CN115987501A - Quantum key identity authentication and authorization system applied to power dispatching business - Google Patents
Quantum key identity authentication and authorization system applied to power dispatching business Download PDFInfo
- Publication number
- CN115987501A CN115987501A CN202211652609.8A CN202211652609A CN115987501A CN 115987501 A CN115987501 A CN 115987501A CN 202211652609 A CN202211652609 A CN 202211652609A CN 115987501 A CN115987501 A CN 115987501A
- Authority
- CN
- China
- Prior art keywords
- quantum
- authentication
- power
- service
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a quantum key identity authentication and authorization system applied to power dispatching business, which comprises a power quantum security service platform, wherein the power quantum security service platform comprises a quantum security identity authentication system and a plurality of single-office-point facilities; the single-office-point facility comprises an exchange cipher machine, a quantum key generation and management terminal and a charging module; the safety identity authentication system is deployed at the side of the power service main station; the quantum service SDK and the quantum security medium are deployed on the side of the electric power application terminal, the electric power application terminal is in communication connection with the quantum service SDK, and the electric power application terminal can operate the quantum service SDK; the quantum service SDK and the quantum security medium are respectively connected with the power quantum security service platform; and the power application terminal completes network access authentication with the power quantum security service platform through the quantum service SDK and the quantum security medium. The invention has flexible deployment, and can realize high-encryption authentication without modifying the existing power application terminal and the power service master station.
Description
Technical Field
The invention relates to a quantum key identity authentication and authorization system and method applied to power dispatching business, belonging to the technical field of quantum communication.
Background
The password management identity authentication password mechanism mainly comprises: a symmetric encryption algorithm mechanism, a digital signature technology mechanism, a password check function mechanism and a zero-knowledge technology mechanism. Most of network information of the existing power system adopts a single password identity authentication system, and the defects and defects of incapability of ensuring identity uniqueness, poor safety, low confidentiality, easy attack by hackers and the like exist in the actual use process. With the development of quantum computers, classical asymmetric key encryption algorithms are no longer secure, and the quantum computers can obtain private keys through public key calculation no matter encryption and decryption or key exchange methods, so that the currently common asymmetric keys become unbearable in the quantum era. The quantum key distribution device QKD can now ensure that the negotiated key cannot be obtained. However, the QKD is mainly used for quantum trunks, and the client device to the quantum communication service station is still a classical network, so that it is difficult to ensure the security of the identity authentication process by means of an asymmetric algorithm.
The wireless private power network can be reliably, flexibly and efficiently accessed to various power user services at low cost, effectively improves the ubiquitous and flexible access capacity of communication, and fills the gap of the power communication network in power distribution and utilization loop. With the rapid development of the smart grid, the demand of the automatic control service is greatly increased, the importance of network information security in the power system is more prominent than that of the network information security at any time, and more measures are required to ensure the security of data transmission. The access authentication of the electric power wireless private network still has certain safety risks, and particularly relates to control services which directly or indirectly influence the production safety of the power grid, such as accurate load control, automatic distribution remote control and the like.
Disclosure of Invention
In order to overcome the problems, the invention provides a system and a method for quantum key identity authentication and authorization applied to power dispatching business, the system is flexible in deployment, and high-encryption authentication can be realized without modifying the conventional power application terminal and the conventional power business master station.
The technical scheme of the invention is as follows:
first aspect
The quantum key identity authentication and authorization system applied to the power dispatching business comprises a power quantum security service platform, wherein the power quantum security service platform comprises a quantum security identity authentication system and a plurality of single-office-point facilities; the single-office-point facility comprises an exchange cipher machine, a quantum key generation and management terminal and a charging module, wherein the quantum key generation and management terminal is used for generating and managing a quantum key; the safety identity authentication system is deployed at the side of the power service main station;
the quantum service SDK and the quantum security medium are deployed on the side of the power application terminal, the power application terminal is in communication connection with the quantum service SDK, and the power application terminal can run the quantum service SDK; the quantum service SDK and the quantum security medium are respectively connected with the power quantum security service platform; the quantum secure media obtains a quantum key through the charging module and provides the quantum key for the quantum service SDK;
and the power application terminal completes network access authentication with the power quantum security service platform through the quantum service SDK and the quantum security medium.
Furthermore, the quantum security medium is in a form of a TF card or a U shield or a security module.
Further, after the quantum secure media generate the quantum key, the quantum key is encrypted.
Second aspect of the invention
The method for quantum key identity authentication and authorization applied to the power dispatching service completes network access authentication by using any system for quantum key identity authentication and authorization applied to the power dispatching service in the first aspect, wherein the network access authentication comprises the following steps:
providing the device information of the power application terminal to the quantum service SDK;
the quantum service SDK initiates a first network access registration request to the power quantum security service platform to confirm the authentication mode;
after receiving the first network access registration request, the power quantum security service platform generates a random number Rb, searches an exchange cipher machine corresponding to the power application terminal, a used quantum key and an authentication key ID according to the equipment information, and returns an authentication mode, the authentication key ID and the random number Rb to the quantum service SDK;
the quantum service SDK searches a corresponding quantum key in the quantum security medium according to the authentication key ID and decrypts the quantum key;
the quantum service SDK obtains a first certificate MACab and a first certificate MACba through the random number Rb and the random number Ra generated by the secure media through a preset algorithm;
the quantum service SDK initiates a second network access registration request to the power quantum security service platform, and provides the random number Ra and the first authentication MACab to the power quantum security service platform;
after receiving the second network access registration request, the power quantum security service platform obtains a second authentication MACab and a second authentication MACba through the random number Ra and the random number Rb by a preset algorithm through the exchange cipher machine, compares the first authentication MACab with the second authentication MACab, and judges that the network access registration is successful if the results are consistent;
the electric power quantum security service platform returns a network access registration result and the second authentication MACba to the quantum service SDK;
and the quantum service SDK compares the first authentication MACba with the second authentication MACba, if the first authentication MACba is consistent with the second authentication MACba, the authentication of the power quantum security service platform is completed, and a network access registration result is returned to the power application terminal.
Further, before performing network access authentication, the method further includes: and the power application terminal completes wireless network access through an AKA bidirectional authentication process of the USIM card.
Further, after the power application terminal successfully accesses the network, if high-authority operation needs to be executed, network access authentication needs to be completed again.
Further, after the network access authentication is successful, the exchange cipher machine destroys the quantum key used in the network access authentication.
Further, after the network access authentication, the exchange cipher machine destroys the quantum key used in the network access authentication.
The invention has the following beneficial effects:
the system does not need to transform the existing power application terminal and the power service master station, and only needs to add the quantum service SDK and the quantum security medium at the power application terminal side and deploy the quantum security identity authentication system at the power service master station side during deployment. The system adopts the quantum key, has high safety, and takes the physical principle that the randomness has the first property as a randomness source. The quantum key used for authentication is destroyed after being used, the quantum keys used for authentication are different each time, and one-time one-key and one-machine-one-key are realized.
Drawings
Fig. 1 is a networking topology diagram of an embodiment of the system of the present invention.
Fig. 2 is a network access authentication process according to an embodiment of the method of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and the specific embodiments.
First aspect
Referring to fig. 1, the system for quantum key identity authentication and authorization applied to power dispatching service includes a power quantum security service platform, where the power quantum security service platform includes a quantum security identity authentication system and a plurality of single-office-point facilities; the single-office-point facility comprises an exchange cipher machine, a quantum key generation and management terminal and a charging module, wherein the quantum key generation and management terminal is used for generating and managing a quantum key; the safety identity authentication system is deployed at the side of the power service main station;
a quantum service SDK and a quantum security medium are deployed on the side of the power application terminal, the power application terminal is in communication connection with the quantum service SDK, and the power application terminal can run the quantum service SDK; the quantum service SDK and the quantum security medium are respectively connected with the power quantum security service platform; the quantum secure media obtains a quantum key through the charging module and provides the quantum key for the quantum service SDK;
and the power application terminal completes network access authentication with the power quantum security service platform through the quantum service SDK and the quantum security medium.
In an embodiment of the present invention, the quantum secure medium is in the form of a TF card, a U shield, or a security module.
According to the requirements of the power application terminal, the quantum safety media in different forms can meet the use requirements in different scenes.
In one embodiment of the present invention, after the quantum secure media generates a quantum key, the quantum secure media performs an encryption process on the quantum key. The security of the quantum key can be improved.
Second aspect of the invention
Referring to fig. 2, the method for quantum key identity authentication and authorization applied to power dispatching service uses any one of the systems for quantum key identity authentication and authorization applied to power dispatching service in the first aspect to complete network access authentication, where the network access authentication includes the following steps:
providing the device information of the power application terminal to the quantum service SDK;
the quantum service SDK initiates a first network access registration request to the power quantum security service platform to confirm the authentication mode;
after receiving the first network access registration request, the power quantum security service platform generates a random number Rb, searches an exchange cipher machine corresponding to the power application terminal, a used quantum key and an authentication key ID according to the equipment information, and returns an authentication mode, the authentication key ID and the random number Rb to the quantum service SDK;
the quantum service SDK searches a corresponding quantum key in the quantum security medium according to the authentication key ID and decrypts the quantum key;
the quantum service SDK obtains a first certificate MACab and a first certificate MACba through the random number Rb and the random number Ra generated by the secure media through a preset algorithm;
the quantum service SDK initiates a second network access registration request to the power quantum security service platform, and provides the random number Ra and the first authentication MACab to the power quantum security service platform;
after receiving the second network access registration request, the power quantum security service platform obtains a second authentication MACab and a second authentication MACba through the random number Ra and the random number Rb by a preset algorithm through the exchange cipher machine, compares the first authentication MACab with the second authentication MACab, and judges that the network access registration is successful if the results are consistent;
the electric power quantum security service platform returns a network access registration result and the second authentication MACba to the quantum service SDK;
and the quantum service SDK compares the first authentication MACba with the second authentication MACba, if the first authentication MACba and the second authentication MACba are consistent, the authentication of the power quantum security service platform is completed, and a network access registration result is returned to the power application terminal.
In this embodiment of the present invention, before performing the network entry authentication, the method further includes: and the power application terminal completes wireless network access through an AKA bidirectional authentication process of the USIM card.
In this embodiment of the present invention, after the power application terminal successfully accesses the network, if a high-authority operation needs to be executed, the network access authentication needs to be completed again.
In this embodiment of the present invention, after the network access authentication is successful, the exchange cipher machine destroys the quantum key used in the network access authentication this time.
In this embodiment of the present invention, after the network access authentication, the exchange cipher machine destroys the quantum key used in the network access authentication.
The quantum key used for authentication is destroyed after being used, and the quantum key used for the authentication is different from the quantum key used for the next time, so that one-time one-secret operation and one-machine one-secret operation can be realized.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent structures made by using the contents of the specification and the drawings of the present invention or directly or indirectly applied to other related technical fields are included in the scope of the present invention.
Claims (8)
1. The system is characterized by comprising a power quantum security service platform, wherein the power quantum security service platform comprises a quantum security identity authentication system and a plurality of single-office-point facilities; the single-office-point facility comprises an exchange cipher machine, a quantum key generation and management terminal and a charging module, wherein the quantum key generation and management terminal is used for generating and managing a quantum key; the safety identity authentication system is deployed at the side of the power service main station;
a quantum service SDK and a quantum security medium are deployed on the side of the power application terminal, the power application terminal is in communication connection with the quantum service SDK, and the power application terminal can run the quantum service SDK; the quantum service SDK and the quantum security medium are respectively connected with the power quantum security service platform; the quantum secure media obtains a quantum key through the charging module and provides the quantum key for the quantum service SDK;
and the power application terminal completes network access authentication with the power quantum security service platform through the quantum service SDK and the quantum security medium.
2. The system for quantum key identity authentication and authorization for power dispatching service according to claim 1, wherein the quantum security medium is in the form of a TF card, a U-shield, or a security module.
3. The system of claim 1, wherein the quantum key authentication and authorization system is configured to encrypt the quantum key after the quantum security medium generates the quantum key.
4. The method for quantum key identity authentication and authorization applied to the power dispatching service completes network access authentication by using the system for quantum key identity authentication and authorization applied to the power dispatching service in any one of claims 1 to 4, and is characterized in that the network access authentication comprises the following steps:
providing the device information of the power application terminal to the quantum service SDK;
the quantum service SDK initiates a first network access registration request to the power quantum security service platform to confirm the authentication mode;
after receiving the first network access registration request, the power quantum security service platform generates a random number Rb, searches an exchange cipher machine corresponding to the power application terminal, a used quantum key and an authentication key ID according to the equipment information, and returns an authentication mode, the authentication key ID and the random number Rb to the quantum service SDK;
the quantum service SDK searches a corresponding quantum key in the quantum security medium according to the authentication key ID and decrypts the quantum key;
the quantum service SDK obtains a first authentication MACab and a first authentication MACba through the random number Rb and the random number Ra generated by the secure medium through a preset algorithm;
the quantum service SDK initiates a second network access registration request to the power quantum security service platform, and provides the random number Ra and the first authentication MACab to the power quantum security service platform;
after receiving the second network access registration request, the power quantum security service platform obtains a second authentication MACab and a second authentication MACba through the random number Ra and the random number Rb by a preset algorithm through the exchange cipher machine, compares the first authentication MACab with the second authentication MACab, and judges that the network access registration is successful if the results are consistent;
the electric power quantum security service platform returns a network access registration result and the second authentication MACba to the quantum service SDK;
and the quantum service SDK compares the first authentication MACba with the second authentication MACba, if the first authentication MACba is consistent with the second authentication MACba, the authentication of the power quantum security service platform is completed, and a network access registration result is returned to the power application terminal.
5. The method of claim 4, wherein before performing network access authentication, the method further comprises: and the power application terminal completes wireless network access through an AKA bidirectional authentication process of the USIM card.
6. The method as claimed in claim 4, wherein after the power application terminal successfully accesses the network, if a high-permission operation needs to be executed, the network access authentication needs to be completed again.
7. The quantum key identity authentication and authorization method applied to the power dispatching service of claim 4, wherein after the network access authentication is successful, the exchange cipher machine destroys the quantum key used in the network access authentication.
8. The method for quantum key identity authentication and authorization applied to power dispatching services according to claim 4, wherein after the network access authentication, the exchange cipher machine destroys the quantum key used in the network access authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211652609.8A CN115987501A (en) | 2022-12-21 | 2022-12-21 | Quantum key identity authentication and authorization system applied to power dispatching business |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211652609.8A CN115987501A (en) | 2022-12-21 | 2022-12-21 | Quantum key identity authentication and authorization system applied to power dispatching business |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115987501A true CN115987501A (en) | 2023-04-18 |
Family
ID=85971702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211652609.8A Pending CN115987501A (en) | 2022-12-21 | 2022-12-21 | Quantum key identity authentication and authorization system applied to power dispatching business |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115987501A (en) |
-
2022
- 2022-12-21 CN CN202211652609.8A patent/CN115987501A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10243742B2 (en) | Method and system for accessing a device by a user | |
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| CN109842485B (en) | Centralized quantum key service network system | |
| CN110932870B (en) | Quantum communication service station key negotiation system and method | |
| CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
| CN107948156A (en) | The closed key management method and system of a kind of identity-based | |
| CN113630248B (en) | Session key negotiation method | |
| CN108566273A (en) | Identity authorization system based on quantum network | |
| CN109243020A (en) | A kind of smart lock identity identifying method based on no certificate | |
| Seo et al. | Encryption key management for secure communication in smart advanced metering infrastructures | |
| CN110650011A (en) | Encryption storage method and encryption storage card based on quantum key | |
| CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
| CN113746632A (en) | Multi-level identity authentication method for Internet of things system | |
| CN113312639A (en) | Smart grid terminal access authentication method and system based on identification encryption algorithm | |
| CN108964896A (en) | A kind of Kerberos identity authorization system and method based on group key pond | |
| CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN114531680B (en) | Light-weight IBC bidirectional identity authentication system and method based on quantum key | |
| CN114154181A (en) | Privacy calculation method based on distributed storage | |
| CN111245609B (en) | Secret sharing and random number based quantum secret communication key distribution and negotiation system and method thereof | |
| CN108260125B (en) | Secret key distribution method of content distribution application based on D2D communication | |
| CN113676330B (en) | Digital certificate application system and method based on secondary secret key | |
| CN115776375A (en) | Face information identification encryption authentication and data security transmission method based on Shamir threshold | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN115987501A (en) | Quantum key identity authentication and authorization system applied to power dispatching business |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |