CN115225411A - Quantum security verification method, system, server and medium for confidential document transmission - Google Patents

Quantum security verification method, system, server and medium for confidential document transmission Download PDF

Info

Publication number
CN115225411A
CN115225411A CN202211140018.2A CN202211140018A CN115225411A CN 115225411 A CN115225411 A CN 115225411A CN 202211140018 A CN202211140018 A CN 202211140018A CN 115225411 A CN115225411 A CN 115225411A
Authority
CN
China
Prior art keywords
quantum
file
verification
information
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211140018.2A
Other languages
Chinese (zh)
Other versions
CN115225411B (en
Inventor
刘光
刘子敬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dragon Totem Technology Hefei Co ltd
Original Assignee
Dragon Totem Technology Hefei Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dragon Totem Technology Hefei Co ltd filed Critical Dragon Totem Technology Hefei Co ltd
Priority to CN202211140018.2A priority Critical patent/CN115225411B/en
Publication of CN115225411A publication Critical patent/CN115225411A/en
Application granted granted Critical
Publication of CN115225411B publication Critical patent/CN115225411B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention is suitable for the technical document management field, and provides a quantum security verification method, a system, a server and a medium for confidential file transmission, wherein the method comprises the following steps: the verification method comprises the following steps: receiving service request information from a file server; generating a pair of first quantum verification information and second quantum verification information of mutual quantum authentication according to the service request information; receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server; and verifying whether the first quantum verification information and the third quantum verification information can perform mutual quantum authentication or not, and whether the second quantum verification information and the fourth quantum verification information can perform mutual quantum authentication or not. And verifying that the communication between the file server and the client is credible through the first verification request information and the second verification request information so as to transmit the file and ensure the security of the file.

Description

Quantum security verification method, system, server and medium for confidential document transmission
Technical Field
The invention relates to the technical document management field, in particular to a safe transmission method of patent files.
Background
As a legal document, a special document used in patent application has strict requirements on format, font, punctuation mark, etc., so that the document transmission accuracy needs to be ensured no matter the document is a technical filing document, an unapplied patent application document, or an applied patent application, etc., wherein especially for the technical filing document, because the document belongs to the more central confidentiality of a company, the leakage in the document transmission process needs to be prevented.
With the development of network technology, besides official databases and some business databases, some enterprises also establish independent databases to manage technical files and the like; the file is uploaded and downloaded naturally, and the file is uploaded and downloaded directly after simple verification by requesting the server from the client in the prior art.
The prior art has lower safety in the process of uploading and downloading files.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a quantum security verification method, system, server and medium for secure file transmission.
A quantum security verification method for confidential document transmission is applied to a quantum verification server side, and comprises the following steps:
receiving service request information from a file server, wherein the service request information comprises a first identity identifier, a second identity identifier and a third identity identifier, and the first identity identifier is used for uniquely identifying the identity of a file to be transmitted; the second identity mark is used for uniquely identifying the identity of the client, and the third identity mark is used for uniquely identifying the identity of the file server;
generating a pair of first quantum verification information and second quantum verification information of mutual quantum authentication according to the service request information; the method comprises the steps of sending a first identity mark and first quantum verification information to a file server side, and sending the first identity mark and second quantum verification information to a client side;
receiving first verification request information from a file server, wherein the first verification request information comprises a first identity identifier and third quantum verification information received by the file server from a client;
receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server;
verifying whether the first quantum verification information and the third quantum verification information can carry out mutual quantum authentication or not, and whether the second quantum verification information and the fourth quantum verification information can carry out mutual quantum authentication or not; if the verification result is yes, the third quantum verification information and the second quantum verification information are the same verification information, and the fourth quantum verification information and the first quantum verification information are the same verification information; and sending an instruction for determining to transmit the file to be transmitted to the file server.
In one embodiment, a secure file transfer system is provided, comprising:
the quantum verification server is used for executing the quantum security verification method for the confidential document transmission;
the system comprises a file server, a quantum verification server and a client, wherein the file server is used for receiving file transmission request information from the client, sending the service request information to the quantum verification server according to the file transmission request information, receiving a first identity and first quantum verification information from the quantum verification server, sending the first quantum verification information to the client as fourth quantum verification information, receiving third quantum verification information from the client, and sending first verification request information to the quantum verification server, and the first verification request information comprises the first identity and the third quantum verification information;
the client is used for sending the file transmission request information to the file server, receiving a first identity identification and second quantum verification information sent by the quantum verification server, sending the second quantum information serving as third quantum verification information to the file server, receiving fourth quantum verification information sent by the file server, and sending second verification request information by the quantum verification server, wherein the second verification request information comprises the first identity identification and the fourth quantum verification information.
In one embodiment, a quantum authentication server is provided, which includes a memory and a processor, wherein the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to execute the steps of the quantum security authentication method for secure file transmission.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, causes the processor to perform the steps of a method of quantum security authentication of secure file transfers as described above.
According to the quantum security verification method, the system, the server and the medium for confidential file transmission, the quantum verification server firstly verifies the identities of the file server and the client through the service request of the file server, then verifies that the communication between the file server and the client is credible through the first quantum verification information and the second quantum verification information and the first verification request information and the second verification request information, and sends the result to the file server after the verification is passed so as to transmit the file and ensure the security of the file.
Drawings
FIG. 1 is a diagram of an application environment for a quantum security authentication method for secure file transfers provided in one embodiment;
FIG. 2 is a flow diagram of a quantum security verification method for secure file transfers in one embodiment;
FIG. 3 is a flow diagram of a quantum security verification method for secure document transmission in another embodiment;
FIG. 4 is a flow diagram of a quantum security verification method for secure document transfers in another embodiment;
FIG. 5 is a flow diagram of a quantum security verification method for secure document transfers in another embodiment;
FIG. 6 is a timing diagram illustrating a quantum security verification method for secure file transfers in one embodiment;
FIG. 7 is a timing diagram of a quantum security verification method for secure file transfers in another embodiment;
FIG. 8 is a block diagram showing an internal configuration of a computer device according to one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms unless otherwise specified. These terms are only used to distinguish one element from another. For example, a first xx script may be referred to as a second xx script, and similarly, a second xx script may be referred to as a first xx script, without departing from the scope of the present application.
Fig. 1 is a diagram of an application environment of a quantum security authentication method for secure file transmission according to an embodiment, as shown in fig. 1, in the application environment, including a client 110, a quantum authentication server 120, and a file server 130.
The client 110 may be a program running on a computer device, which may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like. The client 110, the quantum verification server 120, and the file server 130 may be connected to each other through a network, which is not limited herein.
The quantum verification server 120 may be an independent physical server or terminal, may be a server cluster formed by a plurality of physical servers, and may be a cloud server providing quantum authentication service.
The file server 130 may be an independent physical server or terminal, may also be a server cluster formed by a plurality of physical servers, and may be a cloud server providing basic cloud computing services such as a cloud server, a cloud database, a cloud storage, and a CDN.
As shown in fig. 2, in an embodiment, a quantum security verification method for secure file transmission is provided, and this embodiment is mainly illustrated by applying the method to the quantum verification server 120 in fig. 1. The method specifically comprises the following steps:
step S202, receiving service request information from a file server, wherein the service request information comprises a first identity mark, a second identity mark and a third identity mark, and the first identity mark is used for uniquely identifying the identity of a file to be transmitted; the second identity mark is used for uniquely identifying the identity of the client, and the third identity mark is used for uniquely identifying the identity of the file server;
in this embodiment, when a file needs to be transmitted between the client and the file server, the client may first initiate a file transmission request to the file server, and send information of the file needing to be transmitted to the file server, and when the client sends information of the file needing to be transmitted, the client may synchronously send its own identity information. The client does not directly communicate with the quantum verification server, the file server sends file information to be transmitted and identity information of the client to the quantum verification server, the quantum verification server verifies the identity of the client and the identity of the file server, and acquires information of files to be transmitted, specifically, first identity marks recording the identities of the files to be transmitted, each first identity mark only marks one file to be transmitted, and the types of the first identity marks can be not unique. For example, when the security document is a patent document, the first identity identifier may be its publication number, application number, file name, etc.; when the security document is a technical background, the first identity identifier may be a background name, an internal number, or the like.
Step S204, generating a pair of first quantum verification information and second quantum verification information mutually quantum-authenticated according to the service request information; the first identity identification and the first quantum verification information are sent to the file server side, and the first identity identification and the second quantum verification information are sent to the client side;
in this embodiment, the quantum verification server is mainly configured to verify the credibility of the communication between the client and the file server, where the first quantum verification information and the second quantum verification information may be a pair of random numbers, and a correspondence between the pair of random numbers may be recorded in the quantum verification server, so as to verify the authenticity of the pair of random numbers and the correspondence in the subsequent process.
Step S206, receiving first verification request information from a file server, wherein the first verification request information comprises a first identity identifier and third quantum verification information received by the file server from a client;
in this embodiment, after the identity of the file server is verified, the file server sends the first verification request message to the vector verification server to verify that the communication entity in which the file server is located is a trusted communication entity. The first authentication request message comprises a first identity identification of a file to be transmitted and third quantum authentication information from the client. The quantum server sends and stores the first quantum verification information in the client, the client sends the content of the first quantum information as third quantum verification information to the file server, and the file server can directly forward the third quantum verification information to the quantum server; the content of the third quantum information should be generated by the quantum server. After the quantum server verifies, if the verification is passed, the information sent by the client to the file server can be considered to be authentic, and the file server is authentic and can be used for transmitting the secure file indicated by the first identity identifier.
Step S208, receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server;
in this embodiment, after the identity of the client is verified, the client sends the second verification request message to the sub-verification server to verify that the communication entity where the client is located is a trusted communication entity. The second verification request information comprises a first identity identification of the file to be transmitted and third quantum verification information from the file server. The quantum server sends and stores the second quantum verification information in the file server, the file server sends the content of the second quantum information as fourth quantum verification information to the client, and the client directly forwards the fourth quantum verification information to the quantum server; the content of the fourth quantum information should be generated by the quantum server. After the quantum server verifies, if the verification passes, the information sent by the file server to the client can be considered to be trusted, and the client is trusted and can be used for transmitting the file indicated by the first identity.
Step S210, verifying whether the first quantum verification information and the third quantum verification information can carry out mutual quantum authentication, and whether the second quantum verification information and the fourth quantum verification information can carry out mutual quantum authentication; if the verification result is yes, the third quantum verification information and the second quantum verification information are the same verification information, and the fourth quantum verification information and the first quantum verification information are the same verification information; and sending an instruction for determining to transmit the file to be transmitted to the file server.
In this embodiment, the quantum authentication server verifies the received first authentication request information and second authentication request information according to the initially generated first quantum authentication information and second quantum authentication information, so as to verify that the communication between the client and the file server is authentic. The pair of first quantum verification information and second quantum verification information initially generated by the quantum verification server are transmitted among the file server, the client and the quantum verification server respectively, and only by verifying that the first quantum verification information is matched with the third quantum verification information and the second quantum verification information is matched with the fourth quantum verification information, the file can be transmitted between the communication main body of the file server and the communication main body of the client, so that the safety of the file is ensured. After the verification is passed, the quantum verification server can send the result to the file server and send an instruction capable of carrying out file transmission so as to carry out the step of uploading the file to the file server by the client or transmitting the file to the client by the file server.
In the embodiment of the invention, the quantum verification server verifies the identities of the file server and the client through the service request of the file server, verifies that the communication between the file server and the client is credible through the first quantum verification information and the second quantum verification information and the first verification request information and the second verification request information, and sends the result to the file server after the verification is passed so as to transmit the file and ensure the security of the file.
As a preferred embodiment, as shown in fig. 3, the verification method further includes the steps of:
step S302, when the service request information describes a file uploading request, sending a command for determining that the file to be transmitted is transmitted to the file server as a command for storing the file to be transmitted;
step S304, when the service request information describes a file downloading request, sending an instruction for determining to transmit the file to be transmitted to the file server as an instruction for sending the file to be transmitted.
As shown in fig. 6, in an embodiment, when a client needs to upload a secure file to a file server, after the quantum verification server passes verification, an instruction for determining to transmit the file to be transmitted is sent to the file server, where the instruction is an instruction for storing the file to be transmitted, so that the file server receives the secure file uploaded by the client. The client side can send the file to be transmitted to the file server side together when sending the third quantum verification information to the file server side, the file server side caches the file to be transmitted first, and stores the cached file to be transmitted when receiving an instruction for determining to transmit the file to be transmitted, and therefore transmission efficiency of the confidential file is improved.
As shown in fig. 7, in an embodiment, when a client needs to download a secure file from a file server, after the quantum verification server passes verification, an instruction for determining to transmit the file to be transmitted is sent to the file server, so that the client receives the file to be transmitted sent by the file server. The file server side can extract and cache the file to be transmitted when sending the fourth quantum verification information to the client side, and send the cached file to be transmitted to the client side when receiving the instruction for determining to transmit the file to be transmitted, so that the transmission efficiency of the confidential file is improved.
As a preferred embodiment, as shown in fig. 4, the verification method further includes the following steps:
step S402, whether the identities of the client and the file server are legal or not is verified according to the second identity identification and the third identity identification, and whether first quantum verification information and second quantum verification information are sent or not is determined.
In this embodiment, the client and the file server have registered legal identities at the quantum verification server, and after receiving the service request information, the quantum server verifies whether the client and the file server are legal, and generates first quantum verification information and second quantum verification information according to the first identity in the service request information for subsequent verification after the verification is legal.
In a preferred embodiment, the second identity in the first authentication request message of the file server comes from the client. The client does not directly communicate with the quantum verification server before identity verification, the second identity identifier is sent to the file server, and the file server sends the second identity identifier to the quantum verification server. The quantum server can directly know which client and which file server need to transmit files, so that the identities of the client and the file server can be conveniently verified, and subsequent verification steps such as S204-S210 are convenient.
As a preferred embodiment, as shown in fig. 5, the steps before step S202 receives the service request information from the file server include:
step S502, acquiring and storing the binding relationship between the second identity and a fourth identity from the file server, wherein the fourth identity is used for describing the unique identity of the client communication subject.
In the process of registering by the client in the quantum verification server, the client sends the first identity of the client and the fourth identity of the communication main body of the client to the file server, the quantum verification server receives the first identity, the fourth identity and the corresponding relation of the file server, and the quantum verification server binds and stores the corresponding relation. When the file server sends the service request information to the sub-verification server, the sub-verification server verifies the client identity and the communication subject identity together, checks whether the client is a registered user and checks whether the communication subject of the client is the communication subject with the binding relationship during registration, and if the communication subject of the client is not the communication subject with the binding relationship during registration, the authentication of the client is not passed. Namely, one client can only run on one fixed communication main body, thereby further improving the safety.
As a preferred embodiment, the first quantum authentication information and the second quantum authentication information are valid for a set time period.
In this embodiment, effective durations are set for the first quantum verification information and the second quantum information, the first quantum verification information and the second quantum verification information take effect after the two are generated, and the first quantum verification information and the second quantum verification information lose effectiveness after the effective durations; on one hand, the client or the file server is prevented from not processing for a long time, and on the other hand, the complexity of verification information generation is reduced.
As shown in fig. 1, in one embodiment, a secure file transfer system is provided, which may specifically include:
the quantum authentication server is used for executing the quantum security verification method for the confidential document transmission provided by any embodiment;
the system comprises a file server, a quantum verification server and a client, wherein the file server is used for receiving file transmission request information from the client, sending the service request information to the quantum verification server according to the file transmission request information, receiving a first identity and first quantum verification information from the quantum verification server, sending the first quantum verification information to the client as fourth quantum verification information, receiving third quantum verification information from the client, and sending first verification request information to the quantum verification server, and the first verification request information comprises the first identity and the third quantum verification information;
the client is used for sending the file transmission request information to the file server, receiving a first quantum identification and second quantum verification information sent by the quantum verification server, sending the second quantum information serving as third quantum verification information to the file server, receiving fourth quantum verification information sent by the file server, and sending second verification request information by the quantum verification server, wherein the second verification request information comprises the first quantum identification and the fourth quantum verification information.
In this embodiment, the quantum authentication server, the client, and the file server can establish communication therebetween, and the client and the file server can transmit the confidential file after passing the verification of the quantum authentication server. The quantum verification server verifies the identities of the file server and the client through a service request of the file server, verifies that the communication between the file server and the client is credible through the first quantum verification information and the second quantum verification information and the first verification request information and the second verification request information, and sends a result to the file server after the verification is passed so as to transmit the file and ensure the security of the file.
As a preferred embodiment, when the service request information describes a file uploading request, the client sends a secure file to the file server after receiving second quantum verification information, and the file server temporarily stores the secure file and stores the secure file after receiving an instruction for determining to transmit the file to be transmitted;
when the service request information describes a file downloading request, the file terminal extracts and temporarily stores the confidential file corresponding to the first identity identification after receiving first quantum verification information, and sends the confidential file to the client terminal after receiving an instruction for determining to transmit the file to be transmitted.
In one embodiment, when a client needs to upload a secure file to a file server, after a quantum verification server passes verification, a command for determining to transmit the file to be transmitted is sent to the file server and is a command for storing the file to be transmitted, so that the file server receives the secure file uploaded by the client. The client side can send the file to be transmitted to the file server side together when sending the third quantum verification information to the file server side, the file server side caches the file to be transmitted first, and stores the cached file to be transmitted when receiving an instruction for determining to transmit the file to be transmitted, and therefore transmission efficiency of the confidential file is improved.
In one embodiment, when a client needs to download a confidential file from a file server, after the quantum verification server passes verification, an instruction for determining to transmit the file to be transmitted is sent to the file server, so that the client receives the file to be transmitted sent by the file server. The file server side can extract and cache the file to be transmitted when sending the fourth quantum verification information to the client side, and send the cached file to be transmitted to the client side when receiving the instruction for determining to transmit the file to be transmitted, so that the transmission efficiency of the confidential file is improved.
FIG. 8 is a diagram illustrating an internal structure of a computer device in one embodiment. The computer device may specifically be the quantum verification server in fig. 1. As shown in fig. 8, the computer apparatus includes a processor, a memory, a network interface, an input device, and a display screen connected through a system bus. Wherein the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and also stores a computer program, and when the computer program is executed by a processor, the computer program can enable the processor to realize the quantum security verification method for confidential document transmission. The internal memory may also store a computer program, and when the computer program is executed by the processor, the computer program may cause the processor to perform a quantum security authentication method for secure file transmission. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the configuration shown in fig. 8 is a block diagram of only a portion of the configuration associated with the present application, and is not intended to limit the computing device to which the present application may be applied, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a quantum verification server comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
step S202, receiving service request information from a file server, wherein the service request information comprises a first identity identifier, a second identity identifier and a third identity identifier, and the first identity identifier is used for uniquely identifying the identity of a file to be transmitted; the second identity is used for uniquely identifying the identity of the client, and the third identity is used for uniquely identifying the identity of the file server;
step S204, generating a pair of first quantum verification information and second quantum verification information of mutual quantum authentication according to the service request information; the method comprises the steps of sending a first identity mark and first quantum verification information to a file server side, and sending the first identity mark and second quantum verification information to a client side;
step S206, receiving first verification request information from the file server, wherein the first verification request information comprises a first identity identifier and third quantum verification information received by the file server from the client;
step S208, receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server;
step S210, verifying whether the first quantum verification information and the third quantum verification information can carry out mutual quantum authentication or not, and whether the second quantum verification information and the fourth quantum verification information can carry out mutual quantum authentication or not; if the verification result is yes, the third quantum verification information and the second quantum verification information are the same verification information, and the fourth quantum verification information and the first quantum verification information are the same verification information; and sending an instruction for determining to transmit the file to be transmitted to the file server.
In one embodiment, a computer readable storage medium is provided, having a computer program stored thereon, which, when executed by a processor, causes the processor to perform the steps of:
step S202, receiving service request information from a file server, wherein the service request information comprises a first identity identifier, a second identity identifier and a third identity identifier, and the first identity identifier is used for uniquely identifying the identity of a file to be transmitted; the second identity mark is used for uniquely identifying the identity of the client, and the third identity mark is used for uniquely identifying the identity of the file server;
step S204, generating a pair of first quantum verification information and second quantum verification information mutually quantum-authenticated according to the service request information; the method comprises the steps of sending a first identity mark and first quantum verification information to a file server side, and sending the first identity mark and second quantum verification information to a client side;
step S206, receiving first verification request information from a file server, wherein the first verification request information comprises a first identity identifier and third quantum verification information received by the file server from a client;
step S208, receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server;
step S210, verifying whether the first quantum verification information and the third quantum verification information can carry out mutual quantum authentication, and whether the second quantum verification information and the fourth quantum verification information can carry out mutual quantum authentication; if the verification result is yes, the third quantum verification information and the second quantum verification information are the same verification information, and the fourth quantum verification information and the first quantum verification information are the same verification information; and sending an instruction for determining to transmit the file to be transmitted to the file server.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternatingly with other steps or at least a portion of sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that various changes and modifications can be made by those skilled in the art without departing from the spirit of the invention, and these changes and modifications are all within the scope of the invention. Therefore, the protection scope of the present patent should be subject to the appended claims.

Claims (10)

1. A quantum security verification method for confidential document transmission is applied to a quantum verification server and is characterized by comprising the following steps:
receiving service request information from a file server, wherein the service request information comprises a first identity identifier, a second identity identifier and a third identity identifier, and the first identity identifier is used for uniquely identifying the identity of a file to be transmitted; the second identity is used for uniquely identifying the identity of the client, and the third identity is used for uniquely identifying the identity of the file server;
generating a pair of first quantum verification information and second quantum verification information of mutual quantum authentication according to the service request information; the method comprises the steps of sending a first identity mark and first quantum verification information to a file server side, and sending the first identity mark and second quantum verification information to a client side;
receiving first verification request information from a file server, wherein the first verification request information comprises a first identity identifier and third quantum verification information received by the file server from a client;
receiving second verification request information from the client, wherein the second verification request information comprises a first identity identifier and fourth quantum verification information received by the client from the file server;
verifying whether the first quantum verification information and the third quantum verification information can carry out mutual quantum authentication or not, and whether the second quantum verification information and the fourth quantum verification information can carry out mutual quantum authentication or not; if the verification result is yes, the third quantum verification information and the second quantum verification information are the same verification information, and the fourth quantum verification information and the first quantum verification information are the same verification information; and sending an instruction for determining to transmit the file to be transmitted to the file server.
2. The quantum security authentication method for secure file transfer of claim 1, wherein the authentication method further comprises:
when the service request information describes a file uploading request, sending a command for determining that the file to be transmitted is transmitted to the file server as a command for storing the file to be transmitted;
and when the service request information describes a file downloading request, sending a command for determining that the file to be transmitted is transmitted to the file server side as a command for sending the file to be transmitted.
3. A quantum security authentication method of secure file transfer according to claim 1 or 2, wherein the authentication method further comprises:
and verifying whether the identities of the client and the file server are legal or not according to the second identity identifier and the third identity identifier to determine whether to send first quantum verification information and second quantum verification information or not.
4. The quantum security authentication method for confidential document transmission according to claim 1 or 2, wherein the second identity in the first authentication request message of the document server comes from the client.
5. A method of quantum security authentication for secure file transfer as claimed in claim 1 or 2, wherein receiving service request information from a file server, the preceding steps comprising:
and acquiring and storing the binding relationship between the second identity and a fourth identity from the file server, wherein the fourth identity is used for describing the unique identity of the client communication main body.
6. A method as claimed in claim 1 or 2, wherein the first quantum authentication information and the second quantum authentication information are valid for a predetermined period of time.
7. A secure document transfer system, comprising:
a quantum verification server for executing the quantum security verification method for secure file transmission according to any one of claims 1 to 6;
the file server is used for receiving file transmission request information from a client, sending the service request information to the quantum verification server according to the file transmission request information, receiving a first identity identification and first quantum verification information from the quantum verification server, sending the first quantum verification information to the client as fourth quantum verification information, receiving third quantum verification information from the client, and sending first verification request information to the quantum verification server, wherein the first verification request information comprises the first identity identification and the third quantum verification information;
the client is used for sending the file transmission request information to the file server, receiving a first identity identification and second quantum verification information sent by the quantum verification server, sending the second quantum information serving as third quantum verification information to the file server, receiving fourth quantum verification information sent by the file server, and sending second verification request information by the quantum verification server, wherein the second verification request information comprises the first identity identification and the fourth quantum verification information.
8. The secure document transfer system according to claim 7,
when the service request information describes a file uploading request, the client sends a confidential file to the file server after receiving second quantum verification information, and the file server temporarily stores the confidential file and stores the confidential file after receiving an instruction for determining to transmit the file to be transmitted;
when the service request information describes a file downloading request, the file side extracts and temporarily stores the confidential file corresponding to the first identity identification after receiving first quantum verification information, and sends the confidential file to the client side after receiving an instruction for determining to transmit the file to be transmitted.
9. A quantum authentication server comprising a memory and a processor, wherein the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to perform the steps of the quantum security authentication method for secure file transmission according to any one of claims 1 to 6.
10. A computer storage medium, having a computer program stored thereon, which, when executed by a processor, causes the processor to perform the steps of a method of quantum security authentication of a secure file transfer as claimed in any of claims 1 to 6.
CN202211140018.2A 2022-09-20 2022-09-20 Quantum security verification method, system, server and medium for confidential document transmission Active CN115225411B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211140018.2A CN115225411B (en) 2022-09-20 2022-09-20 Quantum security verification method, system, server and medium for confidential document transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211140018.2A CN115225411B (en) 2022-09-20 2022-09-20 Quantum security verification method, system, server and medium for confidential document transmission

Publications (2)

Publication Number Publication Date
CN115225411A true CN115225411A (en) 2022-10-21
CN115225411B CN115225411B (en) 2022-11-22

Family

ID=83617744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211140018.2A Active CN115225411B (en) 2022-09-20 2022-09-20 Quantum security verification method, system, server and medium for confidential document transmission

Country Status (1)

Country Link
CN (1) CN115225411B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009088916A (en) * 2007-09-28 2009-04-23 Tohoku Univ Quantum authenticating method, quantum authentication system and quantum authenticating device
CN105515780A (en) * 2016-01-12 2016-04-20 浙江神州量子网络科技有限公司 System and method for authenticating identity based on quantum key
CN105763563A (en) * 2016-04-19 2016-07-13 浙江神州量子网络科技有限公司 Identity authentication method during quantum secret key application process
US20160359626A1 (en) * 2015-06-08 2016-12-08 Alibaba Group Holding Limited System, method, and apparatus for quantum key output, storage, and consistency verification
WO2017067044A1 (en) * 2015-10-19 2017-04-27 青岛理工大学 Quantum authentication method for access control among three cloud computing elements
WO2018127118A1 (en) * 2017-01-06 2018-07-12 中国移动通信有限公司研究院 Identity authentication method and device
CN108683501A (en) * 2018-03-01 2018-10-19 如般量子科技有限公司 Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number
CN110601838A (en) * 2019-10-24 2019-12-20 国网山东省电力公司信息通信公司 Identity authentication method, device and system based on quantum key
CN110971407A (en) * 2019-12-19 2020-04-07 江苏亨通工控安全研究院有限公司 Internet of things security gateway communication method based on quantum key
CN113938281A (en) * 2021-12-17 2022-01-14 南京大学 Quantum security identity issuing system, issuing method and using method
CN114024689A (en) * 2022-01-05 2022-02-08 华中科技大学 E-mail receiving and sending method and system based on post quantum and identity
CN114268439A (en) * 2021-12-16 2022-04-01 中原工学院 Identity-based authentication key negotiation method based on lattice

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009088916A (en) * 2007-09-28 2009-04-23 Tohoku Univ Quantum authenticating method, quantum authentication system and quantum authenticating device
US20160359626A1 (en) * 2015-06-08 2016-12-08 Alibaba Group Holding Limited System, method, and apparatus for quantum key output, storage, and consistency verification
WO2017067044A1 (en) * 2015-10-19 2017-04-27 青岛理工大学 Quantum authentication method for access control among three cloud computing elements
CN105515780A (en) * 2016-01-12 2016-04-20 浙江神州量子网络科技有限公司 System and method for authenticating identity based on quantum key
CN105763563A (en) * 2016-04-19 2016-07-13 浙江神州量子网络科技有限公司 Identity authentication method during quantum secret key application process
WO2018127118A1 (en) * 2017-01-06 2018-07-12 中国移动通信有限公司研究院 Identity authentication method and device
CN108683501A (en) * 2018-03-01 2018-10-19 如般量子科技有限公司 Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number
CN110601838A (en) * 2019-10-24 2019-12-20 国网山东省电力公司信息通信公司 Identity authentication method, device and system based on quantum key
CN110971407A (en) * 2019-12-19 2020-04-07 江苏亨通工控安全研究院有限公司 Internet of things security gateway communication method based on quantum key
CN114268439A (en) * 2021-12-16 2022-04-01 中原工学院 Identity-based authentication key negotiation method based on lattice
CN113938281A (en) * 2021-12-17 2022-01-14 南京大学 Quantum security identity issuing system, issuing method and using method
CN114024689A (en) * 2022-01-05 2022-02-08 华中科技大学 E-mail receiving and sending method and system based on post quantum and identity

Also Published As

Publication number Publication date
CN115225411B (en) 2022-11-22

Similar Documents

Publication Publication Date Title
US20200396089A1 (en) Digital certificate management method and apparatus, computer device, and storage medium
CN110535872B (en) Method and apparatus for processing data requests in a blockchain network
CN109492983B (en) Electronic seal signing method, device, equipment and medium based on block chain intelligent contract
CN110365670B (en) Blacklist sharing method and device, computer equipment and storage medium
CN112333198B (en) Secure cross-domain login method, system and server
CN109784922B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN110493273B (en) Identity authentication data processing method and device, computer equipment and storage medium
CN113141259B (en) Method and device for replacing identity certificate in block chain network
CN111506584B (en) Block chain-based service data processing method and device and computer equipment
CN110597837A (en) Service data processing method, device, storage medium and computer equipment
CN111131220B (en) Method, device, equipment and storage medium for data transmission among multi-network environments
CN113536250B (en) Token generation method, login verification method and related equipment
CN112308561A (en) Block chain-based evidence storing method and system, computer equipment and storage medium
CN108616362B (en) Voting information generation method and device
CN113434889A (en) Service data access method, device, equipment and storage medium
CN115085999A (en) Identity authentication method, system, computer device and storage medium
CN109101841B (en) Data processing method, device and system, computer equipment and storage medium
CN111652720B (en) Cloud evidence obtaining method and device, computer equipment and storage medium
CN115225411B (en) Quantum security verification method, system, server and medium for confidential document transmission
US11968314B2 (en) Signature token system
CN116962021A (en) Method, device, equipment and medium for user real name authentication in financial cooperative institution
CN115001714B (en) Resource access method and device, electronic equipment and storage medium
CN114124515B (en) Bidding transmission method, key management method, user verification method and corresponding devices
CN113806815B (en) File signing method and system
CN112260997B (en) Data access method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Quantum security verification method, system, server and media for confidential file transmission

Effective date of registration: 20230210

Granted publication date: 20221122

Pledgee: Huishang Bank Co.,Ltd. Hefei Xiyou road sub branch

Pledgor: Dragon totem Technology (Hefei) Co.,Ltd.

Registration number: Y2023980032445

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20231221

Granted publication date: 20221122

Pledgee: Huishang Bank Co.,Ltd. Hefei Xiyou road sub branch

Pledgor: Dragon totem Technology (Hefei) Co.,Ltd.

Registration number: Y2023980032445

PC01 Cancellation of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Quantum security verification methods, systems, servers, and media for confidential file transmission

Effective date of registration: 20231228

Granted publication date: 20221122

Pledgee: China Construction Bank Co.,Ltd. Hefei Shushan Development Zone Sub branch

Pledgor: Dragon totem Technology (Hefei) Co.,Ltd.

Registration number: Y2023980074626

PE01 Entry into force of the registration of the contract for pledge of patent right