CN115361129A - Quantum key secure distribution method and system based on Internet of things - Google Patents

Quantum key secure distribution method and system based on Internet of things Download PDF

Info

Publication number
CN115361129A
CN115361129A CN202211049438.XA CN202211049438A CN115361129A CN 115361129 A CN115361129 A CN 115361129A CN 202211049438 A CN202211049438 A CN 202211049438A CN 115361129 A CN115361129 A CN 115361129A
Authority
CN
China
Prior art keywords
key
terminal
initial
quantum
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211049438.XA
Other languages
Chinese (zh)
Inventor
韦峥
黄晓宁
梁康政
徐东
梁洪源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd
Original Assignee
Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd filed Critical Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd
Priority to CN202211049438.XA priority Critical patent/CN115361129A/en
Publication of CN115361129A publication Critical patent/CN115361129A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a quantum key secure distribution system based on the Internet of things, which comprises a quantum random generator, a terminal layer, an access layer and a platform layer, wherein the terminal layer is connected with the access layer; the platform layer comprises a service module of a quantum key, a resource and information management module, a security access management module and a security coding and decoding management module; the quantum key safety distribution method based on the Internet of things is used for designing a quantum random number-based group key and a global key which accord with the characteristics of the Internet of things from the perspective of protecting key safety, distributing the group key and the global key to a terminal through public key encryption, and decrypting the group key and the global key by the terminal to obtain a session key so as to decrypt and obtain an instruction by using the session key. According to the method, each module is deployed on a platform layer, so that the Internet of things system is changed from a traditional hierarchical encryption strategy into a security encryption which is concentrated on a business level, the cost is lower when a security system with the same security level is constructed, and the transmission delay is lower.

Description

Quantum key secure distribution method and system based on Internet of things
Technical Field
The invention relates to the technical field of quantum key distribution, in particular to a quantum key safe distribution method and system based on the Internet of things.
Background
The core functions of the current Internet of things platform are connection of mass equipment, end-side fragmentation, safe management service and credible safe access. The existing connection of mass equipment mainly realizes distributed connection, acquisition, storage and the like of mass data through a load balancing technology, and has a perfect solution strategy for few mass security keys; the main means for solving the fragmentation at the end side is to realize multi-interface and multi-homing access and adapt to different equipment scenes by different access modes; the safe management service mainly carries out slice type management from cloud service, cloud computing and the like, and safety characteristics are combined in a slice and a subsection mode; in the aspect of security access, a security architecture is enabled mainly from the credibility of a terminal, the credibility of a network and the stability of connection, and each layer uses layered isolation protection with technologies, and different technologies are used for different scenes to guarantee the security features of a platform.
The current Internet of things platform mainly aims at preventing viruses and attacks, is weak in longitudinal protection, and lacks of security management on keys and a distribution mechanism aiming at the Internet of things scene. The traditional internet of things security technology is mainly encrypted on a transmission layer, a service layer is less encrypted, the security management of mass access is not achieved, and a longitudinal integrated security protection system is lacked. For safety, safety protection equipment can only be stacked on each level, so that the overall cost and the time delay are high. In a traditional internet of things network system, a security policy is protected hierarchically and hierarchically, and a VPN (virtual private network) channel is mainly constructed from the perspective of establishing a trusted network, so that a security encryption policy cannot be realized for a service layer.
Quantum communication is an important branch of quantum informatics. In the prior art, the quantum key distribution mainly uses the functions of a quantum key generation module and a quantum key receiving module which are matched with each other to complete corresponding key transmission and depends on a single channel to transmit key information, and a special line needs to be erected for management, so that the cost is high.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the problem of higher cost of time division hierarchical encryption in the prior art for secure transmission.
In order to solve the technical problem, the invention provides a quantum key secure distribution method based on the internet of things, which is applied to a platform layer and comprises the following steps:
acquiring an initial terminal number of a target terminal, and encrypting the initial terminal number to generate an encrypted terminal number;
acquiring the number of the encryption terminal and a private key certificate and packaging the number and the private key certificate into an initial SDK;
acquiring the routing information of the target terminal, and constructing a set of initial SDKs of all terminals in the same routing group according to the routing information;
acquiring a decryption terminal number set according to the initial SDK set, comparing the initial terminal number with the decryption terminal number set, and randomly selecting a first key for the target terminal if a number consistent with the initial terminal number exists in the decryption terminal number set;
according to the routing information of the target terminal, the first secret key is encrypted and distributed to the target terminal by using a public key, so that the target terminal can decrypt by using the private key certificate to obtain a session secret key;
the public key, the private key certificate and the first key are all from quantum keys generated by a quantum random generator.
In an embodiment of the present invention, a symmetric encryption algorithm is used for encrypting the initial terminal number to generate the encrypted terminal number.
In an embodiment of the present invention, the obtaining of the routing information of the target terminal includes obtaining the routing information in a route aggregation process when the target terminal carries an initial SDK of the target terminal to perform a network access application and route aggregation;
the route collection is the shortest path selection collection by utilizing Dijkstra algorithm under the global route.
In an embodiment of the present invention, the acquiring a set of numbers of a decryption terminal according to the set of initial SDKs includes: and decrypting the encrypted terminal numbers in the initial SDK set by using a symmetric encryption algorithm to obtain a decrypted terminal number set.
In an embodiment of the present invention, the comparing the initial terminal number with the set of decryption terminal numbers further includes feeding back a network access failure and discarding the terminal if no number consistent with the initial terminal number exists in the set of decryption terminal numbers.
In an embodiment of the present invention, the randomly selecting the first key for the target terminal includes:
when the target terminal is a terminal, randomly selecting a first key as a group key for the terminal, wherein the group key is used for encrypting a single instruction distributed to the terminal;
when the target terminal is a trusted network terminal, randomly selecting a first key for the trusted network terminal as a global key, wherein the global key is used for encrypting a combined instruction distributed to the trusted network terminal;
the end terminal is the terminal at the last position in each routing group, and the trusted network terminal is the other terminals except the end terminal in each routing group.
The invention also provides a quantum key safe distribution system based on the Internet of things, which comprises:
the quantum random generator is used for generating a true random number as a quantum key;
the terminal layer comprises a terminal and a trusted network terminal, and both carry the initial SDK;
the access layer comprises a gateway and is in communication connection with the terminal layer;
the platform layer, which applies the quantum key secure distribution method based on the internet of things as claimed in any one of claims 1 to 6, for data transmission with a target terminal secure transmission session key, and includes:
the quantum key service module is used for acquiring and storing the quantum key pushed by the quantum random generator, acquiring and encrypting the initial terminal number to generate an encrypted terminal number, and randomly selecting a first key for the target terminal passing the verification;
the resource and information management module is used for acquiring and storing a private key certificate, an initial terminal number and a decryption terminal number of the terminal, packaging an initial SDK, and comparing the initial terminal number with the decryption terminal number to verify whether a target terminal is safe or not;
the safety coding and decoding management module is used for acquiring and decrypting the set of the initial SDK to acquire a decryption terminal number set;
and the safety access management module is used for acquiring the routing information of the target terminal, constructing an initial SDK set of all terminals in the same routing group, encrypting the first key and distributing the first key to the target terminal according to the routing information.
In an embodiment of the present invention, the service module of the quantum key obtains the quantum key pushed by the quantum random generator, and securely stores the quantum key as the key pool in a queue form.
In one embodiment of the invention, the end terminal receives the single-instruction ciphertext encrypted by the group key from the platform layer, and decrypts by using the session key to obtain the single instruction.
In an embodiment of the present invention, the trusted network terminal receives a combined instruction ciphertext from a platform layer, which is forwarded by a gateway, and decrypts by using a session key to obtain a combined instruction;
after the gateway forwards the combined instruction which comprises the global key encryption and is issued by the gateway acquisition platform layer, the gateway decrypts the combined instruction by using the global key to acquire a new combined instruction, and the new combined instruction is forwarded to the trusted network terminal by using the global key encryption again.
Compared with the prior art, the technical scheme of the invention has the following advantages:
according to the quantum key secure distribution method based on the Internet of things, the encryption strategy is centralized on the platform layer, the Internet of things system is changed from the traditional hierarchical encryption strategy into the secure encryption focusing on the business level by deploying the modules on the platform layer, the cost is lower when the secure systems with the same security level are constructed, and the transmission delay is lower; the design of a global key and a group key is realized through the first key, the group key reduces the frequency of key interaction on the premise of ensuring the safety, and the efficiency is improved; the global key is broadcasted by using a centralized gateway, so that the problem of difficult key interaction of a platform downlink instruction is solved; the quantum key is distributed through the Internet of things, the traditional network medium attribute is separated, the quantum key can be distributed in a transparent transmission pipeline, a transmitted service message body is not modified, and the security of key transmission is guaranteed.
Drawings
In order that the present disclosure may be more readily and clearly understood, reference is now made to the following detailed description of the embodiments of the present disclosure taken in conjunction with the accompanying drawings, in which
Fig. 1 is a flowchart illustrating steps of a quantum key secure distribution method based on the internet of things according to an embodiment of the present invention;
fig. 2 is a schematic composition diagram of a quantum key secure distribution system based on the internet of things according to an embodiment of the present invention.
Detailed Description
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
Referring to fig. 1, a quantum key secure distribution method based on the internet of things according to an embodiment of the present invention includes:
s1, acquiring an initial terminal number of a target terminal, and encrypting the initial terminal number to generate an encrypted terminal number.
And S2, acquiring the encryption terminal number and the private key certificate and packaging the encryption terminal number and the private key certificate into an initial SDK.
S3, the target terminal carries the initial SDK to carry out network access application and route collection, obtains route information in the route collection process, and constructs a set of all terminal initial SDKs in the same route group according to the route information;
the route collection is the shortest path selection collection under the global route by utilizing Dijkstra algorithm.
S4, decrypting the set of the initial SDK by using a symmetric encryption algorithm to obtain a decryption terminal number set, comparing the initial terminal number with the decryption terminal number set, and randomly selecting a first key for the target terminal if a number consistent with the initial terminal number exists in the decryption terminal number set;
and if the number consistent with the initial terminal number does not exist in the decryption terminal number set, feeding back the network access failure, and abandoning the terminal.
And S5, according to the routing information of the target terminal, the first secret key is encrypted and distributed to the target terminal by using a public key, so that the target terminal can obtain a session secret key by using the private key certificate for decryption.
The public key, the private key certificate and the first key are all from quantum keys generated by a quantum random generator. The first key comprises a group key and a global key; a group key for encrypting a single instruction distributed to the end terminal; a global key for encrypting the combined instruction distributed to the trusted network terminal; the end terminal is the terminal at the last position in each routing group, and the trusted network terminals are the other terminals except the end terminal in each routing group. The terminal receives a single instruction ciphertext encrypted by the group key from the platform layer, and decrypts by using the session key to obtain a single instruction; the trusted network terminal receives a combined instruction ciphertext from the platform layer and is decrypted by using the session key to obtain a combined instruction; after the gateway forwards the combined instruction which comprises the global key encryption and is issued by the gateway acquisition platform layer, the gateway decrypts the combined instruction by using the global key to acquire a new combined instruction, and forwards the new combined instruction to the trusted network terminal by using the global key encryption again.
A global key and a group key are designed by randomly selecting a first key according to routing information; when the group key is used for transmitting a single instruction, the global key is used for issuing a combined instruction; the group key solves the safety problem of the key required by the uplink information of the terminal under one route set, reduces the frequency of key interaction on the premise of ensuring safety and improves the coming efficiency; the traditional strategy does not carry out uniform management on the key, point-to-point asymmetric encryption is adopted, the key synchronization is usually carried out by using a complex grouping algorithm during the key interaction, and the problem of difficult key interaction of a platform downlink instruction is solved by using a global key.
Referring to fig. 2, a quantum key secure distribution system based on the internet of things according to an embodiment of the present invention includes: the quantum random generator is used for generating a true random number as a quantum key; the terminal comprises a terminal and a trusted network terminal, and both carry the initial SDK; and the platform layer is used for carrying out data transmission with the terminal secure transmission session key by applying the quantum key secure distribution method based on the Internet of things.
Wherein, the platform layer includes: the quantum key service module is used for acquiring a quantum key pushed by a quantum random generator, safely storing the quantum key as a key pool in a queue form, acquiring and encrypting an initial terminal number to generate an encrypted terminal number, and randomly selecting a first key for a terminal passing verification; the resource and information management module is used for acquiring and storing a private key certificate of the terminal, an initial terminal number and a decryption terminal number, packaging an initial SDK, and comparing the initial terminal number with the decryption terminal number to verify whether the terminal is safe; the safety coding and decoding management module is used for acquiring and decrypting the set of the initial SDK to acquire a decryption terminal number set; and the safety access management module is used for acquiring the routing information of the terminal, constructing an initial SDK set of all terminals in the same routing group, encrypting the first key and distributing the first key to the terminal according to the routing information.
Specifically, based on the above embodiment, the quantum key secure distribution method based on the internet of things provided by the embodiment of the present invention is applied to a quantum key secure distribution system based on the internet of things, and includes the specific steps of:
before equipment accesses to a network, a trusted network is constructed based on a platform layer, a quantum random generator is used for carrying out key distribution to generate Qkey (n), and a service module of the quantum key carries out safe storage in a queue form to form a key queue: qkey (n) … Qkey (n + n).
The resource and information management module obtains a service module application encryption of the initial terminal number vector subkey, so that the service module of the subkey encrypts the initial terminal number by using a symmetric encryption algorithm to generate an encrypted terminal number; a service module for obtaining a quantum key distributes a private key certificate to a terminal; and packaging the encryption terminal number and the private key certificate into an initial SDK, and reporting to a security access management module.
The terminal carries the initial SDK of the terminal to report layer by layer in a network layer, network access application and route collection are carried out, the safe access management module records the route information and synchronously reports the route information to the service module of the quantum key, the sharing of the route collection between the two modules is realized, and a set coding set K of all the terminal initial SDKs in a route group is constructed 1 …K n And reporting to a safety coding and decoding management module. The route collection is to select and collect the shortest path by using Dijkstra algorithm under the global route.
And the safety coding and decoding management module decrypts the encrypted terminal number in the initial SDK set by using a symmetric encryption algorithm to obtain a decrypted terminal number, and reports the decrypted terminal number to the resource and information management module.
The resource and information management module reports the initial terminal number to a service module of the quantum key if the initial terminal number is consistent with the decryption terminal number; and if the comparison is inconsistent, feeding back the information to the security access management module, feeding back network access failure information to the terminal, and abandoning the terminal.
The service module of the quantum key matches routing information according to the initial terminal number, and randomly selects a first key in a key pool Qkey (n) … Qkey (n + n), wherein the first key comprises a group key for encrypting and distributing a single instruction to an end terminal and a global key for encrypting and distributing a combined instruction to a trusted network terminal; i.e. each group randomly generates a new group key Qkey (p) 1 )…Qkey(p n ) And randomly selecting a key from the Qkey (n) to generate a global key Qkey (q), and reporting to the security access management module. Wherein, the end terminal is the terminal at the last position in each routing group, and the credible network terminal is the terminal except the end terminal in each routing groupAnd the rest of the terminals.
The security access management module utilizes the public key to group key Qkey (p) 1 )…Qkey(p n ) After encryption, the global key Qkey (q) is distributed to the terminal of each route set according to the original route, and is encrypted by using a public key and then distributed to the trusted network terminal step by step.
And after receiving the key information, the terminal decrypts by using the private key certificate to obtain a symmetric key Qkey (p), namely the session key. After the session key is solved, the terminal receives the single instruction ciphertext from the platform layer, and decrypts by using the session key to obtain a single instruction; and the trusted network terminal receives the combined instruction ciphertext from the platform layer, which is forwarded by the gateway, and decrypts by using the session key to obtain the combined instruction.
In this embodiment, an encryption algorithm adopted by the quantum key secure distribution system based on the internet of things during a session is a symmetric algorithm, that is, the platform layer and the terminal adopt the same key for encryption and decryption; the public key, the private key certificate and the session key used by the whole system are all true random numbers generated by a quantum random generator.
Specifically, based on the above embodiment, in a single instruction scenario, the terminal encrypts the communication data1 using the session key Qkey (p), obtains the encrypted data2, sends the encrypted data2 to the platform layer according to the routing information stored in the secure access management module, selects the corresponding session key for secure decryption, extracts and restores the communication data1, and submits the communication data1 to the platform layer; when the platform issues a single instruction, a corresponding session key Qkey (p) is selected according to the routing information of the security access management module to encrypt the issued data3, the encrypted data4 is obtained, and the terminal decrypts the data4 by using the session key Qkey (p) obtained by the terminal through decryption by using a private key certificate to obtain the issued data3.
On the service flow of single instruction interaction, the used encryption and decryption keys are session keys Qkey (p) selected according to the routing information of the security access management module 1 )…Qkey(p n ). The session key under the single instruction scene is obtained by the terminal decrypting the received group key by using a private key certificateThe group key solves the security problem of keys required by uplink information of all terminals in a route set, reduces the key interaction frequency of the terminals and the platform on the premise of ensuring the security, improves the communication efficiency and reduces the communication overhead.
Specifically, based on the above embodiment, in a scenario where the platform issues the combination instruction, the platform issues the combination instruction encrypted by using the global key to the gateway, the gateway decrypts by using the global key to obtain the combination instruction and performs instruction parsing, encrypts the parsed combination instruction by using the global key again and issues the encrypted combination instruction to the trusted network terminal, and the trusted network terminal receives the parsed and encrypted combination instruction and then decrypts by using the global key to obtain the combination instruction issued by the platform.
The global key is used for uniformly managing keys under the same gateway, and a centralized gateway is used for interaction between the platform and each terminal, so that the network pressure of large-scale key forwarding is reduced, and the problem of difficult interaction of downlink instruction keys of the platform is solved.
In the embodiment, the quantum key is distributed based on the internet of things, the attribute of a network medium is separated, the quantum key is distributed by using a transparent transmission network pipeline without depending on a network channel, and the transmitted service message body is not processed in the transmission process, so that the transmission safety of the service message body is guaranteed to a certain extent.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Various other modifications and alterations will occur to those skilled in the art upon reading the foregoing description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.

Claims (10)

1. A quantum key secure distribution method based on the Internet of things is applied to a platform layer and comprises the following steps:
acquiring an initial terminal number of a target terminal, and encrypting the initial terminal number to generate an encrypted terminal number;
acquiring the encryption terminal number and a private key certificate and packaging the encryption terminal number and the private key certificate into an initial SDK;
acquiring the routing information of the target terminal, and constructing a set of initial SDKs of all terminals in the same routing group according to the routing information;
acquiring a decryption terminal number set according to the initial SDK set, comparing the initial terminal number with the decryption terminal number set, and randomly selecting a first key for the target terminal if a number consistent with the initial terminal number exists in the decryption terminal number set;
according to the routing information of the target terminal, the first secret key is encrypted and distributed to the target terminal by using a public key, so that the target terminal can decrypt by using the private key certificate to obtain a session secret key;
the private key certificate, the first secret key and the public key are all from quantum secret keys generated by a quantum random generator.
2. The quantum key secure distribution method based on the internet of things as claimed in claim 1, wherein the encryption of the initial terminal number to generate the encrypted terminal number employs a symmetric encryption algorithm.
3. The method for securely distributing the quantum key based on the internet of things according to claim 1, wherein the obtaining the routing information of the target terminal comprises:
when the target terminal carries the initial SDK to carry out network access application and route collection, acquiring route information in the route collection process;
the route collection is the shortest path selection collection by utilizing Dijkstra algorithm under the global route.
4. The internet-of-things-based quantum key secure distribution method according to claim 1, wherein the obtaining a decryption terminal number set according to the initial SDK set comprises: and decrypting the encrypted terminal numbers in the initial SDK set by using a symmetric encryption algorithm to obtain a decrypted terminal number set.
5. The secure quantum key distribution method based on the internet of things of claim 1, wherein the comparing the initial terminal number with the set of decryption terminal numbers further comprises:
and if the number consistent with the initial terminal number does not exist in the decryption terminal number set, feeding back the network access failure, and abandoning the terminal.
6. The internet-of-things-based quantum key secure distribution method of claim 1, wherein the randomly selecting the first key for the target terminal comprises:
when the target terminal is a terminal, randomly selecting a first key as a group key for the terminal, wherein the group key is used for encrypting a single instruction distributed to the terminal;
when the target terminal is a trusted network terminal, randomly selecting a first key for the trusted network terminal as a global key, wherein the global key is used for encrypting a combined instruction distributed to the trusted network terminal;
the end terminal is the terminal at the last position in each routing group, and the trusted network terminals are the other terminals except the end terminal in each routing group.
7. The utility model provides a quantum key safety distribution system based on thing networking which characterized in that includes:
the quantum random generator is used for generating a true random number as a quantum key;
the terminal layer comprises a terminal and a trusted network terminal, and both carry the initial SDK;
the access layer comprises a gateway and is in communication connection with the terminal layer;
the platform layer, which applies the quantum key secure distribution method based on the internet of things as claimed in any one of claims 1 to 6, for data transmission with a target terminal secure transmission session key, and includes:
the quantum key service module is used for acquiring and storing the quantum key pushed by the quantum random generator, acquiring and encrypting the initial terminal number to generate an encrypted terminal number, and randomly selecting a first key for the target terminal passing the verification;
the resource and information management module is used for acquiring and storing a private key certificate of the terminal, an initial terminal number and a decryption terminal number, packaging an initial SDK, and comparing the initial terminal number with the decryption terminal number to verify whether a target terminal is safe or not;
the safety coding and decoding management module is used for acquiring and decrypting the set of the initial SDK to acquire a decryption terminal number set;
and the safety access management module is used for acquiring the routing information of the target terminal, constructing an initial SDK set of all terminals in the same routing group, encrypting the first key and distributing the first key to the target terminal according to the routing information.
8. The Internet of things-based quantum key secure distribution system of claim 7, wherein the quantum key service module obtains a quantum key pushed by a quantum random generator and securely stores the quantum key in a queue form as a key pool.
9. The quantum key secure distribution system based on the internet of things as claimed in claim 7, wherein the end terminal receives a single instruction ciphertext encrypted by a group key from a platform layer, and decrypts by using a session key to obtain the single instruction.
10. The quantum key secure distribution method based on the internet of things of claim 7, wherein the trusted network terminal receives a combined instruction ciphertext from a platform layer, which is forwarded by a gateway, and decrypts by using a session key to obtain a combined instruction;
after the gateway forwards the combined instruction which comprises the global key encryption and is issued by the gateway acquisition platform layer, the gateway decrypts the combined instruction by using the global key to acquire a new combined instruction, and the new combined instruction is forwarded to the trusted network terminal by using the global key encryption again.
CN202211049438.XA 2022-08-30 2022-08-30 Quantum key secure distribution method and system based on Internet of things Pending CN115361129A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211049438.XA CN115361129A (en) 2022-08-30 2022-08-30 Quantum key secure distribution method and system based on Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211049438.XA CN115361129A (en) 2022-08-30 2022-08-30 Quantum key secure distribution method and system based on Internet of things

Publications (1)

Publication Number Publication Date
CN115361129A true CN115361129A (en) 2022-11-18

Family

ID=84005172

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211049438.XA Pending CN115361129A (en) 2022-08-30 2022-08-30 Quantum key secure distribution method and system based on Internet of things

Country Status (1)

Country Link
CN (1) CN115361129A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749364A (en) * 2023-12-11 2024-03-22 矩阵时光数字科技有限公司 Wide area network networking method for quantum security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749364A (en) * 2023-12-11 2024-03-22 矩阵时光数字科技有限公司 Wide area network networking method for quantum security

Similar Documents

Publication Publication Date Title
CN110581763B (en) Quantum key service block chain network system
Chim et al. PASS: Privacy-preserving authentication scheme for smart grid network
CN109194523A (en) The multi-party diagnostic model fusion method and system, cloud server of secret protection
Mehic et al. Quantum cryptography in 5G networks: a comprehensive overview
CN109640299B (en) Aggregation method and system for ensuring M2M communication integrity and fault tolerance
CN105491076B (en) A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network
JP2016514914A (en) Key distribution in satellite systems
CN107666491B (en) Data transmission method of air-ground integrated network based on symmetric encryption
Zhang et al. Efficient and Privacy‐Aware Power Injection over AMI and Smart Grid Slice in Future 5G Networks
Wei et al. BAVP: Blockchain‐Based Access Verification Protocol in LEO Constellation Using IBE Keys
CN114362928B (en) Quantum key distribution and reconstruction method for multi-node encryption
CN111698263B (en) Beidou satellite navigation data transmission method and system
CN116668167A (en) Intelligent contract method for data communication based on block chain
Rüsch et al. Forward secure delay-tolerant networking
Li et al. Efficient and fault‐diagnosable authentication architecture for AMI in smart grid
CN115361129A (en) Quantum key secure distribution method and system based on Internet of things
CN102281303A (en) Data exchange method
Seferian et al. PUF and ID-based key distribution security framework for advanced metering infrastructures
Zhu et al. An edge re‐encryption‐based access control mechanism in NDN
Cheng et al. Research on vehicle-to-cloud communication based on lightweight authentication and extended quantum key distribution
CN101471771A (en) Method and system for transmitting and enciphering medium based on P2P network
Lonc et al. Feasibility and benchmarking of post-quantum cryptography in the cooperative ITS ecosystem
CN113472539A (en) Method for carrying out national encryption by using RDMA R _ Key
Chen et al. A secure network coding based on broadcast encryption in sdn
Sun et al. IoV‐SDCM: An IoV Secure Data Communication Model Based on Network Encoding and Relay Collaboration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination