CN117459325B - Three-party data communication method combining quantum communication and conventional communication - Google Patents
Three-party data communication method combining quantum communication and conventional communication Download PDFInfo
- Publication number
- CN117459325B CN117459325B CN202311777615.0A CN202311777615A CN117459325B CN 117459325 B CN117459325 B CN 117459325B CN 202311777615 A CN202311777615 A CN 202311777615A CN 117459325 B CN117459325 B CN 117459325B
- Authority
- CN
- China
- Prior art keywords
- self
- communication
- server
- contained
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 174
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000002441 reversible effect Effects 0.000 claims description 34
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000012795 verification Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Optics & Photonics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a three-party data communication method combining quantum communication with conventional communication, and relates to the field of data communication. The method comprises the steps of sending a communication request with a third party server to a self-owned user terminal through an internet, calling quantum random number generating equipment to generate two quantum random numbers with preset lengths, exchanging public keys between the user terminal and the server, and communicating the self-owned user terminal and the third party server through the self-owned server based on the quantum random numbers and the public keys. The method can realize higher-level communication encryption, ensure that information among three parties is invisible, and ensure that the three parties respectively grasp key information of one ring.
Description
Technical Field
The invention relates to the field of digital communication, in particular to a three-party data communication method combining quantum communication with conventional communication.
Background
The encryption mode of the existing network data generally adopts a symmetric encryption or asymmetric encryption mode, the same secret key is used for encryption and decryption in a symmetric encryption algorithm, once the secret key is captured, the secret key is easy to be globally cracked, and different secret keys are used for encryption and decryption in an asymmetric encryption algorithm, and the encryption mode also belongs to a mode for improving the data security based on encryption complexity and has long encryption time. In recent years, quantum technology has been greatly developed, and quantum communication technology has been increasingly applied. However, the technical threshold of the quantum communication technology is relatively higher, special quantum encryption equipment is required to be equipped, the popularization is relatively easy for enterprise users, and the popularization is difficult for personal users due to the inconvenience.
Disclosure of Invention
Aiming at the problem, the invention provides a three-party data communication method based on a single-side quantum technology.
Specifically, the invention provides a three-party data communication method based on quantum communication, which is used for carrying out data transmission among a self-owned server, a self-owned user terminal and a third-party server, and comprises the following steps:
the method comprises the steps that (1) a self-contained user terminal sends a communication request with a third party server to a self-contained server through an Internet, when the communication request is sent, the self-contained user terminal generates two pairs of public and private keys of the self-contained user terminal by utilizing an encryption algorithm of the self-contained user terminal, the two self-contained user terminal public keys Pub-K1 and Pub-K2 are sent to the self-contained server, and the self-contained two pairs of self-contained user terminal private keys Pri-K1 and Pri-K2 are stored;
step (2), a self-contained server receives a communication request sent by a self-contained user side and two pairs of public keys of the self-contained user side, and calls quantum random number generating equipment to generate a first quantum random number and a second quantum random number with preset lengths;
step (3), a communication request is sent from a self-operating server to a third party server, the third party server generates two pairs of public and private keys based on the communication request, the two pairs of public and private keys Pub-K3 and Pub-K4 are sent to the self-operating server, and the two pairs of private keys Pri-K3 and Pri-K4 are stored;
the self-contained server encrypts the first quantum random number and the two public keys Pub-K3 and Pub-K4 of the two self-contained clients by using the public keys Pub-K1 and Pub-K2 of the two self-contained clients respectively, sends the encrypted first quantum random number and the three public keys Pub-K4 to the self-contained clients, decrypts the first quantum random number and the three public keys by using the corresponding private keys respectively and verifies the first quantum random number and the three public keys, encrypts the second quantum random number and the public keys Pub-K1 and Pub-K2 of the self-contained clients by using the two public keys Pub-K3 and Pub-K4 of the self-contained clients respectively, sends the encrypted second quantum random number and the public keys Pub-K2 of the self-contained clients to the third party server, and decrypts the second quantum random number and the public keys of the self-contained clients by using the corresponding private keys respectively and verifies the second quantum random number and the public keys of the self-contained clients by using the third party server;
when the self-operating user side is pre-communicated with a third party, encrypting a communication message by using a three-party public key, processing the encrypted ciphertext by using a first quantum random number according to the agreed reversible operation, generating a communication irrelevant data packet with equal length, encrypting the communication irrelevant data packet by using the three-party public key, transmitting the ciphertext data processed by the reversible operation and the communication irrelevant data packet which is not subjected to the reversible operation, and transmitting the encrypted ciphertext data and the communication irrelevant data packet to a self-operating server to request for forwarding;
when the third party server communicates with the self-owned user terminal in advance, the public key of the self-owned user terminal is utilized to encrypt communication information, the encrypted ciphertext is processed according to agreed reversible operation by utilizing the second quantum random number, an equal-length communication irrelevant data packet is generated, the self-owned user terminal public key is adopted to encrypt the encrypted ciphertext, ciphertext data processed through reversible operation and the communication irrelevant data packet which is not processed through reversible operation are sent to the self-owned server, and forwarding is requested;
the self-operating server receives data of the self-operating user terminal and the self-operating user terminal respectively, performs one-time reversible operation on ciphertext of the self-operating user terminal and ciphertext of the self-operating user terminal respectively by using the first quantum random number and the second quantum random number, and forwards the data to the self-operating user terminal and the self-operating user terminal;
and (7) after the third party server and the self-operating user terminal respectively utilize the respective quantum random numbers to carry out reversible operation on the ciphertext, the respective private keys are used for decrypting the ciphertext after operation, and meaningless data packets after decryption are filtered out, so that the real data packets are obtained.
By the method, the secret technology almost reaching the quantum encryption level can be realized for the user by only installing the quantum encryption equipment at the enterprise end and the third-party self-owned server for quantum communication without installing the quantum encryption equipment at the user side, and continuous communication can be realized only by completely and correctly information of three parties in the whole communication through mutual balance among the three-party communication, so that the safety of the information is ensured
In a preferred implementation manner, the communication ciphertext between the self-operating server and the third party server is encrypted for the second time by adopting quantum encryption communication equipment and then is communicated, and the communication between the self-operating user side and the self-operating server is directly communicated by adopting internet communication equipment.
In a preferred implementation, the lengths of the first and second quantum random numbers are the same as or are in a predetermined multiple relationship with each other in a communication protocol adopted by the first and second quantum random numbers.
In a preferred implementation, the reversible operation includes an exclusive-or operation, a shift operation, or an inverted sequence operation.
In a preferred implementation manner, when the self-configured client and the third party server send data, a public key identifier is set in the current sent data to identify a public key used in the next batch or time period communication, and if the received communication data in the agreed batch or time period is different from the agreed encryption manner, the self-configured client and the third party server send a request for reestablishing a communication channel to the self-configured server, and the self-configured server returns to the step (2) to reestablish a random number to reestablish a communication link.
In a preferred implementation manner, the third party server and the self-operating user end decrypt each data packet by using the private keys respectively, if a communication independent data packet appears in the decrypted data packet or an identifier of the communication independent data packet is detected, the third party server and the self-operating user end indicate that the third party server receives a direct connection data packet or a disguised data packet which is not processed by the server, mask the corresponding access request, send a request for reestablishing a communication channel to the self-operating server, and return to the step (2), and reestablish the communication connection from the self-operating server.
In a preferred implementation manner, in the step (6), after receiving the communication ciphertext of the self-owned user terminal, the self-owned server performs an exclusive-or operation on the communication ciphertext by using the first quantum random number, performs an exclusive-or operation on the communication ciphertext by using the second quantum random number, obtains a forwarding ciphertext, and sends the forwarding ciphertext to the third party server.
In a preferred implementation manner, in the step (6), after receiving the communication ciphertext sent by the third party server, the self-camping server first uses the second quantum random number to perform an exclusive-or operation on the communication ciphertext, then uses the first quantum random number to perform an exclusive-or operation on the communication ciphertext, obtains a forwarding ciphertext, and then sends the forwarding ciphertext to the self-camping client.
By adopting the communication mode, the invention realizes the high-strength encryption guarantee of three-party communication, and the Trojan horse software can only obtain the second quantum random number used for communication between the self-contained server and the third party, the first quantum random number used for communication between the client and the self-contained server, the complete encryption and decryption algorithm of the client and the encryption and decryption algorithm of the third party server, so that the communication information between the third party and the client can be cracked, and the self-contained server and the third party server adopt quantum encryption to carry out secondary encryption, thereby further greatly improving the safety of data.
Because the communication between the third party server and the self-contained user terminal is carried out through the self-contained server with higher security level, the third party server is not affected when the self-contained user terminal has data leakage.
The invention sets up multiple check means, (1) set up check bit in each data packet; (2) The method comprises the steps that a third party server and a self-operating user side are provided with double keys, when the self-operating user side and the third party server transmit data each time, public keys used in the next batch of communication are agreed in the current transmitted data, and if the received data of the next batch of communication are different from the agreed encryption modes, verification fails; (3) When the third party server and the self-contained user terminal send data, correct data are processed by quantum random numbers, meanwhile, communication irrelevant data packets with equal length are generated, under normal conditions, the communication irrelevant data packets lack one-time reversible operation during encryption, if communication is carried out through the self-contained server through a normal path, after ciphertext passes through the two quantum random numbers reversible operation, the decryption terminal carries out one-time reversible operation, the communication irrelevant data packets and the original ciphertext do not have any relation, the communication irrelevant data packets are not passed through the self-contained server and are directly sent to the third party server or the self-contained user terminal, the communication irrelevant data packets are decrypted to obtain the original communication irrelevant data (more preferably, the communication irrelevant data identifier is provided, and if the third party server or the self-contained user terminal decrypts the identifier, the communication rule between the communication irrelevant data packets is further verified to be damaged. Therefore, the third party server and the self-contained user end respectively decrypt each data packet by utilizing the private keys, if the communication irrelevant data packet appears in the decrypted data packet, the third party server and the self-contained user end indicate that the self-contained user end receive the direct connection data packet which is not processed by the server, shield the direct connection access request, and send a request for reestablishing the communication channel to the self-contained server, so that third re-verification is realized.
By adopting the communication method, safer communication between the user and the self-owned server can be established, for example, when the user establishes communication with third-party payment software through an app, better data security protection can be realized.
Drawings
Fig. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
The embodiment provides a three-party data communication method based on quantum communication, which is used for data transmission among a self-owned server, a self-owned user terminal and a third-party server.
The self-operating user terminal can be a computer client terminal, a mobile phone client terminal or other mobile or non-mobile user terminals, and an application program matched with the self-operating server, such as an app or software, is installed on the self-operating user terminal. The self-owned server is a server for a specific application program, and has no payment function. The third party server is a server capable of providing communication or data services for the self-contained user terminal, and preferably has a payment function.
The self-operating server and the third party server communicate by adopting a quantum communication technology, for example, the mutually paired national shield cipher discs are respectively installed, and all ciphertexts are secondarily encrypted. After the communication between the self-operating server and the third party server is encrypted according to the following method, the encrypted transmission is carried out through the national shield cipher disc.
Therefore, on one hand, the quantum encryption software is guaranteed not to know the real information transmitted between the third party server and the self-contained user side, the third party server can still communicate with the self-contained server by adopting an encryption algorithm of the third party server, the communication information between the third party server and the self-contained user side is guaranteed to be invisible to the self-contained server, the self-contained server only provides two quantum random numbers with data forwarding and encryption assistance, the third party server can be guaranteed to be invisible to the encryption information of the self-contained user side, the data safety of a user is guaranteed, the self-contained user side is also invisible to the encryption information of the third party self-contained server, decryption can be carried out only through the quantum random numbers provided by the self-contained server under the condition that the self-contained server forwards and processes the data, and any link processing is absent, so that communication cannot be completed.
The method of the embodiment comprises the following steps:
the method comprises the steps of (1) sending a communication request to a self-contained server through an Internet at a self-contained user terminal, generating two pairs of public and private keys of the self-contained user terminal by utilizing an encryption algorithm of the self-contained user terminal when the communication request is sent, sending the two public keys Pub-K1 and Pub-K2 of the self-contained user terminal to the self-contained server, and storing the two pairs of private keys Pri-K1 and Pri-K2 of the self-contained user terminal. The encryption algorithms for the communication between the self-owned user terminals and the self-owned server can be mutually agreed in advance or not, but the private key generated by each self-owned user terminal during the communication is only saved by the self-owned user terminal, so that the self-owned server is ensured not to completely master the private data of the self-owned user terminal.
And (2) receiving a communication request and two pairs of public keys sent by a self-owned user terminal by a self-owned server, and calling quantum random number generating equipment (such as a quantum random number generator (QRNG-PHF) 100) to generate a first quantum random number and a second quantum random number with preset lengths.
In a preferred implementation, the first and second quantum random numbers have the same length as the data length of each data sub-packet or have a predetermined multiple relationship with each other in a communication protocol adopted by the three. Preferably, the length of the quantum random number is the same as the length of the data sub-packet, or is an integer multiple thereof, and the quantum random number can be recycled.
And (3) the self-service server sends a communication request (namely, all communication data in the self-service server and the third-party server are transmitted after being subjected to quantum encryption through quantum encryption software or a quantum encryption disc after the encryption of the method is finished) to the third-party server based on a quantum communication channel, the third-party server generates two pairs of public and private keys based on the communication request, and sends the two pairs of public and private keys Pub-K3 and Pub-K4 to the self-service server, and the two pairs of private keys Pri-K3 and Pri-K4 are stored.
And (4) the self-contained server encrypts the first quantum random number by using two self-contained user public keys Pub-K1 and Pub-K2 respectively, sends the first quantum random number and the two self-contained user public keys Pub-K3 and Pub-K4 to the self-contained user together, decrypts the first quantum random number and the three self-contained public keys Pub-K3 and Pub-K4 by using corresponding private keys respectively and verifies the first quantum random number, and sends the second quantum random number and the self-contained user public keys Pub-K1 and Pub-K2 to the third-party server together by using the two self-contained public keys Pub-K3 and Pub-K4 respectively, and the third-party server decrypts the second quantum random number and the self-contained user public keys Pub-K1 and Pub-K2 by using corresponding private keys respectively and verifies the second quantum random number and the self-contained user public keys Pub-K2.
Preferably, when the self-service server sends two public keys Pub-K3, pub-K4 and quantum random numbers to the self-service user terminal, hash values of the public keys and the quantum random numbers are respectively generated, the Hash is used as a single data packet to be sent to the self-service user terminal, and after the self-service user terminal checks the Hash correctly, the self-service user terminal confirms that the quantum random numbers and the public keys are received, so that the data packet is prevented from being tampered in the transmission process.
In another preferred implementation manner, when the self-contained server sends two three-party public keys Pub-K3, pub-K4 and the quantum random number to the self-contained user terminal, the self-contained server encrypts and sends the two public keys of the self-contained user terminal respectively, and the self-contained user terminal decrypts and verifies the two public keys respectively.
When the self-operating user side needs to communicate with a third party server, encrypting a communication message by using a third party public key, processing the encrypted ciphertext by using a first quantum random number according to the agreed reversible operation, generating a communication irrelevant data packet with the same length, encrypting the communication irrelevant data packet by using the third party public key, and transmitting ciphertext data processed by the reversible operation and the communication irrelevant data packet; the ciphertext after reversible operation processing is sent separately from the communication-independent data packet so that the receiver can receive it in two data units. The communication irrelevant data packet can be meaningless data in a specific form, such as Chinese characters, english and the like, which are irrelevant to the communication data, but can analyze semantic data, and is not messy code data or random numbers. More preferably, a specific identification character segment is implied at a specific location in the communication-independent data packet. In this way, once the third party server receives the communication irrelevant data packet, which is not the messy code data formed after being processed by the self-contained server, but the communication irrelevant data with the identifier, the third party server can timely find that the self-contained user side performs direct data transmission on the communication irrelevant data packet through a back door or other programs, and immediately stops the data transmission request of the access path.
When the third party server communicates, the self-operating user side public key is utilized to encrypt the communication message, the second quantum random number is utilized to process the encrypted ciphertext according to the agreed reversible operation, meanwhile, an equal-length communication irrelevant data packet is generated, the self-operating user side public key is utilized to encrypt the communication irrelevant data packet, and ciphertext data and the encrypted communication irrelevant data packet after the reversible operation are transmitted; the ciphertext after reversible operation processing is sent separately from the communication-independent data packet so that the receiver can receive it in two data units.
The self-operating server receives data of the self-operating user terminal and the self-operating user terminal respectively, performs one-time reversible operation on ciphertext of the self-operating user terminal and ciphertext of the self-operating user terminal respectively by using the first quantum random number and the second quantum random number, and forwards the data to the self-operating user terminal and the self-operating user terminal;
and (7) after the third party server and the self-operating user terminal respectively utilize the respective quantum random numbers to carry out reversible operation on the ciphertext, the respective private keys are used for decrypting the ciphertext after operation, and meaningless data packets after decryption are filtered out, so that the real data packets are obtained.
In a preferred implementation, the reversible operation is an exclusive-or operation, a shift operation, an inverse sequence operation, or other operations that use the same random number to recover the data as original data after two operations.
Taking the simplest exclusive or operation as an example, in step (5), when the self-operating user end needs to communicate with the third party server, the communication message is encrypted by using the third party public key to obtain a ciphertext, and the ciphertext data is packetized. And then performing exclusive-or operation on ciphertext in each packetized data packet by using the first quantum random number and the corresponding bit number of the first quantum random number, wherein for each bit, if the data on the two bits are the same, the exclusive-or result is 0, otherwise, the exclusive-or result is 1.
In step (6), after receiving the communication ciphertext sent by the third party server, the self-service server performs an exclusive-or operation on each data packet with the same length as the random number in the communication ciphertext by using the first quantum random number, performs an exclusive-or operation on the data packet with the same length as the random number, and then performs an exclusive-or operation on the data packet with the same length by using the second quantum random number to obtain a forwarding ciphertext, and then sends the forwarding ciphertext to the self-service user terminal. The first time of exclusive-or operation is equivalent to that the self-operating server restores the data to the original ciphertext, and the second time of exclusive-or operation is equivalent to that the original ciphertext is exclusive-or operated once by using the second quantum random number, so that the first quantum random number mastered by the self-operating user terminal is covered, and the random number used for encryption by the self-operating user terminal cannot be mastered by the third party server.
In another preferred implementation manner, the self-provided user side uses the first quantum random number as a parameter to perform secondary encryption processing on the ciphertext encrypted based on the three-party public key, the self-provided server uses the first quantum random number as a parameter to restore the ciphertext, and uses the second quantum random number to perform secondary encryption and then send the restored ciphertext to the three-party server, and vice versa.
In another preferred embodiment, each time when the self-operating user terminal and the third party server send data, the public key used in the next batch of communication is agreed in the current sent data, if the received next batch of communication data is different from the agreed encryption mode, the self-operating user terminal and the third party server send a request for reestablishing the communication channel to the self-operating server, and the self-operating server returns to step (2) to reestablish the random number and reestablish the communication link.
The next batch of communication mentioned here may be a unit of a certain amount of communication or a unit of a certain communication time. For example, in the current communication, communication data taking a standard time after 5 minutes as a time stamp is encrypted by adopting a certain public key, if the received data with the time stamp after the time is encrypted by adopting another public key, the possibility of leakage of data transmission is determined, and the establishment of a data link is requested to be carried out again by a self-owned server.
In another implementation, the third party server and the self-service client decrypt each data unit (including a number of data packets with complete semantics) or a predetermined number of data units per interval, before reversible operation, the data units decrypt each data unit with a respective private key, and if a communication independent data packet appears in the decrypted data packet (preferably, a random identification data is added in the communication independent data packet), this indicates that it receives a direct connection data packet that is not processed by the server, masks the direct connection access request, and sends a request for reestablishing a communication channel to the self-service server, and returns to step (2), and the self-service server reestablishes a communication connection.
The method of the invention can be used for establishing the single-side quantum encrypted safe data transmission between the self-owned user terminal and the third party server, and can ensure that the communication between the self-owned user terminal and the third party server is invisible to the self-owned server and the communication between the third party server and the self-owned server is invisible to the self-owned user terminal.
While the principles of the invention have been described in detail in connection with the preferred embodiments thereof, it should be understood by those skilled in the art that the foregoing embodiments are merely illustrative of the manner in which the invention may be practiced and not limiting of the scope of the invention. The details of the embodiments are not to be taken as limiting the scope of the invention, and any obvious modifications based on equivalent changes, simple substitutions, etc. of the technical solution of the invention fall within the scope of the invention without departing from the spirit and scope of the invention.
Claims (5)
1. The method is used for data transmission among a self-owned server, a self-owned user terminal and a third party server, and comprises the following steps:
the method comprises the steps that step (1) a self-contained user terminal sends a communication request with a third party server to a self-contained server through an internet, when the communication request is sent, the self-contained user terminal generates two pairs of public and private keys of the self-contained user terminal by utilizing an encryption algorithm of the self-contained user terminal, the two self-contained user terminal public keys Pub-K1 and Pub-K2 are sent to the self-contained server, and the self-contained two pairs of self-contained user terminal private keys Pri-K1 and Pri-K2 are stored; step (2), a self-contained server receives a communication request sent by a self-contained user side and two pairs of public keys of the self-contained user side, and calls quantum random number generating equipment to generate a first quantum random number and a second quantum random number with preset lengths; step (3), a communication request is sent from a self-operating server to a third party server, the third party server generates two pairs of public and private keys based on the communication request, the two pairs of public and private keys Pub-K3 and Pub-K4 are sent to the self-operating server, and the two pairs of private keys Pri-K3 and Pri-K4 are stored; the self-contained server encrypts the first quantum random number and the two public keys Pub-K3 and Pub-K4 of the two self-contained clients by using the public keys Pub-K1 and Pub-K2 of the two self-contained clients respectively, sends the encrypted first quantum random number and the three public keys Pub-K4 to the self-contained clients, decrypts the first quantum random number and the three public keys by using the corresponding private keys respectively and verifies the first quantum random number and the three public keys, encrypts the second quantum random number and the public keys Pub-K1 and Pub-K2 of the self-contained clients by using the two public keys Pub-K3 and Pub-K4 of the self-contained clients respectively, sends the encrypted second quantum random number and the public keys Pub-K2 of the self-contained clients to the third party server, and decrypts the second quantum random number and the public keys of the self-contained clients by using the corresponding private keys respectively and verifies the second quantum random number and the public keys of the self-contained clients by using the third party server; when the self-operating user side is pre-communicated with a third party, encrypting a communication message by using a three-party public key, processing the encrypted ciphertext by using a first quantum random number according to the agreed reversible operation, generating a communication irrelevant data packet with equal length, encrypting the communication irrelevant data packet by using the three-party public key, transmitting the ciphertext data processed by the reversible operation and the communication irrelevant data packet which is not subjected to the reversible operation, and transmitting the encrypted ciphertext data and the communication irrelevant data packet to a self-operating server to request for forwarding; when the third party server communicates with the self-owned user terminal in advance, the public key of the self-owned user terminal is utilized to encrypt communication information, the encrypted ciphertext is processed according to agreed reversible operation by utilizing the second quantum random number, an equal-length communication irrelevant data packet is generated, the self-owned user terminal public key is adopted to encrypt the encrypted ciphertext, ciphertext data processed through reversible operation and the communication irrelevant data packet which is not processed through reversible operation are sent to the self-owned server, and forwarding is requested; the self-operating server receives data of the self-operating user terminal and the self-operating user terminal respectively, performs one-time reversible operation on ciphertext of the self-operating user terminal and ciphertext of the self-operating user terminal respectively by using the first quantum random number and the second quantum random number, and forwards the data to the self-operating user terminal and the self-operating user terminal; and (7) after the third party server and the self-contained user side respectively utilize respective quantum random numbers to carry out reversible operation on the ciphertext, the respective private keys are used for carrying out decryption processing on the ciphertext after operation, meaningless data packets after decryption are filtered, real data packets are obtained, communication ciphertext between the self-contained server and the third party server is subjected to secondary encryption by adopting quantum encryption communication equipment and then is communicated, communication between the self-contained user side and the self-contained server is directly communicated by adopting Internet communication equipment, wherein the reversible operation refers to that for any data, after the data is subjected to one-time operation by utilizing a specific parameter, the obtained data is original data after the same operation is carried out again by utilizing the specific parameter, and the reversible operation comprises exclusive or reverse operation.
2. The method for three-party data communication combining quantum communication with conventional communication according to claim 1, wherein,
the length of the first quantum random number and the second quantum random number are the same as the data length of each data sub-packet or are in a preset multiple relation with each other in a communication protocol adopted by the first quantum random number, the second quantum random number and the third quantum random number.
3. The method for three-party data communication combining quantum communication with conventional communication according to claim 1, wherein,
when the self-operating user side and the third party server send data, a public key identifier is set in the current sent data and used for identifying a public key used in the next batch or time period communication, if the received communication data in the appointed batch or time period is different from the appointed encryption mode, the self-operating user side and the third party server send a request for reestablishing a communication channel to the self-operating server, and the self-operating server returns to the step (2) to reestablish the random number and reestablish the communication link.
4. The method for three-party data communication combining quantum communication with conventional communication according to claim 1, wherein,
and (3) the third party server and the self-operating user terminal decrypt each data packet by using the private keys respectively, and if the communication irrelevant data packet appears in the decrypted data packet or the identification of the communication irrelevant data packet is detected, the third party server and the self-operating user terminal indicate that the third party server receives the direct connection data packet or the disguised data packet which is not processed by the server, shield the corresponding access request, send a request for reestablishing a communication channel to the self-operating server, and return to the step (2) to reestablish the communication connection from the self-operating server.
5. The method for three-party data communication combining quantum communication with conventional communication according to claim 1, wherein,
in the step (6), the reversible operation adopts an exclusive-or operation, after the self-operating server receives the communication ciphertext of the self-operating user terminal, the communication ciphertext is firstly subjected to an exclusive-or operation by using a first quantum random number, then is subjected to an exclusive-or operation by using a second quantum random number, a forwarding ciphertext is obtained, and the forwarding ciphertext is sent to a third party server;
in the step (6), after receiving the communication ciphertext sent by the third party server, the self-operating server first uses the second quantum random number to perform an exclusive-or operation on the communication ciphertext, then uses the first quantum random number to perform an exclusive-or operation on the communication ciphertext to obtain a forwarding ciphertext, and then sends the forwarding ciphertext to the self-operating client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311777615.0A CN117459325B (en) | 2023-12-22 | 2023-12-22 | Three-party data communication method combining quantum communication and conventional communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311777615.0A CN117459325B (en) | 2023-12-22 | 2023-12-22 | Three-party data communication method combining quantum communication and conventional communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117459325A CN117459325A (en) | 2024-01-26 |
| CN117459325B true CN117459325B (en) | 2024-02-27 |
Family
ID=89580207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311777615.0A Active CN117459325B (en) | 2023-12-22 | 2023-12-22 | Three-party data communication method combining quantum communication and conventional communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117459325B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234501A (en) * | 2018-01-11 | 2018-06-29 | 北京国电通网络技术有限公司 | A kind of virtual plant safety communicating method based on quantum key fusion |
| CN110868290A (en) * | 2019-11-21 | 2020-03-06 | 成都量安区块链科技有限公司 | Key service method and device without central control |
| CN115204876A (en) * | 2022-07-20 | 2022-10-18 | 杭州舜时科技有限公司 | Quantum security U shield equipment and method for mobile payment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11818257B1 (en) * | 2022-04-27 | 2023-11-14 | Cisco Technology, Inc. | Systems and methods for providing user authentication for quantum-entangled communications in a cloud environment |
-
2023
- 2023-12-22 CN CN202311777615.0A patent/CN117459325B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234501A (en) * | 2018-01-11 | 2018-06-29 | 北京国电通网络技术有限公司 | A kind of virtual plant safety communicating method based on quantum key fusion |
| CN110868290A (en) * | 2019-11-21 | 2020-03-06 | 成都量安区块链科技有限公司 | Key service method and device without central control |
| CN115204876A (en) * | 2022-07-20 | 2022-10-18 | 杭州舜时科技有限公司 | Quantum security U shield equipment and method for mobile payment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117459325A (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9008312B2 (en) | System and method of creating and sending broadcast and multicast data | |
| CN113038468B (en) | Method for distributing and negotiating quantum key of wireless terminal of Internet of things | |
| CN109428867B (en) | Message encryption and decryption method, network equipment and system | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
| CN111884802B (en) | Media stream encryption transmission method, system, terminal and electronic equipment | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| WO2005057841A1 (en) | The method for generating the dynamic cryptogram in network transmission and the method for transmitting network data | |
| WO2012024905A1 (en) | Method, terminal and ggsn for encrypting and decrypting data in mobile communication network | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN117459325B (en) | Three-party data communication method combining quantum communication and conventional communication | |
| KR20060043178A (en) | Method of generating a cryptosync | |
| CN112291196B (en) | End-to-end encryption method and system suitable for instant messaging | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN115150076A (en) | Encryption system and method based on quantum random number | |
| EP2047631B1 (en) | Method for establishing a secret key between two nodes in a communication network | |
| CN113765900A (en) | Protocol interaction information output transmission method, adapter device and storage medium | |
| CN112235789A (en) | Interrupt recoverable secret communication processing method, device and system | |
| CN110855628A (en) | Data transmission method and system | |
| CN114978564B (en) | Data transmission method and device based on multiple encryption | |
| CN111490988B (en) | Data transmission method, device, equipment and computer readable storage medium | |
| CN110890968B (en) | Instant messaging method, device, equipment and computer readable storage medium | |
| CN112073370B (en) | Client encryption communication method | |
| KR20030008453A (en) | Method of inter-authentication and security service using user-password in SMS for CDMA network | |
| CN117749909A (en) | Data transmission method, data processing method and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |