CN117081741A - Safety processing method and system for oil-gas pipe network data - Google Patents
Safety processing method and system for oil-gas pipe network data Download PDFInfo
- Publication number
- CN117081741A CN117081741A CN202311171392.3A CN202311171392A CN117081741A CN 117081741 A CN117081741 A CN 117081741A CN 202311171392 A CN202311171392 A CN 202311171392A CN 117081741 A CN117081741 A CN 117081741A
- Authority
- CN
- China
- Prior art keywords
- data
- quantum
- authentication
- gas pipe
- oil
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000004891 communication Methods 0.000 claims abstract description 140
- 230000005540 biological transmission Effects 0.000 claims abstract description 96
- 238000000034 method Methods 0.000 claims abstract description 87
- 230000003287 optical effect Effects 0.000 claims description 74
- 238000012545 processing Methods 0.000 claims description 73
- 238000009826 distribution Methods 0.000 claims description 70
- 230000008569 process Effects 0.000 claims description 35
- 230000002787 reinforcement Effects 0.000 claims description 26
- 238000002360 preparation method Methods 0.000 claims description 21
- 238000001514 detection method Methods 0.000 claims description 14
- 230000002093 peripheral effect Effects 0.000 claims description 13
- 238000011084 recovery Methods 0.000 claims description 11
- 238000012805 post-processing Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 238000011068 loading method Methods 0.000 claims description 8
- 238000011049 filling Methods 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000002265 prevention Effects 0.000 claims description 5
- 239000010410 layer Substances 0.000 description 45
- 238000005516 engineering process Methods 0.000 description 29
- 238000007726 management method Methods 0.000 description 26
- 230000006870 function Effects 0.000 description 17
- 239000013307 optical fiber Substances 0.000 description 17
- 238000003860 storage Methods 0.000 description 16
- 230000033228 biological regulation Effects 0.000 description 15
- 238000004422 calculation algorithm Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 12
- 230000009466 transformation Effects 0.000 description 12
- 230000015654 memory Effects 0.000 description 11
- 238000012544 monitoring process Methods 0.000 description 11
- 230000010287 polarization Effects 0.000 description 11
- 238000012550 audit Methods 0.000 description 9
- 238000010276 construction Methods 0.000 description 9
- 238000005259 measurement Methods 0.000 description 9
- 239000000835 fiber Substances 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000005336 cracking Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000001105 regulatory effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000001427 coherent effect Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 238000002474 experimental method Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 2
- 239000002096 quantum dot Substances 0.000 description 2
- 230000005610 quantum mechanics Effects 0.000 description 2
- 238000002407 reforming Methods 0.000 description 2
- 238000013468 resource allocation Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000001069 Raman spectroscopy Methods 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000003321 amplification Effects 0.000 description 1
- 210000000709 aorta Anatomy 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000009412 basement excavation Methods 0.000 description 1
- 238000005422 blasting Methods 0.000 description 1
- 238000009960 carding Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 125000000524 functional group Chemical group 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000003370 grooming effect Effects 0.000 description 1
- 230000005283 ground state Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 239000002346 layers by function Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000009417 prefabrication Methods 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000009420 retrofitting Methods 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000002269 spontaneous effect Effects 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000013316 zoning Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/80—Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
- H04B10/85—Protection from unauthorised access, e.g. eavesdrop protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention relates to the technical field of oil-gas pipe networks, in particular to a safe processing method and system for oil-gas pipe network data. The method comprises the following steps: s1, accessing oil-gas pipe network data through at least one access terminal, and carrying out security authentication on the access data through an edge data security gateway layer to obtain an authentication result; s2, transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme. The data transmission by utilizing the quantum secret communication backbone network transmission scheme can improve the safety of the data in the transmission process, and in addition, the safety certification is performed before the transmission, so that the data from the source is ensured to be safe, and the double guarantee is performed to ensure that the data safely reaches the appointed transmission position.
Description
Technical Field
The invention relates to the technical field of oil-gas pipe networks, in particular to a safe processing method and system for oil-gas pipe network data.
Background
The oil-gas pipe network is the aorta for safe, stable and efficient energy transportation in the Shandong guan nations. With the construction of intelligent pipe networks, new generation information technologies represented by artificial intelligence and digital technologies are rapidly integrated, and the security threat brought by data security attack and leakage events aiming at key infrastructure such as oil and gas pipe networks is continuously increased, so that the security demands of countries, organizations and storage and transportation enterprises on the data transmission of the oil and gas pipe networks are also increased.
In the face of instruction data such as oil gas pipe network regulation and control, intelligent control and the like, data security is ensured mainly based on a data encryption mode of a service private network at present. The encryption algorithm is mainly based on the traditional cryptography algorithm. The security of the most important public key cryptosystem of modern cryptography is established on the basis of specific mathematical problems, such as constructing a bottom mechanism of an encryption technology by using mathematical problems of large integer prime factor decomposition, discrete logarithm solution and the like. The computational effort and time consumed by the mathematical problem contained in the password based on the traditional computer brute force cracking are far greater than the effective value and survival time of the information. In this case, the cost of cracking the ciphertext is far higher than the value of the encrypted information, and conventional encryption thereof can be considered relatively secure. However, the difficulty of solving the mathematical encryption problem is beyond the goal of increasing terrorist forces and special cracking algorithms of quantum computers exponentially. The original detour attack mode of looking for holes and backdoors by the thief is gradually updated and evolved into a direct attack mode of performing violent calculation and cracking on an encryption system and a secret key, encryption information runs almost in a plaintext before quantum calculation, and the changes cause the collapse of a theoretical system of the password protection of the current information security.
In order to reduce the acquisition difficulty and the construction cost, the oil-gas pipe network data acquisition business department often selects main stream data acquisition software and hardware products of manufacturers on the market, and the products have good compatibility and powerful functions, but bring more safety risk exposure surfaces and more potential safety hazards at the same time, and are very fragile in front of network attacks aiming at data acquisition paths. On the other hand, although the business department can deploy special network security equipment and technical schemes to promote network security management and control, more attention is paid to security of a system and a platform layer, and attention to security of data sources in an edge data acquisition stage is generally insufficient. The data of a large amount of sensitive and important services is still mainly in a plaintext mode in the acquisition stage, special security encryption processing is not carried out, and the confidentiality and the integrity of the data cannot be ensured before the oriented attack face aiming at energy management and transmission. In addition, with the deep construction and application of intelligent pipe networks, the unmanned station automation operation, intelligent robot intelligent inspection, a large number of applications of intelligent control devices and the like are new trends. The intelligent edge replaces people to execute a large number of high-risk and key business operations, and the safety access and transmission of related equipment and data are the fundamental guarantee for realizing intelligent remote control on the basis of intelligent remote sensing and remote measurement.
Disclosure of Invention
The invention aims to solve the technical problem of overcoming the defects of the prior art, and particularly provides a safe processing method and system for oil-gas pipe network data, wherein the method comprises the following steps:
1) In a first aspect, the invention provides a method for safely processing oil-gas pipe network data, which comprises the following specific technical scheme:
s1, accessing oil-gas pipe network data through at least one access terminal, and carrying out security authentication on the access data through an edge data security gateway layer to obtain an authentication result;
s2, transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
The safety processing method for the oil-gas pipe network data has the following beneficial effects:
the data transmission by utilizing the quantum secret communication backbone network transmission scheme can improve the safety of the data in the transmission process, and in addition, the safety certification is performed before the transmission, so that the data from the source is ensured to be safe, and the double guarantee is performed to ensure that the data safely reaches the appointed transmission position.
On the basis of the scheme, the invention can be improved as follows.
Further, the method further comprises the following steps:
performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal;
When the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
Further, the process of performing security authentication on the access data through the edge data security gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
and performing authentication verification on the authentication data packet to obtain an authentication result.
Further, the process of transmitting the authenticated oil-gas pipe network data through the quantum secret communication backbone network transmission scheme is as follows:
and determining classification types according to the authentication result through the quantum secret communication backbone network transmission scheme, determining a key distribution scheme in a key distribution scheme set based on scene information of the oil and gas pipe network data to transmit the data, encrypting the oil and gas pipe network data according to the received key distribution scheme, and transmitting the encrypted oil and gas pipe network data to the edge data security gateway layer.
Further, the key distribution scheme set includes:
based on an online key distribution mode, issuing an online key and an encryption and decryption mode through quantum key distribution equipment integrated in the access terminal;
based on an online key distribution mode, issuing an online security decryption mode through a data encryption chip or a data encryption module integrated in the access terminal;
and based on an offline key distribution mode, the quantum offline filling secure peripheral or the data secure encryption secure peripheral integrated at the access terminal is used for issuing an offline key and an encryption mode.
Further, the transmission scheme of the quantum secret communication backbone network specifically comprises the following steps:
the quantum secret communication backbone network comprises a plurality of quantum communication nodes, and each quantum communication node comprises: a single photon emission source, a quantum random number generator and a quantum key generation device;
selecting any two quantum communication nodes as a transmitting end and a receiving end;
loading data to be transmitted into a quantum state through the quantum random number generator and the quantum key generation device to obtain an optical pulse signal containing key information;
based on a quantum channel, transmitting the optical pulse signal to a receiving end through a single photon emission source in the transmitting end, and simultaneously recording preparation information and coding information of the optical pulse signal;
Performing decoding processing and detection processing on the received optical pulse signals to obtain original keys corresponding to the optical pulse signals;
and obtaining a final key through post-processing of the original key by the sending end and the receiving end, and completing transmission of data to be transmitted through the final key.
Further, the method further comprises the following steps:
and carrying out security reinforcement processing on the transmission scheme of the quantum secret communication backbone network, wherein the security reinforcement processing comprises the following steps: and carrying out attack prevention reinforcement processing, disaster recovery reinforcement processing and equipment authentication processing on the single photon emission source, the quantum random number generator and the quantum key generation device on a receiving end.
2) In a second aspect, the invention also provides a system for safely processing oil-gas pipe network data, which comprises the following specific technical scheme:
the authentication module is used for: the method comprises the steps that oil and gas pipe network data are accessed through at least one access terminal, safety authentication is conducted on the access data through an edge data safety gateway layer, and an authentication result is obtained;
the transmission module is used for: and transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
Based on the scheme, the safety processing system of the oil-gas pipe network data can be improved as follows.
Further, the method further comprises the following steps:
the mode module is used for: performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal; when the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
Further, the process of performing security authentication on the access data through the edge data security gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
and performing authentication verification on the authentication data packet to obtain an authentication result.
Further, the key distribution scheme set includes:
based on an online key distribution mode, issuing an online key and an encryption and decryption mode through quantum key distribution equipment integrated in the access terminal;
Based on an online key distribution mode, issuing an online security decryption mode through a data encryption chip or a data encryption module integrated in the access terminal;
and based on an offline key distribution mode, the quantum offline filling secure peripheral or the data secure encryption secure peripheral integrated at the access terminal is used for issuing an offline key and an encryption mode.
Further, the transmission scheme of the quantum secret communication backbone network specifically comprises the following steps:
the quantum secret communication backbone network comprises a plurality of quantum communication nodes, and each quantum communication node comprises: a single photon emission source, a quantum random number generator and a quantum key generation device;
selecting any two quantum communication nodes as a transmitting end and a receiving end;
loading data to be transmitted into a quantum state through the quantum random number generator and the quantum key generation device to obtain an optical pulse signal containing key information;
based on a quantum channel, transmitting the optical pulse signal to a receiving end through a single photon emission source in the transmitting end, and simultaneously recording preparation information and coding information of the optical pulse signal;
performing decoding processing and detection processing on the received optical pulse signals to obtain original keys corresponding to the optical pulse signals;
And obtaining a final key through post-processing of the original key by the sending end and the receiving end, and completing transmission of data to be transmitted through the final key.
Further, the method further comprises the following steps:
and carrying out security reinforcement processing on the transmission scheme of the quantum secret communication backbone network, wherein the security reinforcement processing comprises the following steps: and carrying out attack prevention reinforcement processing, disaster recovery reinforcement processing and equipment authentication processing on the single photon emission source, the quantum random number generator and the quantum key generation device on a receiving end.
It should be noted that, the technical solutions of the second aspect and the corresponding possible implementation manners of the present invention may refer to the technical effects of the first aspect and the corresponding possible implementation manners of the first aspect, which are not described herein.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings in which:
FIG. 1 is a schematic flow chart of a method for safely processing oil and gas pipe network data according to an embodiment of the invention;
FIG. 2 is a schematic diagram of a model architecture of a system for safely processing oil and gas pipe network data according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a computer device for a method for safely processing oil and gas pipe network data according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a quantum encryption communication flow of a method for safely processing oil and gas pipe network data according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a quantum cryptography communication framework for a method for processing oil and gas pipe network data according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of an authentication flow chart of a method for safely processing oil and gas pipe network data according to an embodiment of the invention;
FIG. 7 is a schematic diagram of a security authentication flow of a security processing method for oil and gas pipe network data according to an embodiment of the present invention;
fig. 8 is a quantum encryption communication polygonal schematic diagram of a method for safely processing oil and gas pipe network data according to an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings.
As shown in fig. 1, the embodiment of the invention provides a method for safely processing oil-gas pipe network data, which comprises the following specific technical scheme:
s1, accessing oil-gas pipe network data through at least one access terminal, and carrying out security authentication on the access data through an edge data security gateway layer to obtain an authentication result;
S2, transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
The safety processing method for the oil-gas pipe network data has the following beneficial effects:
the data transmission by utilizing the quantum secret communication backbone network transmission scheme can improve the safety of the data in the transmission process, and in addition, the safety certification is performed before the transmission, so that the data from the source is ensured to be safe, and the double guarantee is performed to ensure that the data safely reaches the appointed transmission position.
Prior to S1, it may further include:
1. service scene grooming and protected object validation
For oil-gas pipe network, there are two kinds of scenes that need to be data-safely accessed:
supervisory control class traffic data: the data needs real-time early warning response and linkage control, and has higher requirements on data security and reliability. Such as intelligent control of a station, on-line monitoring of a health and safety environment, and the like.
Value cost class business data: the value class refers to data, such as pipeline trend coordinate data, pipeline flow data and the like, of which the data value can influence enterprise decisions and leakage can cause social harm and national security. Cost class data refers to the large cost required for acquisition, such as excavation detection data acquisition and blasting experiment record data.
It should be noted that, at present, the collection work is mostly collected by equipment of an external professional detection manufacturer, and besides technical intervention, regulatory constraints should be also performed in management.
2. Data security access scheme design
The general scheme can realize data security access by three layers, as shown in fig. 6, the uppermost layer is an oil-gas pipe network data security access management and control center, and is responsible for registering and authenticating devices such as a data access terminal, a gateway and the like, and providing support for keys and encryption infrastructure resources. This layer can be designed for deployment when the data access is formed in a relatively large scale.
The middle layer is an edge data security gateway layer and is responsible for the functions of authentication registration, key distribution, data encryption and decryption, data key storage, protocol conversion and the like of data security access of the data access terminal. The gateways of different scenarios should be functionally focused and differentiated. The access gateway of the same level and scene should also have redundancy mechanism, for example, the security gateway A and the security gateway B are redundant and monitor status mutually in the figure, so as to form a security edge data access network.
As shown in fig. 8, S1, the specific process of accessing the oil-gas pipe network data through at least one access terminal and performing security authentication on the access data through the edge data security gateway layer to obtain the authentication result is as follows:
S11, sending a device authentication audit application to an edge data security gateway layer through an access terminal;
the device authentication audit application is a bidirectional authentication application, namely, when the edge data security gateway layer receives the device authentication audit application, the device authentication audit application sends a unique identifier of the device authentication audit application to the access terminal, the access terminal receives the unique identifier and then verifies the unique identifier, and after the unique identifier passes the verification, a classified classification fingerprint is sent to the edge data security gateway layer, the edge data security gateway layer verifies the classified classification fingerprint, and when the verification passes, the bidirectional authentication based on the device authentication audit application is completed. And allowing data communication between the access terminal and the edge data security gateway layer.
In addition, there is a special case that if the data to be accessed is not accessed through the access terminal but directly passes through the edge data security gateway layer to be in butt joint with the security control center, the security control center completes the registration of all the access terminals or the sending terminals or the edge data security gateway layer in advance and the registration of the classified fingerprints.
The access terminal refers to: the terminal is positioned at the tail end of each service of the oil and gas pipeline network, and can provide access terminals of data acquisition sources in an online or offline mode through being connected with various monitoring sensors, data acquisition devices, input devices and the like.
The edge data security gateway layer refers to: the system is deployed at the side near the access terminal of the oil-gas pipe network, and provides a functional layer for carrying out data security protocol conversion, data security processing transmission, access terminal management and control authentication and other services on a large number of local access terminals, and the system can be an edge server or an edge/area level data center.
The safety control center refers to: edge data, equipment, and security transmission-managed service centers are often in the data center or cloud of an enterprise. The system has powerful data interface and safety control function, and is responsible for converging and supporting the uniform control and decision scheduling of the whole oil-gas pipe network at the whole enterprise level or the whole industry level.
S12, the access terminal sends an authentication and audit application to the edge data security gateway layer, determines the classification of data to be transmitted, and selects one of a classical encryption path or a quantum key distribution path according to the classification result;
the authentication and auditing application at least comprises the following steps:
the method comprises the steps of authentication application serial number, device address unique code/registration identification code of an access terminal, data security classification and grading fingerprint, target address code/service identification code of an accessible edge data security gateway layer, time stamp, message check code and the like.
The authentication audit application validates path selection for two-way authentication registration and matching.
The process of determining the hierarchy of data to be transmitted is:
and according to the consequences caused by original data leakage or tampering and the like, carrying out data security classification and classification evaluation on the data to be transmitted in advance, and embedding the corresponding machine-readable classification and classification fingerprint labels into the original data. Correspondingly, different devices and different transmission and distribution modes also preset a set of security classification and classification fingerprints according to the security protection capability.
When the data of different data classification and classification fingerprint labels are accepted and processed by an access terminal, an edge data security gateway and a security management and control center, security fingerprint identification and adaptation between the data and equipment and a transmission path are needed, and only the equipment and the transmission path meeting the security level data processing and transmission requirements can process and transmit the data of the level. For example, the data security level is set to 5 stages (D1, D2, D3, D4 and D5) from the lowest to the highest, the devices and the transmission paths are divided into 3 stages (T1, T2 and T3), corresponding adaptive fingerprint mapping relations are set, and the devices and the transmission paths of the T2 stage can support transmission processing of data of the corresponding stages D1, D2 and D3 respectively, but cannot process data transmission and processing of the stages D4 and D5. The data security requirement of the D5 level is highest, and only the device and the transmission path of the T3 level with the highest security protection capability can be supported. If the device or transmission path fingerprint is below T3, processing and transmission is denied.
S13, determining a key distribution scheme by combining an online state or an offline state of an access terminal with a security level through a key distribution scheme set, and updating and redistributing the key by a security management and control center at regular intervals;
the key distribution scheme set includes:
1) On-line key distribution mode:
access terminal 1: on-line key distribution and encryption and decryption modes realized based on quantum key distribution equipment;
access terminal 2: an online data security decryption transmission mode realized based on a data encryption chip or module;
2) Off-line key distribution mode:
access terminal 3: an offline key encryption mode based on quantum offline filling of a secure peripheral medium;
access terminal 4: and an offline key encryption mode based on the data security encryption of the secure peripheral media.
S14, after the access terminal and the edge data security gateway layer carry out negotiation and determination, a distributed secret key is obtained, and the distributed secret key is sent to the access terminal;
the negotiation determination process is as follows:
the polarization states of photons transmitted by the transmitting end are four: 90 ° polarization, 0 ° polarization, 45 ° polarization, 135 ° polarization. The states of the measurement base at the receiving end are two types: positive (filter), oblique (filter).
+ filters that can only pass photons polarized horizontally or vertically;
* A filter that can only pass photons polarized to the left or right;
the transmitting end randomly generates a secret key, selects a polarization base, modulates and prepares a single photon pulse signal to transmit, the receiving end randomly selects the polarization base to detect and decode, and the receiving end obtains secret key bit information after decoding. The detailed procedure is described as follows.
And then the two parties perform two publications on the classical channel to complete key negotiation.
First publication: the receiving end publishes the own polarization base selection, and the transmitting end confirms the correct subset and returns the correct polarization base. The purpose of this publication is to determine and preserve the correct decoding sequence.
Second publication: and selecting a section of key corresponding to the correct polarization base to be published by both parties, and if the difference occurs, indicating that someone eavesdrops. If so, the unpublished portion is selected as the final key and the negotiation is completed.
The sending process of the distributed secret key is as follows:
loading the secret key into a quantum state to prepare an optical pulse signal;
as shown in fig. 4, first, the quantum communication transmitting terminal a prepares a quantum state based on a quantum random number generating device, and loads a key into the quantum state by using a single photon source for transmission.
The preparation of the quantum state is a process for preparing the quantum state key information carrier at the transmitting end and mainly comprises the steps of base preparation, state preparation and light intensity preparation.
The base preparation refers to selecting two groups of standard orthogonal bases which are conjugate with each other in a two-dimensional Hilbert space, preparing coding base loss at a transmitting end and preparing measuring base loss at a receiving end. The encoding base and the measurement base are similar to the relationship of an encryption key and a decryption key.
State preparation refers to the inclusion of two quantum states in quadrature per group of radicals. Quantum states can be characterized by physical quantities of polarization, phase, time, spin, momentum, etc. The transmitting end determines the quantum state on the light pulse to be encoded according to the corresponding relation between the appointed binary bit and the quantum state in the quantum state preparation process according to the random sequence, modulates the quantum state loaded with the key information onto the corresponding light pulse according to the determined quantum state information, and stores classical bit information loaded with the quantum state.
The preparation of light intensity refers to the preparation of different intensities of quantum state light pulses. For the decoy-state protocol, the light intensity preparation refers to the preparation of light pulse intensities in different coding states such as signal state, decoy state, vacuum state and the like. The different coding strengths should have a differentiation.
The quantum state transmission is that the sending end sends the light pulse of the key information from the sending end to the receiving end through the optical fiber or the free space equal sub-channel. Meanwhile, the transmitting end A should record the transmitted light pulse preparation information and the coded information.
The preparation/coding information is the preparation coding information (such as base, state, light intensity information, etc.) of the transmitting end in the process of loading the key light pulse.
The quantum communication receiving terminal B continuously detects single photons and performs quantum state measurement on the detected single photons.
Quantum state measurement is two processes of decoding and detection at the receiving end. Decoding means that a receiving end randomly selects a measuring basis vector to measure the light pulse of the loading quantum state of a sending end to generate an original secret key.
The measurement is that the information such as the ground state light intensity of the received light pulse loaded with the key information is measured by using the measurement base loss, and only the consistent light pulse can pass through.
The detection refers to a detection process performed on a quantum communication single photon carrier (corresponding to a transmitting end, the transmitting end transmits single photon light pulses loaded with information, a receiving end monitors receiving and decodes), quantum state information is converted into classical bit information, so that an original key is obtained, and the detection is mainly completed by a single photon detector at present.
The quantum state information is the quantum encryption information obtained by the detection and measurement of the photon detector. The method is related to quantum state coding, and is formed by quantum state coding of key information by a transmitting end.
The process of converting quantum state information into classical bit information is as follows:
and the translation, conversion and decoding of quantum state to classical bit information are carried out at the receiving end, which is similar to digital-to-electric conversion.
After the measurement is completed, the two parties need to carry out post-processing such as key negotiation. The security of the quantum channel may guarantee that the key distribution process is not measurable, so the filtering and verification of the post-processing may be based on classical channels.
The post-processing process is used for ensuring consistency and integrity of interaction information of the two parties and performing links such as base pairing, error correction, safety enhancement and the like. The method comprises the steps of carrying out repeated publishing and comparison on a classical channel, only reserving data using the same basic vector to generate a screened key by comparison between the two parties, further carrying out error rate estimation to correct quantum bit errors to obtain an error-corrected key, and finally carrying out calculation compression ratio equivalent mathematical treatment on the error-corrected key to obtain a final key.
Quantum trusted relay C may also be added. The relay can simultaneously transmit and receive signals of two adjacent nodes and achieve the same transmission effect from a transmitting end to a receiving end. The trusted relay is mainly used for expanding the transmission distance of quantum communication or the scene of relay distribution in the route. A long-range quantum communication backbone can be built based on trusted relays. In addition, quantum communication satellites are also trusted relays in special sense.
And S15, monitoring the current step from S12 through a security management and control center, performing log recording, performing security risk early warning and monitoring on abnormal authentication and abnormal keys, encrypting data to be transmitted through the obtained distributed keys, and transmitting the data to an edge data security gateway layer through a classical channel.
The monitoring is as follows:
monitoring an authentication process in real time, and generating an abnormal record when any party fails to authenticate or is abnormal in authentication;
monitoring the determining and acquiring process of the distributed secret key in real time, and generating an abnormal record when the acquiring fails.
The classical channels are: the data transmission path distinguished from the quantum channel has lower theoretical security than that of the quantum channel, and can adopt a classical encryption mode to carry out security treatment.
In another embodiment, the method may further include: as shown in fig. 7, aspects of equipment safety reinforcement and retrofitting:
and accessing the safety control center to build and upgrade according to actual conditions. Therefore, the safety reinforcement and the transformation of the oil-gas pipe network equipment mainly relate to two layers of an access terminal and an access safety gateway, and the reinforcement and the transformation of the access terminal are realized based on a data safety access module or a data safety access peripheral medium. According to the scheme, the data security access module is used for realizing the functions of authentication and registration of access equipment, judging the fingerprint identification of the security level of the equipment, carrying out key distribution and management, carrying out secure local storage on access data, carrying out corresponding key distribution negotiation and the like. The data safety access medium is used for storing the key and the data encryption and decryption functions and providing the unique identity fingerprint identification digital certificate for authentication.
The edge data security access gateway is mainly divided into three large functional groups. The method comprises the following steps of:
load proxy class function: providing security classification of each access terminal and load of device authentication data transmission request, and various communication proxy functions.
System security management and control class function: providing access rights, authentication of device fingerprints, self-security awareness, and other functions.
Encryption and key distribution functions: the key storage, data encryption and decryption, key distribution security management and other functions are mainly provided. And can be subdivided into two branches of quantum confidentiality and classical encryption. For quantum key distribution, dedicated devices on the quantum secure optical communication link should be connected in series or invoked for doing so.
The scheme implementation process comprises the following steps:
the key example implementation flow of the whole method is as follows:
the process starts, and the data access terminal initiates a device authentication registration process, which mainly constructs an authentication data packet based on its own unique identifier and classified hierarchical fingerprint. Optionally, if there is a data access security management and control center, the management and control center should first complete all terminal and gateway device registration and identification fingerprint registration in advance.
The equipment authentication registration flow is as follows:
the authentication process includes two-way authentication.
I.e. mutual authentication between the terminal and the access gateway device,
and the two cases of an upper-level control center and a non-control center are divided.
Without the management center, information of the communication authentication device may need to be set in advance in the terminal device (pre-authentication).
The access gateway examines the authentication data packet initiated by the access terminal and performs hierarchical confirmation. And selecting a corresponding data security implementation scheme branch after hierarchical confirmation, namely a classical encryption path or a quantum key distribution path.
The access gateway generates the key and distributes the key through the secret channel. The distribution mode is selected according to the online and offline of the access terminal and the security level. The management center may periodically perform update synchronization and reassignment of keys.
After the access terminal and the access gateway carry out negotiation confirmation, the distributed secret key is obtained. The whole process from authentication to obtaining a final key is to carry out audit log record under the monitoring of a management and control center, and carry out security risk early warning and monitoring on abnormal authentication and keys.
The access terminal encrypts and stores the data by using the received key, and transmits the data to the access gateway side by using the classical channel, and the process is finished.
It should be noted that the above flow may be implemented in the opposite direction (e.g., receiving an instruction from the gateway to return to the access terminal) or in two directions, in a relay, etc. according to the flow direction of the sensitive data in the traffic scenario.
In another embodiment, the quantum communication network can be respectively built at a backbone network core layer, a regional convergence layer and an edge access layer, and the implementation of the method is described by taking the optical communication backbone network as a basis to build the quantum communication backbone network. The convergence layer and the edge layer can be designed and built with reference to the application and the cost.
The quantum communication device of each quantum communication node mainly includes: a single photon emission source, a single photon detector, a quantum random number generator, a quantum key generation device, a quantum gateway, a quantum switch/router, and the like. According to the requirement, special equipment such as quantum-classical wavelength division multiplexing, quantum relay stations, quantum security firewalls and the like can be added, and the optical fiber can be a single-mode optical fiber or a polarization-maintaining optical fiber.
(1) Single photon source
The single photon source is a physical realization foundation stone in the field of quantum information, and is an essential component of various different types of quantum hardware. The generation and manipulation of single photons has also become a key factor in applications such as quantum communications and quantum computing. The quantum key distribution protocols of the BB84 group all require that the sender uses ideal single photons for quantum state preparation. However, the technology for preparing portable and effective deterministic single photon sources is not mature enough and is not widely used, and most of quantum cryptography applications are completed by using WCS (weakly coherent) laser sources or probability prediction sources to simulate ideal single photon sources.
(2) Quantum random number generator
The Quantum Random Number Generator (QRNG) generates random numbers by utilizing a quantum random process, the randomness of the random numbers is ensured by the basic principle of quantum mechanics, and the random numbers are derived from quantum state superposition, quantum state entanglement, spontaneous radiation phase fluctuation, intensity fluctuation and the like, and belong to true random numbers. The method can be used for generating random numbers at a transmitting end, a receiving end and a relay node. It can also be combined with classical encryption algorithm key generation to provide true random number generation.
As shown in fig. 5, the main control center a mainly performs unified control on each station and the sub-control center, so that the main control center a has the most transmitting ends. The standby regulation and control center B is responsible for real-time disaster recovery with the main regulation and control center, and is ready to be switched with the main control center at any time. The regional branch control center C is responsible for continuously regulating and controlling the regional pipe network, and the provincial network branch control center D is responsible for regulating and controlling the provincial network under jurisdiction. Classical channels among the regulation centers are realized through an oil-gas pipe network regulation service private network optical communication network (dotted line loop). And simultaneously, a quantum channel backbone ring network (a ring with double solid lines in the middle) is constructed through a quantum switch/router and an optical communication network. The quantum relay stations can be arranged by properly selecting part of service key stations or stations at the middle distance between different control centers so as to facilitate the long-distance reliable transmission of the quantum channel.
The quantum communication nodes of each control center generate a quantum state key by a quantum key generation and management device, and then transmit the quantum state key to the opposite nodes through quantum channels by a quantum switch/router. The opposite node can be a sub-control center or a controlled station yard. Meanwhile, the cipher text encrypted by the key and the information of key negotiation can be separated through quantum vpn, and transmitted through the regulation and control service private network. The regulation service system is based on quantum vpn equipment to access the classical channel of the regulation service private network and the quantum secret communication backbone ring network.
The device composition of the communication node can be distinguished according to the functional positioning and service attribute of the node, and the expansibility is paid attention to so as to carry out combined expansion according to the positioning of the node.
In another embodiment, the oil and gas pipe network quantum secret communication is deployed and upgraded.
1. Deployment aspect
According to the functional positioning of each node of the existing optical communication network, a quantum secret communication ring network with large traffic and abundant optical cable resources is selected in the initial stage of deployment and upgrading of the nodes. Relevant equipment of QKD is added by relying on the communication infrastructures of the existing regulation and control center, important station machine rooms, optical cables and the like. And performing equipment capacity expansion on the OTN node, and gradually replacing and upgrading the original old equipment. The construction of the initial backbone/convergence layer network is based on the current situation of the existing optical cable and equipment, and the access layer network is partially optimized into a ring according to the construction of the optical cable.
2. Upgrade transformation
Early quantum secret communication must set a quantum key channel by a bare fiber transmission mode, and a transmission optical fiber between two points cannot pass through a router, an optical exchange, an optical amplifier and other devices. The quantum communication product needs two optical fibers to work, namely one optical fiber transmits quantum optical signals, and the other optical fiber transmits post-processing information required by a quantum communication protocol in a traditional optical communication mode. The application of quantum secret communication technology should confirm whether the channel has residual fiber core resources or not, and serious attenuation is generated when the nodes are more than fifty kilometers.
With the practical development of quantum secret communication technology, the above limitations are broken through more and more at present, and in particular, the following three upgrading and reforming modes exist.
a) Relay modification
Since the loss of photons in light will exhibit an exponential rise with increasing distance, it is difficult to perform efficient data transmission over long distances. Classical light can solve the above problems by means of a mature optical amplifier layout. However, the quantum light is limited by technical characteristics, the distance cannot be increased by adopting a conventional amplifier, and the most suitable mode is to complete the transmission distance expansion of the quantum light signal by arranging a safe and reliable relay node.
The oil-gas pipe network belongs to a typical linear object, the transmission distance is extremely long, the management of the self body of the pipeline also needs to be managed and maintained by arranging an intermediate station, and the pipeline optical communication network is also constructed, managed and maintained based on the station. From the geographic characteristic, the method is naturally suitable for the layout of the repeater when the pipe network optical communication is modified by quantum communication.
The current relay technology of quantum secret communication mainly comprises trusted relay, full quantum relay and the like. The reliable relay can locally store the relay key, so that the safety and the reliability of the relay node are guaranteed by means of an external technical means, and the quantum relay does not store the transmitted quantum secret key data per se because of the realized quantum state relay transmission, does not need external force to guarantee, and has natural reliability per se. However, in terms of practicality and easy implementation, the current-stage oil-gas pipe network quantum secret communication transformation recommends transformation by combining a station with a trusted relay mode.
How to guarantee the credibility of the relay node and avoid the key leakage risk of the relay node are important points for transformation. The implementation aspect may employ exclusive or relay techniques for security upgrades. The relay node temporarily stores the exclusive or value of the shared key with two similar nodes, except when the shared key is generated, the system does not store the key in a plaintext mode, and the safety of the relay can be improved. In addition, for the service scenes with high security level such as oil gas regulation and control, the trusted relay node is arranged in a station central control machine room with proper middle distance and high service criticality, and meanwhile, the trusted relay is ensured by combining personnel access authority management and technical protection means. For other business scenes such as intelligent control of unmanned stations, security and credibility of unmanned relay nodes can be ensured by using security technical means such as a key landing, namely an encryption technology, a key splitting relay technology, a relay key iterative transformation technology and the like.
b) Quantum communication and optical communication fusion transformation
There are two ideas for networking and reconstruction of quantum communication networks, one is to establish independent quantum communication fiber channels, and the other is classical and quantum channel multiplexing. For oil-gas pipe network, optical communication is still a main communication means in a long time in the future, and a multi-service coexistence scheme for realizing safe key distribution and two-way high-speed service encryption transmission by only occupying one optical fiber core becomes reality, so that the method has certain advantages in terms of cost and usability. In view of cost and practicality, the quantum communication network deployment and transformation and the existing classical optical communication network are fused, and the existing infrastructure is shared and fully utilized to be the optimal scheme. The method recommends the second way.
The integration of quantum communication QKD and classical optical communication is realized, and upgrading and transformation work is needed. On the one hand, because QKD quantum optical signals are very weak, they are often inundated with high power classical optical communication signals. On the other hand, nonlinear noise generated by classical light in an optical fiber can also have serious influence on quantum signal light. Therefore, the aim of transformation is mainly to isolate the quantum optical signal from the classical optical signal, and simultaneously reduce nonlinear noise interference of the classical light transmitted by the common fiber.
Current wavelength division multiplexing (Wavelength Division Multiplexing, WDM) technology has enabled both quantum and classical signals to be transmitted on one fiber. The wavelength configuration technology can be optimized in the upgrading and reforming process, and the optical amplification technology is utilized, so that quantum light can coexist in two directions in one optical fiber together with high-speed classical optical communication service. The channels of the optical fibers in the backbone network of the oil-gas pipe network have more abundant channel numbers besides the guaranteed service channels and the protection channels. Therefore, the wavelength division multiplexing technology is adopted on each node of the backbone network, and the quantum channels, the negotiation channels and the encrypted transmission of the service data required by the QKD technology are multiplexed on the same optical fiber, so that the efficient co-fiber transmission is realized.
The wavelength configuration optimization thought of the quantum channel of the common wavelength division multiplexing technology is suggested as follows:
the C wave band has the lowest loss in the optical fiber, and meanwhile, the C wave band 40 wave and 80 wave system is the main flow system of the current WDM system, and has wide application and mature technology. In classical optical communications, in order to obtain higher output power, an erbium-doped fiber amplifier (EDFA) is generally used to amplify classical light, and since the EDFA has better performance in the C-band (1530 nm-1565 nm), the C-band can be generally used for the classical signal wavelength.
Due to the unclonable nature of the quantum signal light, the quantum signal cannot be amplified. The quantum optical signal can select an O band (1260 nm-1360 nm) with low Raman noise or a C band with lowest loss. The selection of a specific wave band needs to be comprehensively considered by combining two factors. In view of practicality and CWDM easy distinguishing, at present, the quantum light is transmitted by adopting an O wave band with a center wavelength of 1310 nm.
In addition, the quantum optical signal is filtered by a narrow-band filter (narrow band filter) before being detected, so that the interference of classical light on quantum light can be further reduced.
The above-mentioned integration scheme of quantum communication network and backbone optical communication network can successfully realize the integration of multiple classical channels or classical channel bandwidths 40Gbps and QKD.
3) Scalable retrofit upgrade
In the aspect of networking expansion, the transformation is mainly performed around an oil-gas pipe network backbone optical communication network. However, as the concentration degree of the oil and gas pipe network is higher and higher, the modification of the convergence layer network and the access layer network also need to be considered. Corresponding expansion interfaces are reserved for the subsequent regional network and the internal safety data transmission of the local area network are communicated, so that the full technical planning is performed.
In the aspect of function expansion, along with technical progress, quantum modules and quantum devices are continuously developed to methods of reliable engineering, high performance, miniaturization and the like. Besides bearing the task of key distribution, the quantum cryptography can also support functions of digital signature, secret sharing and the like, and can also interact with the oil-gas pipe network sensing layer equipment at the access network level in the future so as to realize plug and play by combining in a modularized mode.
In another embodiment, the oil and gas pipe network quantum secret communication security reinforcement and maintenance
Although quantum secret communication is a highly secure communication mode, the security of the quantum secret communication is limited. Such as physical security, social engineering, back door, etc., of the QKD device. Meanwhile, the operation and maintenance of the quantum network can also encounter a plurality of problems such as delay, reliability, expandability, cost, safety, excessively high key consumption rate and the like. The reliability, safety, stability and operation and maintenance costs of the operation of the related equipment of the quantum secret communication backbone network are all important factors for determining the smooth application of the quantum secret communication backbone network.
1) Safety reinforcement
The decoding process of the receiving end can resist the relevant attacks such as Trojan horse attack, wavelength attack, fluorescence attack, counterfeit attack, time shift attack, equipment calibration attack and the like. The detection process should be able to resist strong light attacks, double count attacks, dead time attacks, post gate attacks, avalanche transition zone attacks, and the like.
Identity trusted authentication. The method supports identity authentication and configuration management of QKD equipment, a multiplexer/demultiplexer, an optical path switch and other quantum communication network equipment. And providing real-time monitoring and inquiring of software and hardware version information, parameter information and state information of the equipment, and providing recording and inquiring of weblog information. The authentication and authentication of all the information to be interacted during the post-processing can be performed in advance by means of keys of classical cryptography. The devices at the receiving and transmitting ends of the QKD often adopt a pre-stored key and a traditional encryption mode to carry out classical negotiation, and the security assurance for resisting quantum attack is lacking. In the encryption algorithm level, in order to improve the security of the QKD device authentication process, attention should be paid to the application progress of the post-quantum cryptography (PQC) algorithm technology in time, and a new generation of encryption algorithm for resisting quantum attack is provided. The QKD protocol key can also be used for equipment authentication, the QKD equipment is also used as an application scene of secure encryption, and subsequent authentication is performed by adopting a symmetric encryption mode after the QKD key authentication is obtained.
And (5) time synchronization. Network time synchronization is provided for equipment through NTP or other time service synchronization technologies, equipment and transmission traceability are guaranteed, and timeliness control is improved.
The security impact of links such as trusted nodes is solved by standardized and canonical designs.
2) Disaster recovery reinforcement
Disaster backup refers to the establishment of a systematic data emergency scheme in advance by utilizing scientific technical means and methods so as to cope with the occurrence of disasters. The quantum secret network disaster recovery equipment design content comprises a backup mechanism for establishing network links, equipment, data, personnel and systems, and further comprises business continuity management such as emergency response, disaster recovery plans, drilling mechanism plans, institutions and supply chain coordination management schemes.
When the oil-gas pipe network quantum secret communication backbone network fails, emergency disaster recovery is carried out by means of public key password encryption transmission of the original classical network, and the method is a feasible and reliable mode.
The use of external resources should also be considered appropriate when designing disaster recovery emergency solutions. For example, the technology of 'ink number' of the quantum science experiment satellite, the technology of 'jinghu trunk' of the quantum secret communication optical fiber network and the like are adopted in advance for experiment and switching, and emergency substitution resources with the nature of a quantum network operator are provided for an oil-gas pipe network.
3) Operation and maintenance
In quantum key distribution communication networks, key prefabrication and key pool establishment are often required as dynamic storage devices. A key management system is built based on QKD equipment and a QKD network, a central key management system is built to acquire the key pool state of each node, quantum key requests are managed and resource allocation is carried out, and the reliability of the key distribution network can be effectively improved. The key pool has higher consumption rate, and the nodes need to optimize routing and fiber core allocation strategies according to the state of the quantum key pool and set wavelength resource allocation strategies according to the state of the nodes and network requirements.
When the quantum communication network is developed to a certain scale, the difficulty of maintaining the routing table of the quantum communication network can be reduced through zoning and layering management, and the routing convergence speed is improved, so that flexible networking is realized, and the compatibility and the expandability of the network are improved.
The QKD technology is used to cooperate with various symmetric cryptographic algorithms, and can also be used in combination with post quantum cryptographic algorithms, etc., to establish an end-to-end quantum secure transmission channel, thereby realizing the encrypted transmission of important sensitive information between a terminal and a service system and between various service systems.
And a quantum network unified management and control operation maintenance platform similar to a classical network is constructed for the quantum secret communication network, and quantum network safety protection equipment such as a quantum firewall and the like are added and deployed.
In another embodiment, the present investigation of the optical communication of the oil and gas pipe network and the scene carding
Most of the oil and gas pipelines are buried underground, pipeline accompanying optical cables are often designed at the beginning of construction and laying, and pipeline communication private networks are formed among the self optical cables of the oil and gas pipelines along with rapid increase of pipeline construction. The private network is mainly used for carrying out important business data communication of oil and gas pipe network enterprises. The pipe optical communication private network has the following unique advantages, such as:
1) The pipeline optical cable has special departments for unified construction, management and operation and maintenance, and has the advantages of high transmission rate, large transmission capacity, strong anti-interference capability, safety and stability. The average optical cable core number is 24 cores, the bandwidth is high, and most of the sections can provide circuit protection, so that the reliability and the high efficiency of data communication service are ensured;
2) The coverage area is wider, the key city coverage is realized, and the two layers can be naturally looped;
3) The self system bearing can reduce renting operator circuits, and effectively reduces operation and maintenance cost;
4) The self optical communication network can be mutually isolated from an external operator network, so that the autonomous safety and controllability of a data link are ensured.
The method for carrying out the data security transmission of the oil and gas pipe network enterprise by utilizing the existing pipeline companion optical cable and combining the quantum secret communication technology has unique advantages.
The OTN (Optical TransportNetwork ) technology combines and expands the advantages of WDM and SDH technologies, and an OTN node station is added on optical transport equipment of a main convergence point of an established and newly-built pipeline optical cable, so that an oil-gas pipe network optical transport backbone convergence annular network is constructed, and the oil-gas pipe network regulation and control service requirements are further met.
In the oil-gas pipe network service, the regulation and control service has higher requirements on data real-time performance, safety and reliability, the oil-gas pipe operation data acquisition and monitoring are concentrated and converged to a regulation and control center, the regulation and control center uniformly carries out all pipe network operation and scheduling, and the requirements on the reliability and safety of optical communication transmission are increasingly greater. The important nodes are selected to construct a high-speed service transmission private network, and a safety transmission channel meeting the data of the oil-gas pipe network is constructed, so that the method is a basic requirement for realizing centralized regulation.
In addition, the internal transmission of important data assets and key data of a management network enterprise can be combined with data classification and grading, and the safe transmission can be performed by utilizing a quantum communication network with reference to regulatory services.
The technical scheme design of the oil-gas pipe network quantum secret communication is as follows:
considering data security, both network communication parties can adopt a symmetrical encryption mode to encrypt and decrypt transmission data. The security of the oil-gas pipe network encrypted transmission data is established on the basis of key security, and the key point is how to realize the secure distribution of the key. The quantum key distribution (Quantum Key Distribution, QKD) method provides a more secure key transport with security guaranteed by the unclonable, unmeasurable rationale of quantum mechanics. Is also the most mature quantum cryptography for quantum communication.
The quantum key distribution technology QKD can resist interception, eavesdropping and deciphering and distribute keys for both sides safely, the theory and engineering application of the QKD are gradually perfected, the function of the QKD is to realize negotiation and generation of symmetric keys, and the encryption and decryption functions can be realized by combining the QKD with a symmetric cryptographic algorithm. Information theory security, which can be used for encrypting information, is combined with one-time pad (OTP), and quantum security is realized by a symmetric cryptographic algorithm combined with quantum security. In addition, the quantum security technology is a new solution to the problem of easily and violently breaking the violence of the traditional encryption communication algorithm by resisting the quantum computing capability which is developed at high speed in the future.
Based on the above consideration, the oil-gas pipe network quantum secret communication technology mainly carries out around the quantum secret communication network construction to realize the quantum key distribution technology. The quantum communication network is similar to the classical network, and mainly consists of three elements of communication nodes, communication links and communication protocols. A communication node is a specific physical device that configures the operation of a communication transport protocol stack. Network links contain classical or quantum channels that exist between nodes. The communication protocol is a collection of network transmission protocols, and is that communication rules commonly complied with among nodes and among protocols of each layer are loaded and operated on the nodes.
2.1 Quantum communication protocol validation
The current quantum communication protocol mainly comprises a discrete variable protocol represented by BB84 protocol, a continuous variable protocol based on coherent state, a Distributed-Phase-Reference protocol, a decoy state protocol for resisting photon number separation attack, a device-independent distribution protocol and the like.
The BB84 protocol is historically the first quantum key distribution protocol, requiring the sender to use ideal single photons for quantum state preparation. The spoof BB84 protocol monitors the effect of channels and eavesdroppers on the light pulses by randomly doping the signal light emitted by the laser with spoofing light of different intensities, allowing detection of eavesdropping attempts (even if weak coherent laser pulses in a single photon system are used to transmit the qubits). The decoy-state protocol is widely adopted and applied, and the conventional performance of the current state of the art is that the quantum bit rate exceeds 10Mb s-1, the maximum transmission distance exceeds 240 km (optical fiber) and 1200 km (free space).
Further, the method further comprises the following steps:
performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal;
When the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
Further, the process of performing security authentication on the access data through the edge data security gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
and performing authentication verification on the authentication data packet to obtain an authentication result.
Further, the process of transmitting the authenticated oil-gas pipe network data through the quantum secret communication backbone network transmission scheme is as follows:
and determining classification types according to the authentication result through the quantum secret communication backbone network transmission scheme, determining a key distribution scheme in a key distribution scheme set based on scene information of the oil and gas pipe network data to transmit the data, encrypting the oil and gas pipe network data according to the received key distribution scheme, and transmitting the encrypted oil and gas pipe network data to the edge data security gateway layer.
Further, the key distribution scheme set includes:
based on an online key distribution mode, issuing an online key and an encryption and decryption mode through quantum key distribution equipment integrated in the access terminal;
based on an online key distribution mode, issuing an online security decryption mode through a data encryption chip or a data encryption module integrated in the access terminal;
and based on an offline key distribution mode, the quantum offline filling secure peripheral or the data secure encryption secure peripheral integrated at the access terminal is used for issuing an offline key and an encryption mode.
Further, the transmission scheme of the quantum secret communication backbone network specifically comprises the following steps:
the quantum secret communication backbone network comprises a plurality of quantum communication nodes, and each quantum communication node comprises: a single photon emission source, a quantum random number generator and a quantum key generation device;
selecting any two quantum communication nodes as a transmitting end and a receiving end;
loading data to be transmitted into a quantum state through the quantum random number generator and the quantum key generation device to obtain an optical pulse signal containing key information;
based on a quantum channel, transmitting the optical pulse signal to a receiving end through a single photon emission source in the transmitting end, and simultaneously recording preparation information and coding information of the optical pulse signal;
Performing decoding processing and detection processing on the received optical pulse signals to obtain original keys corresponding to the optical pulse signals;
and obtaining a final key through post-processing of the original key by the sending end and the receiving end, and completing transmission of data to be transmitted through the final key.
Further, the method further comprises the following steps:
and carrying out security reinforcement processing on the transmission scheme of the quantum secret communication backbone network, wherein the security reinforcement processing comprises the following steps: and carrying out attack prevention reinforcement processing, disaster recovery reinforcement processing and equipment authentication processing on the single photon emission source, the quantum random number generator and the quantum key generation device on a receiving end.
As shown in fig. 2, the invention further provides a system for safely processing oil-gas pipe network data, which comprises the following specific technical scheme:
the authentication module 100 is used for: the method comprises the steps that oil and gas pipe network data are accessed through at least one access terminal, safety authentication is conducted on the access data through an edge data safety gateway layer, and an authentication result is obtained;
the transmission module 200 is used for: and transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
Based on the scheme, the safety processing system of the oil-gas pipe network data can be improved as follows.
Further, the method further comprises the following steps:
the mode module is used for: performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal; when the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
Further, the process of performing security authentication on the access data through the edge data security gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
and performing authentication verification on the authentication data packet to obtain an authentication result.
Further, the key distribution scheme set includes:
based on an online key distribution mode, issuing an online key and an encryption and decryption mode through quantum key distribution equipment integrated in the access terminal;
Based on an online key distribution mode, issuing an online security decryption mode through a data encryption chip or a data encryption module integrated in the access terminal;
and based on an offline key distribution mode, the quantum offline filling secure peripheral or the data secure encryption secure peripheral integrated at the access terminal is used for issuing an offline key and an encryption mode.
Further, the transmission scheme of the quantum secret communication backbone network specifically comprises the following steps:
the quantum secret communication backbone network comprises a plurality of quantum communication nodes, and each quantum communication node comprises: a single photon emission source, a quantum random number generator and a quantum key generation device;
selecting any two quantum communication nodes as a transmitting end and a receiving end;
loading data to be transmitted into a quantum state through the quantum random number generator and the quantum key generation device to obtain an optical pulse signal containing key information;
based on a quantum channel, transmitting the optical pulse signal to a receiving end through a single photon emission source in the transmitting end, and simultaneously recording preparation information and coding information of the optical pulse signal;
performing decoding processing and detection processing on the received optical pulse signals to obtain original keys corresponding to the optical pulse signals;
And obtaining a final key through post-processing of the original key by the sending end and the receiving end, and completing transmission of data to be transmitted through the final key.
Further, the method further comprises the following steps:
and carrying out security reinforcement processing on the transmission scheme of the quantum secret communication backbone network, wherein the security reinforcement processing comprises the following steps: and carrying out attack prevention reinforcement processing, disaster recovery reinforcement processing and equipment authentication processing on the single photon emission source, the quantum random number generator and the quantum key generation device on a receiving end.
It should be noted that, the technical solutions of the second aspect and the corresponding possible implementation manners of the present invention may refer to the technical effects of the first aspect and the corresponding possible implementation manners of the first aspect, which are not described herein.
In the above embodiments, although steps S1, S2, etc. are numbered, only specific embodiments of the present invention are given, and those skilled in the art may adjust the execution sequence of S1, S2, etc. according to the actual situation, which is also within the scope of the present invention, and it is understood that some embodiments may include some or all of the above embodiments.
It should be noted that, the beneficial effects of the safety processing system for oil and gas pipe network data provided in the above embodiment are the same as the beneficial effects of the safety processing method for oil and gas pipe network data, and are not described herein again. In addition, when the system provided in the above embodiment implements the functions thereof, only the division of the above functional modules is used as an example, in practical application, the above functional allocation may be implemented by different functional modules according to needs, that is, the system is divided into different functional modules according to practical situations, so as to implement all or part of the functions described above. In addition, the system and method embodiments provided in the foregoing embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
As shown in fig. 3, in an embodiment of the present invention, a computer device 300 includes a processor 320, where the processor 320 is coupled to a memory 310, and at least one computer program 330 is stored in the memory 310, and the at least one computer program 330 is loaded and executed by the processor 320, so that the computer device 300 implements a method for safely processing oil and gas pipe network data according to any one of the above embodiments, specifically:
The computer device 300 may include one or more processors 320 (Central Processing Units, CPU) and one or more memories 310, where the one or more memories 310 store at least one computer program 330, and the at least one computer program 330 is loaded and executed by the one or more processors 320, so that the computer device 300 implements a method for safely processing oil and gas pipe network data provided by the above embodiments. Of course, the computer device 300 may also have a wired or wireless network interface, a keyboard, an input/output interface, and other components for implementing the functions of the device, which are not described herein.
The embodiment of the invention provides a computer readable storage medium, at least one computer program is stored in the computer readable storage medium, and the at least one computer program is loaded and executed by a processor, so that the computer realizes a safe processing method of oil and gas pipe network data according to any one of the above claims.
Alternatively, the computer readable storage medium may be a Read-Only Memory (ROM), a random access Memory (RandomAccess Memory, RAM), a compact disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, a computer program product or a computer program is also provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes any of the above-mentioned safety processing methods of the oil and gas pipe network data.
It should be noted that the terms "first," "second," and the like in the description and in the claims are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. The order of use of similar objects may be interchanged where appropriate such that embodiments of the application described herein may be implemented in other sequences than those illustrated or otherwise described.
Those skilled in the art will appreciate that the present application may be embodied as a system, method or computer program product, and that the disclosure may therefore be embodied in the form of: either entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or entirely software, or a combination of hardware and software, referred to herein generally as a "circuit," module "or" system. Furthermore, in some embodiments, the application may also be embodied in the form of a computer program product in one or more computer-readable media, which contain computer-readable program code.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (10)
1. The safe processing method of the oil-gas pipe network data is characterized by comprising the following steps of:
s1, accessing oil-gas pipe network data through at least one access terminal, and carrying out security authentication on the access data through an edge data security gateway layer based on a quantum secret communication backbone network transmission scheme to obtain an authentication result;
s2, transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
2. The method for safely processing oil and gas pipe network data according to claim 1, further comprising:
performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal;
when the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
3. The method for safely processing oil-gas pipe network data according to claim 1, wherein the process of carrying out safety authentication on the access data through the edge data safety gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
And performing authentication verification on the authentication data packet to obtain an authentication result.
4. The method for safely processing oil-gas pipe network data according to claim 3, wherein the process of transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme is as follows:
and determining classification types according to the authentication result through the quantum secret communication backbone network transmission scheme, determining a key distribution scheme in a key distribution scheme set based on scene information of the oil and gas pipe network data to transmit the data, encrypting the oil and gas pipe network data according to the received key distribution scheme, and transmitting the encrypted oil and gas pipe network data to the edge data security gateway layer.
5. The method for safely processing oil and gas pipe network data according to claim 4, wherein the key distribution scheme set comprises:
based on an online key distribution mode, issuing an online key and an encryption and decryption mode through quantum key distribution equipment integrated in the access terminal;
based on an online key distribution mode, issuing an online security decryption mode through a data encryption chip or a data encryption module integrated in the access terminal;
And based on an offline key distribution mode, the quantum offline filling secure peripheral or the data secure encryption secure peripheral integrated at the access terminal is used for issuing an offline key and an encryption mode.
6. The method for safely processing oil-gas pipe network data according to claim 4, wherein the quantum secret communication backbone network transmission scheme is specifically as follows:
the quantum secret communication backbone network comprises a plurality of quantum communication nodes, and each quantum communication node comprises: a single photon emission source, a quantum random number generator and a quantum key generation device;
selecting any two quantum communication nodes as a transmitting end and a receiving end;
loading data to be transmitted into a quantum state through the quantum random number generator and the quantum key generation device to obtain an optical pulse signal containing key information;
based on a quantum channel, transmitting the optical pulse signal to a receiving end through a single photon emission source in the transmitting end, and simultaneously recording preparation information and coding information of the optical pulse signal;
performing decoding processing and detection processing on the received optical pulse signals to obtain original keys corresponding to the optical pulse signals;
And obtaining a final key through post-processing of the original key by the sending end and the receiving end, and completing transmission of data to be transmitted through the final key.
7. The method for safely processing oil and gas pipe network data according to claim 6, further comprising:
and carrying out security reinforcement processing on the transmission scheme of the quantum secret communication backbone network, wherein the security reinforcement processing comprises the following steps: and carrying out attack prevention reinforcement processing, disaster recovery reinforcement processing and equipment authentication processing on the single photon emission source, the quantum random number generator and the quantum key generation device on a receiving end.
8. A system for safely processing oil and gas pipe network data, comprising:
the authentication module is used for: the method comprises the steps that oil and gas pipe network data are accessed through at least one access terminal, safety authentication is conducted on the access data through an edge data safety gateway layer, and an authentication result is obtained;
the transmission module is used for: and transmitting the authenticated oil-gas pipe network data through a quantum secret communication backbone network transmission scheme.
9. The system for safely processing oil and gas pipe network data according to claim 8, further comprising:
The mode module is used for: performing equipment authentication, registration, security level judgment and key distribution processing on a first access terminal through a data security access module, and taking the processed first access terminal as the access terminal; when the first access terminal is an offline access terminal, storing an offline key and an identity fingerprint identification digital certificate in the first access terminal.
10. The system for safely processing oil-gas pipe network data according to claim 8, wherein the process of performing safety authentication on the access data through the edge data safety gateway layer to obtain an authentication result is as follows:
when any access terminal monitors that oil and gas pipe network data are accessed, an authentication application and an authentication data packet corresponding to the authentication application are sent to the edge data security gateway layer, wherein the authentication data packet comprises a unique identifier of the access terminal initiating the authentication application and a classified classification fingerprint of the access terminal;
and performing authentication verification on the authentication data packet to obtain an authentication result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311171392.3A CN117081741A (en) | 2023-09-12 | 2023-09-12 | Safety processing method and system for oil-gas pipe network data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311171392.3A CN117081741A (en) | 2023-09-12 | 2023-09-12 | Safety processing method and system for oil-gas pipe network data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117081741A true CN117081741A (en) | 2023-11-17 |
Family
ID=88709870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311171392.3A Pending CN117081741A (en) | 2023-09-12 | 2023-09-12 | Safety processing method and system for oil-gas pipe network data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117081741A (en) |
-
2023
- 2023-09-12 CN CN202311171392.3A patent/CN117081741A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cao et al. | The evolution of quantum key distribution networks: On the road to the qinternet | |
| Aguado et al. | Secure NFV orchestration over an SDN-controlled optical network with time-shared quantum key distribution resources | |
| EP2697931B1 (en) | Qkd key management system | |
| US8855316B2 (en) | Quantum cryptography apparatus | |
| CN109302288B (en) | Quantum secret communication network system based on quantum key distribution technology and application thereof | |
| Kong | A review of quantum key distribution protocols in the perspective of smart grid communication security | |
| CN105827397A (en) | Quantum key distribution system, method and device based on trusted relay | |
| US20050172129A1 (en) | Random number generating and sharing system, encrypted communication apparatus, and random number generating and sharing method for use therein | |
| CN101325482A (en) | Method and device for managing cryptographic keys in secret communications network | |
| JP2013205604A (en) | Communication device and key management method | |
| Zhang et al. | Future quantum communications and networking: A review and vision | |
| CN110401530A (en) | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium | |
| CN111049645A (en) | Internet of things system and quantum key distribution method and device thereof | |
| Wang et al. | An efficient and privacy-preserving blockchain-based authentication scheme for low earth orbit satellite-assisted internet of things | |
| Shirko et al. | A novel security survival model for quantum key distribution networks enabled by software-defined networking | |
| Xu et al. | Software defined intelligent building | |
| CN111245618B (en) | Internet of things secret communication system and method based on quantum key | |
| KR102315725B1 (en) | The QRN KEY distribution and The hybrid quantum communication closure net system distributing different kinds of key | |
| Walenta et al. | Towards a north american qkd backbone with certifiable security | |
| CN117081741A (en) | Safety processing method and system for oil-gas pipe network data | |
| CN114401085B (en) | Network architecture and key storage method of quantum secret communication network | |
| AU2022314600A1 (en) | System and method for quantum-secure microgrids | |
| US11228431B2 (en) | Communication systems and methods for authenticating data packets within network flow | |
| Shirichian et al. | A QTCP/IP reference model for partially trusted-node-based quantum-key-distribution-secured optical networks | |
| Jain et al. | Quantum key distribution for data center security--a feasibility study |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |