager so that the first key manager generates a first temporary key, encrypting the charging key pair by using the first temporary key to obtain a second ciphertext, and sending the second ciphertext to the charging machine;

and the first key manager encrypts the first temporary key by using the first public key to obtain a first encryption key and sends the first encryption key to the charging machine.

Correspondingly, the first decryption module is specifically configured to:

decrypting the first encryption key by using the first private key to obtain the first temporary key;

and decrypting the second ciphertext by using the first temporary key to obtain the charging key pair.

In this embodiment, a first temporary key is generated in a first key manager, the first temporary key is encrypted by using a first public key generated in a security chip, a charging key is encrypted by using the first temporary key to obtain a second ciphertext, and then the second ciphertext is issued to a charging machine; in the decryption process, a first private key generated by the security chip is used for decryption to obtain a first temporary secret key, the first temporary secret key is used for decryption of the second ciphertext to obtain a charging secret key, and the first temporary secret key generally uses a fixed length, so that a symmetric algorithm is adopted when the charging secret key is decrypted and restored, and the speed is good.

In practical application, in order to implement integrity check on a charging key in a key charging process, the embodiment further improves that the first key request module is specifically configured to:

sending the second charging key request to the first key manager so that the first key manager generates a second temporary key and a first tamper-proof key, and encrypting the charging key pair by using the second temporary key to obtain a third ciphertext;

enabling the first key manager to perform HMAC operation on the third ciphertext by using the first anti-tampering key to obtain a fourth ciphertext and sending the fourth ciphertext to the charger;

and enabling the first key manager to use the first public key to encrypt the second temporary key and the first tamper-resistant key respectively to obtain a second encryption key and a third encryption key, and sending the second encryption key and the third encryption key to the charger.

Correspondingly, the first decryption module is specifically configured to:

decrypting the second encryption key and the third encryption key respectively by using the first private key to obtain a second temporary key and a first anti-tampering key;

performing HMAC operation on the third ciphertext by using the first anti-tampering key, and comparing an operation result with the fourth ciphertext;

and when the operation result is consistent with the fourth ciphertext, decrypting the third ciphertext by using the second temporary key to obtain the charging key pair.

In the embodiment, the anti-tampering key is generated in the first key manager, the charging key ciphertext is protected by using the encrypted hash message authentication code function, the anti-tampering key is encrypted by the first public key generated by the security chip and is decrypted by the corresponding first private key in the security chip, and after the charging key and the first anti-tampering key are received by the charging machine, the charging key can be verified by using the encrypted hash message authentication code function, so that tampering and counterfeiting are prevented.

In one embodiment, the key management system comprises:

the second public and private key acquisition module is used for acquiring a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

a second key request module, configured to send the third charging key request to the second key manager, so that the second key manager encrypts the charging key pair using the second public key to obtain a fifth ciphertext, where the third charging key request carries the second public key;

the second decryption module is used for acquiring the fifth ciphertext and decrypting the fifth ciphertext by using the second private key to obtain the charging key pair;

and the second charging module is used for charging the charging key pair to the server cryptographic machine so that the server cryptographic machine encrypts and stores the charging key pair by using a second master key.

It should be noted that the second public key generated in the server crypto-engine encrypts the charging key, and the corresponding second private key generated by the server crypto-engine is used for decryption, so as to ensure that the key is safely charged to the server crypto-engine.

In practical application, the private key generated by the server crypto engine is used for decryption, and this scheme may result in a low charging rate when the charging key amount is large, in order to increase the charging rate, further improvement is made in this embodiment, and the second key request module is specifically configured to:

sending the third charging key request to the second key manager, where the second charging key request carries the second public key;

enabling the second key manager to generate a third temporary key, encrypting the charging key pair by using the third temporary key to obtain a sixth ciphertext, and issuing the sixth ciphertext to the key management system;

and the second key manager encrypts the third temporary key by using the second public key to obtain a fourth encryption key and sends the fourth encryption key to the key management system.

Correspondingly, the second decryption module is specifically configured to:

decrypting the fourth encryption key by using the second private key to obtain a third temporary key;

and decrypting the sixth ciphertext by using the third temporary key to obtain the charging key pair.

In this embodiment, a third temporary secret key is generated in the second secret key manager, the second public key generated in the security chip is used to encrypt the third temporary secret key, the third temporary secret key is used to encrypt the charging secret key, a sixth ciphertext is obtained, and then the sixth ciphertext is sent to the secret key management system; in the decryption process, a second private key generated by the security chip is used for decryption to obtain a third temporary secret key, the third temporary secret key is used for decryption of the sixth ciphertext to obtain a charging secret key, and the third temporary secret key generally uses a fixed length, so that a symmetric algorithm is adopted when the charging secret key is decrypted and restored, and the speed is good.

In practical application, in order to implement integrity check on a charging key in a key charging process, the embodiment further improves, and the second decryption module is specifically configured to:

sending the third charging key request to the second key manager so that the second key manager generates a fourth temporary key and a second tamper-resistant key, and encrypting the charging key pair by using the fourth temporary key to obtain a seventh ciphertext;

enabling the second key manager to perform HMAC operation on the seventh ciphertext by using the second anti-tampering key to obtain an eighth ciphertext and sending the eighth ciphertext to the key management system;

and enabling the second key manager to use the second public key to encrypt the fourth temporary key and the second tamper-resistant key respectively to obtain a fifth encryption key and a sixth encryption key, and sending the fifth encryption key and the sixth encryption key to the key management system.

Correspondingly, the second decryption module is specifically configured to:

decrypting the fifth encryption key and the sixth encryption key respectively by using the second private key to obtain the fourth temporary key and the second tamper-resistant key;

performing HMAC operation on the seventh ciphertext by using the second anti-tampering key, and comparing an operation result with the eighth ciphertext;

and when the operation result is determined to be consistent with the eighth ciphertext, decrypting the seventh ciphertext by using the fourth temporary key to obtain the charging key pair.

In the embodiment, a second anti-tampering key is generated in the second key manager, the charging key ciphertext is protected by using the encrypted hash message authentication code function, the anti-tampering key is encrypted by a second public key generated by the server cipher machine and is decrypted by a corresponding second private key in the server cipher machine, and after the charging key and the second anti-tampering key are received by the key management system, the charging key can be verified by using the encrypted hash message authentication code function, so that tampering and counterfeiting are prevented.

It should be noted that other embodiments or methods of implementing the quantum key distribution-based key secure population system of the present invention may refer to the above-described method embodiments, and no redundancy is required here.

It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.

Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (9)

1. A method for secure key population based on quantum key distribution, the method comprising:

the method comprises the steps that a charging machine proxy security chip sends a first charging key request to a key management system and receives charging information returned by the key management system;

the charging machine sends the charging information to a first key manager so that the first key manager establishes a key distribution link with a second key manager through a QKDN controller, wherein the first key manager is connected with the charging machine, the second key manager is connected with the key management system, charging key pairs are stored in the first key manager and the second key manager, and the charging key pairs are master keys;

the charging machine sends a second charging key request to the first key manager and charges the obtained charging key pair to the secure chip;

the key management system sends a third key filling request to the second key manager, and fills the acquired key filling pair into the server cipher machine;

the filler sending the filler information to a first key manager to cause the first key manager to establish a key distribution link with a second key manager via a QKDN controller, comprising:

the charging machine sends a fourth charging key request to the first key manager, wherein the fourth charging key request carries the charging information;

the first key manager sends key distribution channel data to the QKDN controller based on the fourth fill key request;

the QKDN controller establishes a quantum distribution and relay channel according to the key distribution channel data, and provides the charging key pair for the first key manager and the second key manager respectively;

and the filling machine acquires response information returned by the first key manager.

2. The method for securely charging a key based on quantum key distribution according to claim 1, wherein the charger agent sends a first charging key request to a key management system by the secure chip and receives charging information returned by the key management system, and comprises:

the filling machine acquires the ID of the security chip and the key amount required to be filled;

the key management system sends a first charging key request to the charging machine;

and the filling machine acquires the filling information returned by the key management system.

3. A quantum-key-distribution-based key secure population method as recited in claim 1, wherein the population machine sends a second population key request to the first key manager and populates the acquired population key pair to the secure chip, comprising:

the charging machine acquires a first public and private key pair generated by the security chip, wherein the first public and private key pair comprises a first public key and a first private key;

the charging machine sends the second charging key request to the first key manager so that the first key manager encrypts the charging key pair by using the first public key to obtain a first ciphertext, wherein the second charging key request carries the first public key;

the charging machine acquires the first ciphertext and decrypts the first ciphertext by using the first private key to obtain the charging key pair;

and the filling machine fills the filling key pair into the secure chip so that the secure chip encrypts and stores the filling key pair by using a first master key.

4. A quantum key distribution based key secure population method as claimed in claim 3, wherein after the first key manager obtains the second population key request, the method further comprises:

the first key manager generates a first temporary key, encrypts the charging key pair by using the first temporary key to obtain a second ciphertext and sends the second ciphertext to the charging machine;

the first key manager encrypts the first temporary key by using the first public key to obtain a first encryption key and sends the first encryption key to the charger;

the filler decrypts the first encryption key by using the first private key to obtain the first temporary key;

and the charging machine decrypts the second ciphertext by using the first temporary key to obtain the charging key pair.

5. A quantum key distribution based key secure population method as claimed in claim 3, wherein after the first key manager obtains the second population key request, the method further comprises:

the first key manager generates a second temporary key and a first tamper-resistant key, and encrypts the charging key pair by using the second temporary key to obtain a third ciphertext;

the first key manager performs HMAC operation on the third ciphertext by using the first anti-tampering key to obtain a fourth ciphertext and sends the fourth ciphertext to the charger;

the first key manager uses the first public key to encrypt the second temporary key and the first tamper-proof key respectively to obtain a second encryption key and a third encryption key, and sends the second encryption key and the third encryption key to the charger;

the filler decrypts the second encryption key and the third encryption key respectively by using the first private key to obtain a second temporary key and a first tamper-resistant key;

the filling machine performs HMAC operation on the third ciphertext by using the first anti-tampering key, and compares an operation result with the fourth ciphertext;

and when the charging machine determines that the operation result is consistent with the fourth ciphertext, decrypting the third ciphertext by using the second temporary key to obtain the charging key pair.

6. A quantum key distribution based secure key padding method as claimed in claim 1, wherein said key management system sends a third padding key request to said second key manager and pads the obtained padding key pair into the server crypto-machine, comprising:

the key management system acquires a second public and private key pair generated by the server cipher machine, wherein the second public and private key pair comprises a second public key and a second private key;

the key management system sends the third charging key request to the second key manager so that the second key manager encrypts the charging key pair by using the second public key to obtain a fifth ciphertext, wherein the third charging key request carries the second public key;

the key management system acquires the fifth ciphertext, and decrypts the fifth ciphertext by using the second private key to obtain the charging key pair;

and the key management system charges the charging key pair to the server cipher machine so that the server cipher machine encrypts and stores the charging key pair by using a second master key.

7. A quantum key distribution based key secure population method as claimed in claim 6, wherein after the second key manager obtains the third population key request, the method further comprises:

the second key manager generates a third temporary key, encrypts the charging key pair by using the third temporary key to obtain a sixth ciphertext and sends the sixth ciphertext to the key management system;

the second key manager encrypts the third temporary key by using the second public key to obtain a fourth encryption key and sends the fourth encryption key to the key management system;

the key management system decrypts the fourth encryption key by using the second private key to obtain the third temporary key;

and the key management system decrypts the sixth ciphertext by using the third temporary key to obtain the charging key pair.

8. A quantum key distribution based key secure population method as claimed in claim 6, wherein after the second key manager obtains the third population key request, the method further comprises:

the second key manager generates a fourth temporary key and a second tamper-resistant key, and encrypts the charging key pair by using the fourth temporary key to obtain a seventh ciphertext;

the second key manager performs HMAC operation on the seventh ciphertext by using the second tamper-resistant key to obtain an eighth ciphertext and sends the eighth ciphertext to the key management system;

the second key manager uses the second public key to encrypt the fourth temporary key and the second tamper-resistant key respectively to obtain a fifth encryption key and a sixth encryption key, and sends the fifth encryption key and the sixth encryption key to the key management system;

the key management system decrypts the fifth encryption key and the sixth encryption key respectively by using the second private key to obtain the fourth temporary key and the second tamper-resistant key;

the key management system performs HMAC operation on the seventh ciphertext by using the second anti-tampering key, and compares an operation result with the eighth ciphertext;

and when the key management system determines that the operation result is consistent with the eighth ciphertext, decrypting the seventh ciphertext by using the fourth temporary key to obtain the charging key pair.

9. A system for secure key charging based on quantum key distribution, the system comprising: the system comprises a filling machine, a security chip, a key management system, a server cipher machine, a first key manager, a second key manager, a third key manager, a first quantum key distribution module, a second quantum key distribution module, a third quantum key distribution module and a QKDN controller;

the security chip is installed on the charging machine, the server cipher machine is connected with the key management system, the first key manager, the second key manager and the third key manager are all connected with the QKDN controller, the first quantum key distribution module is connected with the charging machine through the first key manager, the second quantum key distribution module is connected with the key management system through the second key manager, the third quantum key distribution module is connected with the QKDN controller through the third key manager, the charging machine is connected with the key management system through a data communication channel, wherein:

the charging machine agent sends a first charging key request to a key management system and receives charging information returned by the key management system;

the charging machine sends the charging information to a first key manager so that the first key manager establishes a key distribution link with a second key manager through a QKDN controller, wherein the first key manager is connected with the charging machine, the second key manager is connected with the key management system, charging key pairs are stored in the first key manager and the second key manager, and the charging key pairs are master keys;

the charging machine sends a second charging key request to the first key manager and charges the obtained charging key pair to the security chip;

the key management system sends a third key filling request to the second key manager, and fills the acquired key filling pair into the server cipher machine;

the filler sending the filler information to a first key manager to cause the first key manager to establish a key distribution link with a second key manager via a QKDN controller, comprising:

the charging machine sends a fourth charging key request to the first key manager, wherein the fourth charging key request carries the charging information;

the first key manager sends key distribution channel data to the QKDN controller based on the fourth fill key request;

the QKDN controller establishes a quantum distribution and relay channel according to the key distribution channel data, and provides the charging key pair for the first key manager and the second key manager respectively;

and the filling machine acquires response information returned by the first key manager.

Images