技术领域Technical Field
本申请涉及量子通信领域,尤其涉及一种量子密钥充注系统、方法、设备、存储介质及程序产品。The present application relates to the field of quantum communication, and in particular to a quantum key injection system, method, device, storage medium and program product.
背景技术Background technique
随着量子通信技术的不断发展和完善,量子加密通话技术逐渐崭露头角。量子加密通话技术结合了量子密码与通信系统的特点,利用量子“不可分割”和“不可复制”的特性生成量子密钥,对通话内容进行加密保护,从而有效防止用户的重要信息在通话过程中被窃听或泄露。With the continuous development and improvement of quantum communication technology, quantum encryption call technology has gradually emerged. Quantum encryption call technology combines the characteristics of quantum cryptography and communication systems, uses the characteristics of quantum "indivisibility" and "non-copyability" to generate quantum keys, and encrypts and protects the content of calls, thereby effectively preventing users' important information from being eavesdropped or leaked during calls.
在量子加密通话中,提前将量子密钥预充注至用户识别卡(Subscriber IdentityModule,SIM)中是实现安全通话的关键步骤。通过安全SIM卡,可以对拨打安全通话时的语音数据进行加密处理,确保通话内容在传输过程中的安全性。通过量子密钥加密通话的方式不仅能够有效防止语音传送的内容泄漏,还能够提高通信的保密性和完整性。In quantum encrypted calls, pre-charging the quantum key into the Subscriber Identity Module (SIM) is a key step in achieving secure calls. Through the secure SIM card, the voice data when making a secure call can be encrypted to ensure the security of the call content during transmission. Encrypting calls with quantum keys can not only effectively prevent the leakage of voice transmission content, but also improve the confidentiality and integrity of communications.
当前,量子密钥充注方案主要基于量子密钥分发(Quantum Key Distribution,QKD)技术实现。但是,由于QKD网络传输距离有限,搭建成本较高,SIM卡线下量子密钥充注站点少等问题,导致现有技术中缺少在异地条件下实现安全、高效的SIM卡量子密钥充注方案。At present, quantum key injection schemes are mainly based on quantum key distribution (QKD) technology. However, due to the limited transmission distance of QKD network, high construction cost, and few offline quantum key injection sites for SIM cards, there is a lack of safe and efficient SIM card quantum key injection schemes in the existing technology under remote conditions.
发明内容Summary of the invention
本申请提供一种量子密钥充注系统、方法、设备、存储介质及程序产品,能够保证量子密钥传输过程的安全性,提升量子密钥充注效率。The present application provides a quantum key injection system, method, device, storage medium and program product, which can ensure the security of the quantum key transmission process and improve the efficiency of quantum key injection.
第一方面,本申请提供一种密钥充注系统,包括:量子密钥分发网络、云服务器、充注终端;量子密钥分发网络与云服务器之间网络连接;云服务器与充注终端之间网络连接。该方法包括:量子密钥分发网络用于产生量子密钥;充注终端用于基于插入充注终端的SIM卡,向云服务器发送认证请求信息;云服务器用于基于认证请求信息,对SIM卡进行身份认证;充注终端还用于在SIM卡认证通过的情况下,向云服务器发送充注申请;云服务器还用于响应于充注申请,从量子密钥分发网络获取量子密钥,并生成量子密钥数据包,将量子密钥数据包发送给充注终端。In the first aspect, the present application provides a key charging system, including: a quantum key distribution network, a cloud server, and a charging terminal; a network connection between the quantum key distribution network and the cloud server; and a network connection between the cloud server and the charging terminal. The method includes: the quantum key distribution network is used to generate quantum keys; the charging terminal is used to send authentication request information to the cloud server based on a SIM card inserted into the charging terminal; the cloud server is used to authenticate the SIM card based on the authentication request information; the charging terminal is also used to send a charging application to the cloud server when the SIM card authentication is passed; the cloud server is also used to obtain a quantum key from the quantum key distribution network in response to the charging application, generate a quantum key data packet, and send the quantum key data packet to the charging terminal.
本申请提供的技术方案至少能够产生以下有益效果:本申请提出了基于云服务器的量子密钥充注系统,通过采用“QKD网络-云服务器-充注终端”的网络连接方式,实现充注终端站点分布,扩大量子充注的服务范围,降低运营商线下铺开量子密钥充注站点的成本,同时引入SIM卡的身份认证,避免密钥传输过程发生中间人攻击,增强密钥传输过程的安全性,进而提高了量子密钥充注的效率。The technical solution provided by this application can at least produce the following beneficial effects: This application proposes a quantum key charging system based on a cloud server, which realizes the distribution of charging terminal sites by adopting the network connection method of "QKD network-cloud server-charging terminal", expands the service scope of quantum charging, and reduces the cost of operators to deploy quantum key charging sites offline. At the same time, it introduces SIM card identity authentication to avoid man-in-the-middle attacks in the key transmission process, enhances the security of the key transmission process, and thereby improves the efficiency of quantum key charging.
一种可能的实现方式,充注终端具体用于获取SIM卡的用户标识码;基于SIM卡的用户标识码进行一键认证,获取SIM卡的身份令牌;生成第一加密密文;第一加密密文包括SIM卡的用户标识码和SIM卡的身份令牌;第一加密密文由第一SM9公钥进行加密得到;向云服务器发送携带第一加密密文的认证请求信息;云服务器具体用于从认证请求信息中获取第一加密密文;采用第一SM9公钥对第一加密密文进行解密,得到SIM卡的用户标识码和SIM卡的身份令牌;基于SIM卡的用户识别码和SIM卡的身份令牌,对SIM卡进行身份认证。A possible implementation method is that the charging terminal is specifically used to obtain the user identification code of the SIM card; perform one-click authentication based on the user identification code of the SIM card to obtain the identity token of the SIM card; generate a first encrypted ciphertext; the first encrypted ciphertext includes the user identification code of the SIM card and the identity token of the SIM card; the first encrypted ciphertext is obtained by encrypting the first SM9 public key; send an authentication request message carrying the first encrypted ciphertext to the cloud server; the cloud server is specifically used to obtain the first encrypted ciphertext from the authentication request message; use the first SM9 public key to decrypt the first encrypted ciphertext to obtain the user identification code of the SIM card and the identity token of the SIM card; authenticate the SIM card based on the user identification code of the SIM card and the identity token of the SIM card.
第二方面,本申请提供一种量子密钥充注方法,应用于充注终端,包括:基于插入充注终端的SIM卡,向云服务器发送认证请求信息,以使得云服务器对SIM卡进行身份认证;在确定SIM卡认证通过的情况下,向云服务器发送充注申请;接收云服务器发送的量子密钥数据包;基于量子密钥数据包进行量子密钥的充注。In the second aspect, the present application provides a quantum key charging method, which is applied to a charging terminal, including: based on a SIM card inserted into the charging terminal, sending authentication request information to a cloud server so that the cloud server authenticates the SIM card; when it is determined that the SIM card authentication is passed, sending a charging application to the cloud server; receiving a quantum key data packet sent by the cloud server; and charging the quantum key based on the quantum key data packet.
本申请提供的技术方案至少能够产生以下有益效果:充注终端可以基于插入的SIM卡,向云服务器发送认证请求信息,以使得云服务器对SIM卡进行身份认证;进而在认证通过的情况下,在进行量子密钥的充注。可以看出,相比于相关技术无法实现安全、高效的SIM卡量子密钥充注的方案,本申请通过引入SIM卡的身份认证,避免密钥传输过程发生中间人攻击,增强密钥传输过程的安全性,进而提高了量子密钥充注的效率。The technical solution provided by this application can at least produce the following beneficial effects: the charging terminal can send authentication request information to the cloud server based on the inserted SIM card, so that the cloud server can authenticate the SIM card; and then, if the authentication is passed, the quantum key is charged. It can be seen that compared with the solution that the related technology cannot achieve safe and efficient SIM card quantum key charging, this application avoids man-in-the-middle attacks in the key transmission process by introducing SIM card identity authentication, enhances the security of the key transmission process, and thus improves the efficiency of quantum key charging.
一种可能的实现方式,基于插入充注终端的SIM卡,向云服务器发送认证请求信息,包括:获取SIM卡的用户标识码;基于SIM卡的用户标识码进行一键认证,获取SIM卡的身份令牌;生成第一加密密文;第一加密密文包括SIM卡的用户标识码和SIM卡的身份令牌;第一加密密文由第一SM9公钥进行加密得到;向云服务器发送携带第一加密密文的认证请求信息。A possible implementation method is to send an authentication request message to a cloud server based on a SIM card inserted into a charging terminal, including: obtaining a user identification code of the SIM card; performing one-click authentication based on the user identification code of the SIM card to obtain an identity token of the SIM card; generating a first encrypted ciphertext; the first encrypted ciphertext includes the user identification code of the SIM card and the identity token of the SIM card; the first encrypted ciphertext is encrypted by a first SM9 public key; and sending an authentication request message carrying the first encrypted ciphertext to the cloud server.
另一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;方法还包括:在SIM卡认证通过的情况下,接收云服务器发送的第二加密密文,第二加密密文由SM4对称密钥加密得到;第二加密密文包括第二SM9私钥,第二SM9私钥由云服务器基于SIM卡的用户标识码生成。Another possible implementation method is that the first encrypted ciphertext also includes an SM4 symmetric key generated by the charging terminal; the method also includes: when the SIM card authentication is passed, receiving a second encrypted ciphertext sent by the cloud server, the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key, and the second SM9 private key is generated by the cloud server based on the user identification code of the SIM card.
又一种可能的实现方式,量子密钥数据包为云服务器将SIM卡的身份信息作为第二SM9公钥进行加密得到的;基于量子密钥数据包进行量子密钥的充注,包括:采用第二SM9私钥对量子密钥数据包进行解密,得到量子密钥;基于量子密钥,进行量子密钥的充注。In another possible implementation method, the quantum key data packet is obtained by the cloud server encrypting the identity information of the SIM card as the second SM9 public key; the quantum key is injected based on the quantum key data packet, including: using the second SM9 private key to decrypt the quantum key data packet to obtain the quantum key; and injecting the quantum key based on the quantum key.
第三方面,本申请提供一种量子密钥充注方法,应用于云服务器,包括:接收充注终端发送的认证请求信息;基于认证请求信息,对插入充注终端的SIM卡进行身份认证;在认证通过的情况下,接收充注终端发送的充注申请;响应于充注申请,向充注终端发送量子密钥数据包。In the third aspect, the present application provides a quantum key charging method, which is applied to a cloud server, including: receiving authentication request information sent by a charging terminal; based on the authentication request information, performing identity authentication on a SIM card inserted into the charging terminal; if the authentication is passed, receiving a charging application sent by the charging terminal; and in response to the charging application, sending a quantum key data packet to the charging terminal.
另一种可能的实现方式,接收充注终端发送的认证请求信息,包括:从认证请求信息中获取第一加密密文;第一加密密文由第一SM9公钥进行加密得到;第一加密密文包括插入充注终端的SIM卡的用户标识码和SIM卡的身份令牌;采用第一SM9公钥对第一加密密文进行解密,得到SIM卡的用户标识码和SIM卡的身份令牌。Another possible implementation method is to receive the authentication request information sent by the charging terminal, including: obtaining a first encrypted ciphertext from the authentication request information; the first encrypted ciphertext is encrypted by a first SM9 public key; the first encrypted ciphertext includes a user identification code of a SIM card inserted into the charging terminal and an identity token of the SIM card; and the first encrypted ciphertext is decrypted using the first SM9 public key to obtain the user identification code of the SIM card and the identity token of the SIM card.
又一种可能的实现方式,基于认证请求信息,对插入充注终端的SIM卡进行身份认证,包括:基于SIM卡的用户识别码和SIM卡的身份令牌,对SIM卡进行身份认证。Another possible implementation is to authenticate the SIM card inserted into the charging terminal based on the authentication request information, including: authenticating the SIM card based on the user identification code of the SIM card and the identity token of the SIM card.
又一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;方法还包括:在认证通过的情况下,基于SIM卡的用户识别码生成第二SM9私钥;生成第二加密密文;第二加密密文由SM4对称密钥进行加密得到;第二加密密文包括第二SM9私钥;向充注终端发送第二加密密文。In another possible implementation, the first encrypted ciphertext also includes an SM4 symmetric key generated by a charging terminal; the method also includes: when authentication is successful, generating a second SM9 private key based on a user identification code of a SIM card; generating a second encrypted ciphertext; the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key; and sending the second encrypted ciphertext to the charging terminal.
又一种可能的实现方式,向充注终端发送量子密钥数据包之前,方法还包括:从量子密钥分发网络获取量子密钥;将SIM卡的用户识别码作为第二SM9公钥对量子密钥进行加密,得到量子密钥数据包。In another possible implementation, before sending the quantum key data packet to the charging terminal, the method also includes: obtaining a quantum key from a quantum key distribution network; encrypting the quantum key using the user identification code of the SIM card as a second SM9 public key to obtain a quantum key data packet.
第四方面,本申请提供一种量子密钥充注装置,应用于充注终端,该装置包括:认证模块、通信模块和充注模块;认证模块,用于基于插入充注终端的SIM卡,向云服务器发送认证请求信息,以使得云服务器对SIM卡进行身份认证;通信模块,用于在确定SIM卡认证通过的情况下,向云服务器发送充注申请;接收云服务器发送的量子密钥数据包;充注模块,用于基于量子密钥数据包进行量子密钥的充注。In a fourth aspect, the present application provides a quantum key charging device, which is applied to a charging terminal, and the device includes: an authentication module, a communication module and a charging module; the authentication module is used to send authentication request information to a cloud server based on a SIM card inserted into the charging terminal, so that the cloud server can authenticate the SIM card; the communication module is used to send a charging application to the cloud server when it is determined that the SIM card authentication is passed; receive a quantum key data packet sent by the cloud server; the charging module is used to charge the quantum key based on the quantum key data packet.
一种可能的实现方法,认证模块,具体用于获取SIM卡的用户标识码;基于SIM卡的用户标识码进行一键认证,获取SIM卡的身份令牌;生成第一加密密文;第一加密密文包括SIM卡的用户标识码和SIM卡的身份令牌;第一加密密文由第一SM9公钥进行加密得到;向云服务器发送携带第一加密密文的认证请求信息。A possible implementation method, an authentication module, is specifically used to obtain the user identification code of the SIM card; perform one-click authentication based on the user identification code of the SIM card to obtain the identity token of the SIM card; generate a first encrypted ciphertext; the first encrypted ciphertext includes the user identification code of the SIM card and the identity token of the SIM card; the first encrypted ciphertext is encrypted by a first SM9 public key; and send an authentication request message carrying the first encrypted ciphertext to a cloud server.
一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;通信模块,还用于在SIM卡认证通过的情况下,接收云服务器发送的第二加密密文,第二加密密文由SM4对称密钥加密得到;第二加密密文包括第二SM9私钥,第二SM9私钥由云服务器基于SIM卡的用户标识码生成。In a possible implementation method, the first encrypted ciphertext also includes an SM4 symmetric key generated by the charging terminal; the communication module is also used to receive a second encrypted ciphertext sent by the cloud server when the SIM card authentication is passed, and the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key, and the second SM9 private key is generated by the cloud server based on the user identification code of the SIM card.
一种可能的实现方式,量子密钥数据包为云服务器将SIM卡的身份信息作为第二SM9公钥进行加密得到的;充注模块,具体用于采用第二SM9私钥对量子密钥数据包进行解密,得到量子密钥;基于量子密钥,进行量子密钥的充注。In one possible implementation method, the quantum key data packet is obtained by the cloud server encrypting the identity information of the SIM card as the second SM9 public key; the filling module is specifically used to use the second SM9 private key to decrypt the quantum key data packet to obtain the quantum key; and based on the quantum key, the quantum key is filled.
第五方面,本申请提供一种量子密钥充注装置,应用于云服务器,该装置包括:通信模块和认证模块;通信模块,用于接收充注终端发送的认证请求信息;认证模块,用于基于认证请求信息,对插入充注终端的SIM卡进行身份认证;通信模块,还用于在认证通过的情况下,接收充注终端发送的充注申请;响应于充注申请,向充注终端发送量子密钥数据包。In a fifth aspect, the present application provides a quantum key charging device, which is applied to a cloud server, and the device includes: a communication module and an authentication module; the communication module is used to receive authentication request information sent by a charging terminal; the authentication module is used to perform identity authentication on a SIM card inserted into the charging terminal based on the authentication request information; the communication module is also used to receive a charging application sent by the charging terminal when the authentication is passed; and in response to the charging application, send a quantum key data packet to the charging terminal.
一种可能的实现方式,通信模块,具体用于从认证请求信息中获取第一加密密文;第一加密密文由第一SM9公钥进行加密得到;第一加密密文包括插入充注终端的SIM卡的用户标识码和SIM卡的身份令牌;采用第一SM9公钥对第一加密密文进行解密,得到SIM卡的用户标识码和SIM卡的身份令牌。A possible implementation method is a communication module, which is specifically used to obtain a first encrypted ciphertext from authentication request information; the first encrypted ciphertext is encrypted by a first SM9 public key; the first encrypted ciphertext includes a user identification code of a SIM card inserted into a charging terminal and an identity token of the SIM card; the first encrypted ciphertext is decrypted using the first SM9 public key to obtain the user identification code of the SIM card and the identity token of the SIM card.
一种可能的实现方式,认证模块,具体用于基于SIM卡的用户识别码和SIM卡的身份令牌,对SIM卡进行身份认证。In a possible implementation manner, the authentication module is specifically configured to authenticate the SIM card based on the user identification code of the SIM card and the identity token of the SIM card.
另一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;量子密钥充注装置还包括生成模块,用于在认证通过的情况下,基于SIM卡的用户识别码生成第二SM9私钥;生成第二加密密文,第二加密密文由SM4对称密钥进行加密得到;第二加密密文包括第二SM9私钥;通信模块,还用于向充注终端发送第二加密密文。Another possible implementation method is that the first encrypted ciphertext also includes an SM4 symmetric key generated by the charging terminal; the quantum key charging device also includes a generation module, which is used to generate a second SM9 private key based on the user identification code of the SIM card when the authentication is passed; generate a second encrypted ciphertext, and the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key; the communication module is also used to send the second encrypted ciphertext to the charging terminal.
又一种可能的实现方式,通信模块,还用于从量子密钥分发网络获取量子密钥;将SIM卡的用户识别码作为第二SM9公钥对量子密钥进行加密,得到量子密钥数据包。In another possible implementation method, the communication module is also used to obtain a quantum key from a quantum key distribution network; the user identification code of the SIM card is used as the second SM9 public key to encrypt the quantum key to obtain a quantum key data packet.
第六方面,本申请提供一种电子设备,该电子设备包括:处理器和存储器;存储器存储有处理器可执行的指令;处理器被配置为执行指令时,使得电子设备实现上述第一方面的方法。In a sixth aspect, the present application provides an electronic device, comprising: a processor and a memory; the memory stores instructions executable by the processor; when the processor is configured to execute the instructions, the electronic device implements the method of the first aspect above.
第七方面,本申请提供一种计算机可读存储介质,该计算机可读存储介质包括:计算机软件指令;当计算机软件指令在电子设备中运行时,使得电子设备实现上述第一方面的方法。In a seventh aspect, the present application provides a computer-readable storage medium, which includes: computer software instructions; when the computer software instructions are executed in an electronic device, the electronic device implements the method of the first aspect above.
第八方面,本申请提供一种计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行上述第一方面描述的相关方法的步骤,以实现上述第一方面的方法。In an eighth aspect, the present application provides a computer program product. When the computer program product is run on a computer, it enables the computer to execute the steps of the related method described in the first aspect above to implement the method of the first aspect above.
上述第三方面至第八方面的有益效果参考第一方面和第二方面的对应描述,不再赘述。The beneficial effects of the third to eighth aspects mentioned above refer to the corresponding descriptions of the first and second aspects and will not be repeated here.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本申请提供的一种量子密钥充注系统的结构示意图;FIG1 is a schematic diagram of the structure of a quantum key injection system provided by the present application;
图2为本申请提供的一种量子密钥充注方法的系统结构图;FIG2 is a system structure diagram of a quantum key injection method provided by the present application;
图3为本申请提供的另一种量子密钥充注方法的流程示意图;FIG3 is a schematic diagram of a flow chart of another quantum key injection method provided by the present application;
图4为本申请提供的又一种量子密钥充注方法的流程示意图;FIG4 is a schematic diagram of a flow chart of another quantum key injection method provided by the present application;
图5为本申请提供的又一种量子密钥充注方法的流程示意图;FIG5 is a schematic diagram of a flow chart of another quantum key injection method provided by the present application;
图6为本申请提供的又一种量子密钥充注方法的流程示意图;FIG6 is a schematic diagram of a flow chart of another quantum key injection method provided by the present application;
图7为本申请提供的一种量子密钥充注装置的结构示意图;FIG7 is a schematic diagram of the structure of a quantum key injection device provided by the present application;
图8为本申请提供的另一种量子密钥充注装置的结构示意图;FIG8 is a schematic diagram of the structure of another quantum key injection device provided by the present application;
图9为本申请提供的一种电子设备的结构示意图。FIG. 9 is a schematic diagram of the structure of an electronic device provided by the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.
需要说明的是,本申请实施例中,“示例性地”或者“例如”等词用于表示作例子、例证或说明。本申请实施例中被描述为“示例性地”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用“示例性地”或者“例如”等词旨在以具体方式呈现相关概念。It should be noted that, in the embodiments of the present application, words such as "exemplarily" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplarily" or "for example" in the embodiments of the present application should not be interpreted as being more preferred or more advantageous than other embodiments or designs. Specifically, the use of words such as "exemplarily" or "for example" is intended to present related concepts in a specific way.
为了便于清楚描述本申请实施例的技术方案,在本申请的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或相似项进行区分,本领域技术人员可以理解“第一”、“第二”等字样并不是在对数量和执行次序进行限定。In order to facilitate the clear description of the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish between identical items or similar items with basically the same functions and effects. Those skilled in the art can understand that words such as "first" and "second" do not limit the quantity and execution order.
如背景技术所述,随着量子通信技术的不断发展和完善,量子加密通话技术逐渐崭露头角。量子通信技术结合了量子密码与通信系统的特点,利用量子“不可分割”和“不可复制”的特性生成量子密钥,对通话内容进行加密保护,从而有效防止用户的重要信息在通话过程中被窃听或泄露。As mentioned in the background technology, with the continuous development and improvement of quantum communication technology, quantum encryption call technology has gradually emerged. Quantum communication technology combines the characteristics of quantum cryptography and communication systems, using the "indivisible" and "non-copyable" characteristics of quantum to generate quantum keys, encrypt and protect the call content, and effectively prevent the user's important information from being eavesdropped or leaked during the call.
在量子加密通话中,提前将量子密钥预充注至安全SIM卡中是实现安全通话的关键步骤。通过安全SIM卡,可以对拨打安全通话时的语音数据进行加密处理,确保通话内容在传输过程中的安全性。这种加密方式不仅能够有效防止语音传送的内容泄漏,还能够提高通信的保密性和完整性。In quantum encrypted calls, pre-charging the quantum key into the secure SIM card in advance is a key step to achieve secure calls. Through the secure SIM card, the voice data when making a secure call can be encrypted to ensure the security of the call content during transmission. This encryption method can not only effectively prevent the leakage of voice transmission content, but also improve the confidentiality and integrity of communications.
但由于量子的物理特性,当前量子密钥充注过程只能在线下进行,限制了充注的便捷性。传统的密钥充注方式往往可以通过网络远程进行,用户可以在任何时间、任何地点进行密钥的更新和管理。然而,由于量子密钥的充注需要特定的设备和环境,用户需要亲自前往指定的地点进行充注,这增加了用户的时间和空间成本。However, due to the physical properties of quantum, the current quantum key injection process can only be carried out offline, which limits the convenience of injection. Traditional key injection methods can often be carried out remotely through the Internet, and users can update and manage keys at any time and any place. However, since quantum key injection requires specific equipment and environment, users need to go to the designated location in person to inject, which increases the user's time and space costs.
尽管量子密钥分发技术为量子密钥分发与充注带来了新的解决方案,但由于QKD网络传输距离有限,搭建成本较高,SIM卡线下量子密钥充注站点少等问题,导致现有技术中缺少在异地条件下实现安全、高效的SIM卡量子密钥充注方案。Although quantum key distribution technology has brought new solutions for quantum key distribution and injection, due to the limited transmission distance of the QKD network, high construction costs, and the small number of offline quantum key injection sites for SIM cards, the existing technology lacks a safe and efficient SIM card quantum key injection solution under remote conditions.
针对上述技术问题,本申请实施例提供了一种量子密钥充注方法,其思路在于:基于插入充注终端的SIM卡,向云服务器发送认证请求信息,以使得云服务器对SIM卡进行身份认证;在确定SIM卡认证通过的情况下,向云服务器发送充注申请;接收云服务器发送的量子密钥数据包;基于量子密钥数据包进行量子密钥的充注。本方法实现了SIM卡的安全认证,避免密钥传输过程发生中间人攻击,增强密钥传输过程的安全性,进而提高了量子密钥充注的效率。In response to the above technical problems, the embodiment of the present application provides a quantum key filling method, the idea of which is: based on the SIM card inserted into the filling terminal, send authentication request information to the cloud server so that the cloud server can authenticate the SIM card; when it is determined that the SIM card authentication is passed, send a filling application to the cloud server; receive the quantum key data packet sent by the cloud server; and fill the quantum key based on the quantum key data packet. This method realizes the security authentication of the SIM card, avoids man-in-the-middle attacks in the key transmission process, enhances the security of the key transmission process, and thus improves the efficiency of quantum key filling.
为便于理解,下面结合说明书附图对本申请提供的密钥充注方法进行说明。For ease of understanding, the key injection method provided in this application is described below in conjunction with the accompanying drawings in the specification.
本申请提供的量子密钥充注方法,可应用于如图1所示的量子密钥充注系统中。如图1所示,量子密钥充注系统包括:量子密钥基础设施层100、云服务器200、充注终端300。量子密钥基础设施层100与云服务器200之间网络连接;云服务器200与充注终端300之间网络连接。The quantum key filling method provided in the present application can be applied to the quantum key filling system as shown in FIG1. As shown in FIG1, the quantum key filling system includes: a quantum key infrastructure layer 100, a cloud server 200, and a filling terminal 300. The quantum key infrastructure layer 100 is connected to the cloud server 200 through a network; the cloud server 200 is connected to the filling terminal 300 through a network.
其中,量子密钥基础设施层100包括:量子密钥分发网络110和密钥管理系统(KeyManagement System,KMS)120。Among them, the quantum key infrastructure layer 100 includes: a quantum key distribution network 110 and a key management system (Key Management System, KMS) 120.
其中,量子密钥分发网络110,用于产生量子密钥。Among them, the quantum key distribution network 110 is used to generate quantum keys.
示例性的,量子密钥分发网络110可以由至少一个QKD设备和量子随机数发生器(Quantum Random Number Generation,QRNG)构成。其中,至少一个QKD设备可以为不同的QKD设备厂商生产的,至少一个QKD设备可以是不同型号的设备(例如,图2中所示的QKD-A、QKD-B、QKD-C分别代表不同型号的QKD设备)。Exemplarily, the quantum key distribution network 110 may be composed of at least one QKD device and a quantum random number generator (QRNG). Among them, at least one QKD device may be produced by different QKD device manufacturers, and at least one QKD device may be a device of different models (for example, QKD-A, QKD-B, and QKD-C shown in FIG. 2 represent different models of QKD devices, respectively).
KMS120,用于管理量子密钥的分发。KMS120, used to manage the distribution of quantum keys.
在一些实施例中,如图2所示,KMS120,用于基于接收到的密钥充注申请,获取并分发量子密钥。示例性的,KMS120接收云服务器200发送的密钥充注申请,进而从量子密钥分发网络110获取量子密钥,并将获取的量子密钥发送给云服务器200。In some embodiments, as shown in FIG2 , KMS 120 is used to obtain and distribute quantum keys based on received key injection applications. Exemplarily, KMS 120 receives a key injection application sent by cloud server 200, obtains a quantum key from quantum key distribution network 110, and sends the obtained quantum key to cloud server 200.
在一些实施例中,如图2所示,KMS120中配备量子密钥适配器,用于对接不同接口、不同型号、不同厂商的量子网关设备,根据对象封装理念为上层应用提供标准化接口,同时支持量子密钥适配器的灵活扩展,使得不同设备形态之间可以通过标准化的接口进行兼容。In some embodiments, as shown in FIG2 , KMS 120 is equipped with a quantum key adapter for connecting to quantum gateway devices of different interfaces, models, and manufacturers, providing a standardized interface for upper-layer applications based on the object encapsulation concept, and supporting flexible expansion of the quantum key adapter, so that different device forms can be compatible through standardized interfaces.
在一些实施例中,如图2所示,KMS120,还用于进行量子密钥的运算服务和管理服务;运算服务包括数据加解密、产生量子随机数、证书校验和完整性校验;管理服务包括密钥权限管理、密钥类别管理、充注记录查询和密钥算法配置。In some embodiments, as shown in FIG2 , KMS 120 is also used to perform quantum key computing services and management services; computing services include data encryption and decryption, generation of quantum random numbers, certificate verification, and integrity verification; management services include key authority management, key category management, filling record query, and key algorithm configuration.
示例性的,如图2所示,量子密钥基础设施层100根据移动通信网络的大区制分别划分为多个资源大区并部署在关键省份。Illustratively, as shown in FIG2 , the quantum key infrastructure layer 100 is divided into a plurality of resource regions according to the regional system of the mobile communication network and deployed in key provinces.
在一些实施例中,量子密钥分发网络110,用于根据KMS120发送的密钥请求产生高质量量子密钥,并将量子密钥提供给KMS120。In some embodiments, the quantum key distribution network 110 is used to generate a high-quality quantum key according to a key request sent by the KMS 120, and provide the quantum key to the KMS 120.
云服务器200,用于对用户SIM卡进行身份认证。The cloud server 200 is used to authenticate the user's SIM card.
示例性的,通过对比用户手机号证明用户合法性完成身份认证。Exemplarily, identity authentication is completed by comparing the user's mobile phone number to prove the user's legitimacy.
在一些实施例中,云服务器200,还用于向量子密钥基础设施层100发送量子密钥充注申请,并在接收到量子密钥基础设施层100生成的待充注量子密钥后,云服务器200加密待充注量子密钥形成量子密钥数据包并下发给充注终端300。In some embodiments, the cloud server 200 is also used to send a quantum key injection application to the quantum key infrastructure layer 100, and after receiving the quantum key to be injected generated by the quantum key infrastructure layer 100, the cloud server 200 encrypts the quantum key to be injected to form a quantum key data packet and sends it to the injection terminal 300.
在一些实施例中,如图2所示,云服务器,还用于进行应用管理和服务管理;应用管理包括用户账号管理、安全介质管理、应用权限管理、服务日记审计和密码设备;服务管理包括安全策略定义、资源链路监测、一键认证服务、密码资源调度、服务负载均衡、密码操作审计。In some embodiments, as shown in Figure 2, the cloud server is also used for application management and service management; application management includes user account management, security media management, application permission management, service diary auditing and cryptographic equipment; service management includes security policy definition, resource link monitoring, one-click authentication service, cryptographic resource scheduling, service load balancing, and cryptographic operation auditing.
充注终端300,为线下进行量子密钥充注的设备。The charging terminal 300 is a device for performing quantum key charging offline.
示例性的,充注终端300向插入的SIM卡充注量子密钥。Exemplarily, the charging terminal 300 charges the quantum key into the inserted SIM card.
在一些实施例中,充注终端300,还用于对插入的SIM卡进行身份认证。In some embodiments, the charging terminal 300 is also used to authenticate the inserted SIM card.
示例性的,如图2所示,充注终端300内置的软件开发工具包(SoftwareDevelopment Kit,SDK),充注终端300通过调用SDK对插入的SIM卡进行一键认证,生成身份令牌,进而基于身份令牌生成并向云服务器200发送认证请求消息,由云服务器基于认证请求消息对SIM进行身份认证。Exemplarily, as shown in FIG2 , the charging terminal 300 has a built-in software development kit (SDK). The charging terminal 300 performs one-click authentication on the inserted SIM card by calling the SDK to generate an identity token, and then generates and sends an authentication request message to the cloud server 200 based on the identity token. The cloud server performs identity authentication on the SIM card based on the authentication request message.
在一些实施例中,如图2所示,充注终端300,还用于查询密码服务状态、检测网络链路状态。In some embodiments, as shown in FIG. 2 , the charging terminal 300 is also used to query the cryptographic service status and detect the network link status.
在一些实施例中,如图2所示,充注终端300包括用户界面,用于与用户进行人机交互,以完成量子密钥的充注。In some embodiments, as shown in FIG. 2 , the filling terminal 300 includes a user interface for performing human-computer interaction with a user to complete the filling of the quantum key.
在一些实施例中,如图2所示,充注终端300还可以包括量子随机数模块,用于产生随机数。充注终端300中还包括安全介质,作为常规安全防护措施。In some embodiments, as shown in Figure 2, the filling terminal 300 may further include a quantum random number module for generating random numbers. The filling terminal 300 also includes a secure medium as a conventional security protection measure.
在一些实施例中,充注终端300可以部署在各个地区的运营商营业厅内,增加营业厅的业务类型。In some embodiments, the filling terminal 300 can be deployed in the operator's business halls in various regions to increase the business types of the business halls.
可以理解的是,针对相关技术中QKD网络传输距离有限,搭建成本较高,SIM卡线下量子密钥充注站点少等问题,本申请提供的量子密钥充注系统引入了云服务器,作为QKD网络和充注终端之间的桥梁,如此,能够解决QKD网络传输距离有限的问题,同时,本申请可以在关键省份搭建QKD网络,在各地市布局充注终端,如此,多个地市的充注终端可以共用一个QKD网络,能够降低QKD网络的搭建成本,解决SIM卡线下量子密钥充注站点少等问题。It can be understood that in response to the problems in the related technologies such as limited transmission distance of the QKD network, high construction cost, and few offline quantum key filling sites for SIM cards, the quantum key filling system provided by the present application introduces a cloud server as a bridge between the QKD network and the filling terminal. In this way, the problem of limited transmission distance of the QKD network can be solved. At the same time, the present application can build a QKD network in key provinces and deploy filling terminals in various cities. In this way, filling terminals in multiple cities can share a QKD network, which can reduce the construction cost of the QKD network and solve the problem of few offline quantum key filling sites for SIM cards.
同时,本申请还引入了SIM卡的身份认证,避免密钥传输过程发生中间人攻击,增强密钥传输过程的安全性,进而提高量子密钥充注的效率,能够在异地条件下实现安全、高效的SIM卡量子密钥充注。At the same time, this application also introduces SIM card identity authentication to avoid man-in-the-middle attacks during the key transmission process, enhance the security of the key transmission process, and thereby improve the efficiency of quantum key injection, and can achieve safe and efficient SIM card quantum key injection under remote conditions.
可以理解的是,本公开实施例的应用场景不做限定。本公开实施例描述的系统架构以及业务场景是为了更加清楚的说明本公开实施例的技术方案,并不构成对于本公开实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本公开实施例提供的技术方案对于类似的技术问题,同样适用。It is understandable that the application scenarios of the embodiments of the present disclosure are not limited. The system architecture and business scenarios described in the embodiments of the present disclosure are intended to more clearly illustrate the technical solutions of the embodiments of the present disclosure, and do not constitute a limitation on the technical solutions provided by the embodiments of the present disclosure. It is known to those skilled in the art that with the evolution of network architecture and the emergence of new business scenarios, the technical solutions provided by the embodiments of the present disclosure are also applicable to similar technical problems.
图3为本申请实施例提供的一种量子密钥充注方法的流程示意图。如图3所示,本申请提供的量子密钥充注方法,可以用于如图1所示的量子密钥充注系统,具体包括以下步骤:FIG3 is a flow chart of a quantum key filling method provided in an embodiment of the present application. As shown in FIG3, the quantum key filling method provided in the present application can be used in the quantum key filling system shown in FIG1, and specifically includes the following steps:
S201、充注终端基于插入充注终端的SIM卡,向云服务器发送认证请求信息;相应地,云服务器接收到充注终端发送的认证请求消息。S201. The charging terminal sends authentication request information to the cloud server based on the SIM card inserted into the charging terminal; accordingly, the cloud server receives the authentication request message sent by the charging terminal.
其中,认证请求信息用于云服务器对用户SIM卡进行身份认证。The authentication request information is used by the cloud server to authenticate the user's SIM card.
在一些实施例中,充注终端通过一键认证SDK接口,对插入充注终端的SIM卡进行一键认证,进而基于一键认证的结果,向云服务器发送认证请求信息。In some embodiments, the charging terminal performs one-key authentication on the SIM card inserted into the charging terminal through the one-key authentication SDK interface, and then sends authentication request information to the cloud server based on the result of the one-key authentication.
示例性的,认证请求信息可以包括对SIM卡进行一键认证得到的身份令牌(LoginToken)和SIM卡的身份标识符。Exemplarily, the authentication request information may include an identity token (LoginToken) obtained by performing one-click authentication on the SIM card and an identity identifier of the SIM card.
示例性的,步骤S201的具体实现可以参见以下步骤S2011-S2016,此处不再赘述。Exemplarily, the specific implementation of step S201 can refer to the following steps S2011-S2016, which will not be repeated here.
S202、云服务器基于认证请求信息,对插入充注终端的SIM卡进行身份认证。S202: The cloud server performs identity authentication on the SIM card inserted into the charging terminal based on the authentication request information.
示例性的,在认证请求信息包括身份令牌和SIM卡的身份标识符的情况下,对插入充注终端的SIM卡进行身份认证,包括:通过身份令牌验证接口获得身份标识符明文;通过对比认证请求信息中的身份标识符和身份标识符明文来对SIM卡进行身份认证。Exemplarily, when the authentication request information includes an identity token and an identity identifier of the SIM card, identity authentication is performed on the SIM card inserted into the charging terminal, including: obtaining a plain text identity identifier through an identity token verification interface; and authenticating the SIM card by comparing the identity identifier in the authentication request information with the plain text identity identifier.
示例性,以SIM卡的身份标识符为手机号码为例进行说明,充注终端调用SDK接口获取身份令牌;充注终端将身份令牌与手机号码打包加密后发送给云服务器;云服务器解密获取到手机号掩码和身份令牌后,云服务器启动身份令牌验证操作(例如,基于LoginToken调用LoginTokenVerify),一键登录获取手机号码明文的应用程序编程(Application Programming Interface,API)接口获取手机明文;云服务器比对充注终端发送的手机号码与手机明文完成SIM卡的身份认证。As an example, taking the mobile phone number as the identity identifier of the SIM card, the charging terminal calls the SDK interface to obtain the identity token; the charging terminal packages the identity token and the mobile phone number and encrypts them and sends them to the cloud server; after the cloud server decrypts and obtains the mobile phone number mask and identity token, the cloud server starts the identity token verification operation (for example, calling LoginTokenVerify based on LoginToken), and logs in with one click to obtain the plaintext application programming interface (API) interface of the mobile phone number to obtain the plaintext mobile phone number; the cloud server compares the mobile phone number sent by the charging terminal with the plaintext mobile phone number to complete the identity authentication of the SIM card.
可以理解的是,云服务器通过比对充注终端发送的身份标识符和验证身份令牌获取到的身份标识符,来验证用户身份的有效性,以提升密钥充注过程的安全。It is understandable that the cloud server verifies the validity of the user's identity by comparing the identity identifier sent by the charging terminal with the identity identifier obtained by verifying the identity token to improve the security of the key charging process.
在一些实施例中,云服务器会向充注终端返回认证结果,用于指示SIM卡身份认证是否通过。示例性的,在认证通过的情况下,云服务器向充注终端返回认证通过的认证结果;在认证未通过的情况下,云服务器向充注终端返回认证未通过的认证结果。In some embodiments, the cloud server returns an authentication result to the charging terminal to indicate whether the SIM card identity authentication is passed. For example, if the authentication is passed, the cloud server returns an authentication result indicating that the authentication is passed to the charging terminal; if the authentication is not passed, the cloud server returns an authentication result indicating that the authentication is not passed to the charging terminal.
S203、在认证通过的情况下,充注终端向云服务器发送充注申请;相应地,云服务器接收到充注终端发送的充注申请。S203. When the authentication is passed, the charging terminal sends a charging application to the cloud server; correspondingly, the cloud server receives the charging application sent by the charging terminal.
其中,充注申请用于向量子密钥基础设施层申请量子密钥,从而获得密钥基础设施层产生的待充注的量子密钥。Among them, the filling application is used to apply for quantum keys from the quantum key infrastructure layer, so as to obtain the quantum keys to be filled generated by the key infrastructure layer.
S204、云服务器向充注终端发送量子密钥数据包;相应地,充注终端接收到云服务器发送的量子密钥数据包。S204. The cloud server sends a quantum key data packet to the charging terminal; correspondingly, the charging terminal receives the quantum key data packet sent by the cloud server.
在一些实施例中,上述量子密钥数据包是采用SM9公钥对量子密钥进行加密得到的,示例性的,可以将SIM卡的身份标识符作为标识码得到SM9公钥。In some embodiments, the quantum key data packet is obtained by encrypting the quantum key using the SM9 public key. Exemplarily, the identity identifier of the SIM card can be used as an identification code to obtain the SM9 public key.
其中,SM9是一种基于标识的密码算法,用于用户的身份认证。示例性的,SM9包括公钥和私钥。SM9公钥可以根据用户的身份信息得到;SM9私钥是根据用户的身份信息和主私钥生成;SM9公钥是公开的,但SM9私钥是保密的,通常只有SM9私钥的持有者才能使用他来生成数字签名或解密由对应的SM9公钥加密的数据。Among them, SM9 is an identity-based cryptographic algorithm used for user identity authentication. Exemplarily, SM9 includes a public key and a private key. The SM9 public key can be obtained based on the user's identity information; the SM9 private key is generated based on the user's identity information and the master private key; the SM9 public key is public, but the SM9 private key is confidential, and usually only the holder of the SM9 private key can use it to generate a digital signature or decrypt data encrypted by the corresponding SM9 public key.
S205、充注终端基于量子密钥数据包进行量子密钥的充注。S205. The charging terminal performs charging of the quantum key based on the quantum key data packet.
在一些实施例中,在量子密钥数据包为加密的量子密钥数据包的情况下,充注终端首先量子密钥数据包进行解密,得到代充注的量子密钥;进而将待充注的量子密钥充注到SIM卡中。In some embodiments, when the quantum key data packet is an encrypted quantum key data packet, the charging terminal first decrypts the quantum key data packet to obtain the quantum key to be charged; and then charges the quantum key to be charged into the SIM card.
可以理解的是,本申请中的方法提出了基于云服务器的量子密钥充注系统,引入SIM卡的身份认证和SM9公私钥加密体系,避免密钥传输过程发生中间人攻击,增强密钥传输过程的安全性,提高了量子密钥充注的效率。It can be understood that the method in this application proposes a quantum key filling system based on a cloud server, introduces SIM card authentication and SM9 public-private key encryption system, avoids man-in-the-middle attacks during the key transmission process, enhances the security of the key transmission process, and improves the efficiency of quantum key filling.
在一些实施例中,如图4所示,S201具体可以实现为如下S2011-S2016。In some embodiments, as shown in FIG. 4 , S201 may be specifically implemented as S2011 - S2016 as follows.
S2011、充注终端获取SIM卡的用户标识码。S2011. The charging terminal obtains a user identification code of the SIM card.
其中,上述用户标识码为SIM卡对应的用户手机号码。The user identification code is the user's mobile phone number corresponding to the SIM card.
S2012、充注终端基于SIM卡的用户标识码进行一键认证,获取SIM卡的身份令牌。S2012: The charging terminal performs one-key authentication based on the user identification code of the SIM card to obtain an identity token of the SIM card.
其中,上述身份令牌是在网络应用程序中用于验证用户登录状态的令牌,通常为一个加密的字符串,包含用户的身份信息。The identity token is a token used to verify the user's login status in a network application, and is usually an encrypted string containing the user's identity information.
可以理解的是,上述SIM卡一键认证为一种便携的认证方式,无需用户手动输入相关信息,可以提高验证的成功率和效率;同时,整个认证过程在运营商服务器上完成,保障信息安全。It can be understood that the above-mentioned SIM card one-click authentication is a portable authentication method, which does not require users to manually enter relevant information, and can improve the success rate and efficiency of verification; at the same time, the entire authentication process is completed on the operator's server to ensure information security.
在一些实施例中,上述充注终端内置SDK接口,充注终端通过调用SDK接口完成SIM卡的一键认证。示例性的,用户将SIM卡插入充注终端后,充注终端初始化SDK,检测实时网络环境并返回检测结果;进一步的,充注终端调用SDK接口唤起授权页面,先获取上述SIM卡的手机号掩码,并在授权页面展示上述掩码和运营商协议供用户确认;接收到用户确认信息后,SDK向运营商服务器请求并获取SIM卡的身份令牌。In some embodiments, the charging terminal has a built-in SDK interface, and the charging terminal completes the one-click authentication of the SIM card by calling the SDK interface. Exemplarily, after the user inserts the SIM card into the charging terminal, the charging terminal initializes the SDK, detects the real-time network environment and returns the detection result; further, the charging terminal calls the SDK interface to call up the authorization page, first obtains the mobile phone number mask of the SIM card, and displays the mask and the operator agreement on the authorization page for the user to confirm; after receiving the user confirmation information, the SDK requests and obtains the identity token of the SIM card from the operator server.
S2013、充注终端生成第一加密密文。S2013. The charging terminal generates a first encrypted ciphertext.
在一些实施例中,第一加密密文包括SIM卡的用户标识码和SIM卡的身份令牌;第一加密密文由第一SM9公钥进行加密得到。In some embodiments, the first encrypted ciphertext includes a user identification code of the SIM card and an identity token of the SIM card; the first encrypted ciphertext is encrypted by a first SM9 public key.
其中,上述第一SM9公钥为充注终端和云服务器之间提前约定的云服务器的公钥。Among them, the above-mentioned first SM9 public key is the public key of the cloud server agreed in advance between the charging terminal and the cloud server.
在一些实施例中,第一加密密文还可以包括充注终端随机生成的随机数和SM4对称密钥。其中,随机数可以用于充注终端和云服务器之间进行双向认证;SM4对称密钥可以在云服务器向充注终端发送消息时进行加密使用。In some embodiments, the first encrypted ciphertext may also include a random number randomly generated by the charging terminal and an SM4 symmetric key. The random number may be used for two-way authentication between the charging terminal and the cloud server; the SM4 symmetric key may be used for encryption when the cloud server sends a message to the charging terminal.
S2014、充注终端向云服务器发送携带第一加密密文的认证请求信息;相应地,云服务器接收到充注终端发送的携带第一加密密文的认证请求信息。S2014. The charging terminal sends an authentication request message carrying the first encrypted ciphertext to the cloud server; correspondingly, the cloud server receives the authentication request message carrying the first encrypted ciphertext sent by the charging terminal.
S2015、云服务器从认证请求信息中获取第一加密密文。S2015. The cloud server obtains the first encrypted ciphertext from the authentication request information.
S2016、云服务器采用第一SM9私钥对第一加密密文进行解密,得到SIM卡的用户标识码和SIM卡的身份令牌。S2016. The cloud server uses the first SM9 private key to decrypt the first encrypted ciphertext to obtain the user identification code of the SIM card and the identity token of the SIM card.
其中,第一SM9私钥为云服务器的SM9私钥。Among them, the first SM9 private key is the SM9 private key of the cloud server.
在一些实施例中,在第一加密密文还包括由充注终端生成的SM4对称密钥的情况下;如图5所示,在步骤S202之前,方法还包括以下步骤S301-S303:In some embodiments, when the first encrypted ciphertext also includes an SM4 symmetric key generated by the refill terminal; as shown in FIG5 , before step S202, the method further includes the following steps S301-S303:
S301、在认证通过的情况下,云服务器基于SIM卡的用户识别码生成第二SM9私钥。S301. When the authentication is successful, the cloud server generates a second SM9 private key based on the user identification code of the SIM card.
在一些实施例中,上述基于SIM卡的用户识别码为用户手机号码,第二SM9私钥用于供充注终端解码已加密过的量子密钥数据包。In some embodiments, the above-mentioned SIM card-based user identification code is the user's mobile phone number, and the second SM9 private key is used for the charging terminal to decode the encrypted quantum key data packet.
S302、云服务器生成第二加密密文。S302: The cloud server generates a second encrypted ciphertext.
在一些实施例中,第二加密密文由SM4对称密钥进行加密得到;第二加密密文包括第二SM9私钥和随机数。In some embodiments, the second encrypted ciphertext is encrypted by an SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key and a random number.
S303、云服务器向充注终端发送第二加密密文;相应地,充注终端接收到云服务器发送的第二加密密文。S303. The cloud server sends a second encrypted ciphertext to the charging terminal; accordingly, the charging terminal receives the second encrypted ciphertext sent by the cloud server.
在一些实施例中,在第一加密密文包括由充注终端生成的SM4对称密钥和随机数的情况下,在云服务器向充注终端发送第二加密密文的过程中,还可以实现云服务器与充注终端之间的双向认证。示例性的,可以实现为以下步骤:In some embodiments, when the first encrypted ciphertext includes an SM4 symmetric key and a random number generated by the refilling terminal, in the process of the cloud server sending the second encrypted ciphertext to the refilling terminal, two-way authentication between the cloud server and the refilling terminal can also be implemented. Exemplarily, it can be implemented as the following steps:
S401、在认证通过的情况下,云服务器基于SIM卡的用户识别码生成第二SM9私钥。S401. When the authentication is successful, the cloud server generates a second SM9 private key based on the user identification code of the SIM card.
在一些实施例中,上述基于SIM卡的用户识别码为用户手机号码,第二SM9私钥用于供充注终端解码已加密过的量子密钥数据包。In some embodiments, the above-mentioned SIM card-based user identification code is the user's mobile phone number, and the second SM9 private key is used for the charging terminal to decode the encrypted quantum key data packet.
S402、云服务器生成第二加密密文。S402: The cloud server generates a second encrypted ciphertext.
在一些实施例中,第二加密密文由SM4对称密钥进行加密得到;第二加密密文包括第二SM9私钥和随机数。In some embodiments, the second encrypted ciphertext is encrypted by an SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key and a random number.
S403、云服务器向充注终端发送第二加密密文;相应地,充注终端接收到云服务器发送的第二加密密文。S403. The cloud server sends a second encrypted ciphertext to the charging terminal; accordingly, the charging terminal receives the second encrypted ciphertext sent by the cloud server.
S404、充注终端对采用SM4对称密钥对第二加密密文进行解密,得到第二SM9私钥和随机数。S404. The charging terminal decrypts the second encrypted ciphertext using the SM4 symmetric key to obtain a second SM9 private key and a random number.
S405、充注终端通过验证随机数,来验证云服务器的合法性,完成云服务器与充注终端之间的双向认证。S405: The charging terminal verifies the legitimacy of the cloud server by verifying the random number, thereby completing the two-way authentication between the cloud server and the charging terminal.
可以理解的是,充注终端使用云服务器SM9公钥(即上述第一SM9公钥)加密信息,只有拥有云服务器SM9私钥(即上述第一SM9私钥)的合法平台才能对加密信息进行解密从而得到SM4对称密钥、随机数、用户标识码和身份令牌,如此,可以认为云服务器使用该SM4对称密钥加密充注终端SM9私钥安全有效;同时,云服务器基于接收到的SIM卡的身份令牌进行SIM卡的身份认证从而验证充注终端合法性,进而生成充注终端SM9私钥(即上述第二SM9私钥),并将该私钥与接收的随机数一起加密发送给充注终端,充注终端通过比对自身生成的随机数和接收的随机数是否一致来验证云服务器合法性;至此,云服务器和充注终端完成了双向认证;且由于不同用户SIM卡的身份标识码不同,进而根据身份标识码生成的充注终端SM9私钥也不同,实现了“一次一密”,增强了量子密钥充注过程的安全性。It can be understood that the charging terminal uses the cloud server SM9 public key (i.e. the above-mentioned first SM9 public key) to encrypt information. Only a legitimate platform that possesses the cloud server SM9 private key (i.e. the above-mentioned first SM9 private key) can decrypt the encrypted information to obtain the SM4 symmetric key, random number, user identification code and identity token. In this way, it can be considered that the cloud server uses the SM4 symmetric key to encrypt the charging terminal SM9 private key safely and effectively; at the same time, the cloud server performs identity authentication of the SIM card based on the identity token of the received SIM card to verify the legitimacy of the charging terminal, and then generates the charging terminal SM9 private key (i.e. the above-mentioned second SM9 private key), and encrypts the private key together with the received random number and sends it to the charging terminal. The charging terminal verifies the legitimacy of the cloud server by comparing whether the random number generated by itself is consistent with the received random number; at this point, the cloud server and the charging terminal have completed two-way authentication; and because the identity identification codes of different users' SIM cards are different, the charging terminal SM9 private keys generated according to the identity identification codes are also different, which realizes "one-time one-key" and enhances the security of the quantum key charging process.
在一些实施例中,上述步骤S204之前,上述方法还包括:In some embodiments, before the above step S204, the above method further includes:
S501、云服务器从量子密钥分发网络获取量子密钥。S501. The cloud server obtains the quantum key from the quantum key distribution network.
在一些实施例中,量子密钥分发网络生成的量子密钥由基于互联网安全协议(Internet Protocol Security,IPSec)的虚拟专用网络(Virtual Private Network,VPN)技术传输给云服务器。In some embodiments, the quantum key generated by the quantum key distribution network is transmitted to the cloud server by a virtual private network (VPN) technology based on the Internet Protocol Security (IPSec).
S502、云服务器将SIM卡的用户识别码作为第二SM9公钥对量子密钥进行加密,得到量子密钥数据包。S502. The cloud server uses the user identification code of the SIM card as the second SM9 public key to encrypt the quantum key and obtain a quantum key data packet.
可以理解的是,对量子密钥进行加密,防止量子密钥传输过程中被盗用或更改,增强了量子密钥传输过程的安全性。It can be understood that encrypting the quantum key prevents the theft or modification during the quantum key transmission process, thereby enhancing the security of the quantum key transmission process.
在一些实施例中,由于量子密钥数据包为云服务器将SIM卡的身份信息作为第二SM9公钥进行加密得到的,因此,上述步骤S205可以实现为以下步骤:In some embodiments, since the quantum key data packet is obtained by encrypting the identity information of the SIM card as the second SM9 public key by the cloud server, the above step S205 can be implemented as the following steps:
S2051、采用第二SM9私钥对量子密钥数据包进行解密,得到量子密钥。S2051. Use the second SM9 private key to decrypt the quantum key data packet to obtain the quantum key.
S2052、基于量子密钥,进行量子密钥的充注。S2052. Based on the quantum key, the quantum key is injected.
可以理解的是,本申请实施例在SIM卡通过身份认证之后,将SIM卡的身份标识符作为第二SM9私钥,并发送给充注终端;进而,在传输量子密钥时,采用第二SM9公钥对量子密钥进行加密,使得充注终端可以采用第二SM9私钥进行解密,获得量子密钥,完成充注。如此,实现“一次一密”,提升了量子密钥在充注过程中的安全性,进而提升了量子密钥充注效率。It is understandable that, after the SIM card passes the identity authentication, the embodiment of the present application uses the identity identifier of the SIM card as the second SM9 private key and sends it to the charging terminal; further, when transmitting the quantum key, the second SM9 public key is used to encrypt the quantum key, so that the charging terminal can use the second SM9 private key to decrypt, obtain the quantum key, and complete the charging. In this way, "one-time one-key" is realized, the security of the quantum key in the charging process is improved, and the efficiency of quantum key charging is improved.
下面就一个具体的实施例对本申请实施例的量子密钥充注方法进行介绍,本方法具体实施过程如图6所示。The following is an introduction to the quantum key injection method of the embodiment of the present application based on a specific embodiment. The specific implementation process of this method is shown in Figure 6.
S1、充注终端检测到用户的插卡操作。S1. The charging terminal detects the user's card insertion operation.
示例性的,用户可以将SIM卡插入到设置在运营商营业厅的充注终端。Exemplarily, the user may insert the SIM card into a charging terminal provided in a business hall of the operator.
在一些实施例中,充注终端在检测到用户的插卡操作之后,对插入的SIM卡进行认证。示例性的,可以实现为以下步骤S2-S6。In some embodiments, after detecting the user's card insertion operation, the charging terminal authenticates the inserted SIM card. Exemplarily, it can be implemented as the following steps S2-S6.
S2、充注终端调用SDK初始化程序进行初始化。S2. The charging terminal calls the SDK initialization program for initialization.
S3、SDK完成网络环境检测并向充注终端返回网络检测结果。S3. SDK completes the network environment detection and returns the network detection result to the charging terminal.
S4、充注终端调用SDK接口唤起授权页面,向运营商服务器请求手机号掩码,并在授权页面展示手机号掩码和运营商协议供用户确认。S4. The charging terminal calls the SDK interface to invoke the authorization page, requests the mobile phone number mask from the operator server, and displays the mobile phone number mask and operator agreement on the authorization page for the user to confirm.
示例性的,用户可以点击授权页面的登录按钮或注册按钮进行确认。Exemplarily, the user may click a login button or a registration button on the authorization page to confirm.
S5、在检测到用户的确认操作之后,充注终端向SDK发起身份令牌获取请求。S5. After detecting the user's confirmation operation, the charging terminal initiates an identity token acquisition request to the SDK.
S6、响应于身份令牌获取请求,SDK将SIM的身份令牌发送给充注终端。S6. In response to the identity token acquisition request, the SDK sends the identity token of the SIM to the charging terminal.
S7、充注终端随机生成一个SM4对称密钥k和一个随机数s。S7. The charging terminal randomly generates an SM4 symmetric key k and a random number s.
S8、充注终端利用云服务器SM9公钥加密SM4对称密钥k、随机数s、用户手机号和身份令牌,并发送给云服务器。S8. The charging terminal uses the cloud server SM9 public key to encrypt the SM4 symmetric key k, random number s, user mobile phone number and identity token, and sends them to the cloud server.
示例性的,加密结果为云服务器SM9公钥(SM4对称密钥,随机数s,用户手机号,身份令牌)。Exemplarily, the encryption result is the cloud server SM9 public key (SM4 symmetric key, random number s, user mobile phone number, identity token).
S9、云服务器使用自己的SM9私钥解密获得SM4对称密钥k、随机数s、用户手机号和身份令牌。S9. The cloud server uses its own SM9 private key to decrypt and obtain the SM4 symmetric key k, random number s, user mobile phone number and identity token.
S10、云服务器携带身份令牌启动身份令牌验证操作,一键登录取号API接口获取手机号明文,比对解密获得的手机号和手机号明文,进行SIM卡的身份认证。S10. The cloud server starts the identity token verification operation with the identity token, logs in to the number acquisition API interface with one click to obtain the plaintext mobile phone number, compares the decrypted mobile phone number with the plaintext mobile phone number, and performs identity authentication on the SIM card.
在比对结果一致的情况下,确定SIM卡身份认证通过;在对比结果不一致的情况下,确定SIM卡身份认证未通过。If the comparison results are consistent, it is determined that the SIM card identity authentication has passed; if the comparison results are inconsistent, it is determined that the SIM card identity authentication has failed.
S11、在SIM卡身份认证通过的情况下,云服务器以用户手机号为用户标识,生成充注终端的SM9私钥。S11. When the SIM card identity authentication is passed, the cloud server uses the user's mobile phone number as the user ID and generates the SM9 private key of the charging terminal.
S12、云服务器使用解密获得的SM4密钥加密充注终端的SM9私钥和随机数s,发送给充注终端。S12. The cloud server uses the SM4 key obtained by decryption to encrypt the SM9 private key and random number s of the charging terminal, and sends them to the charging terminal.
S13、充注终端使用SM4对称密钥解密获得充注终端的SM9私钥和随机数s。S13. The charging terminal uses the SM4 symmetric key to decrypt and obtain the SM9 private key and random number s of the charging terminal.
S14、通过对比发送出的随机数和接收的随机数验证云服务器合法性,若对比结果一致,则完成云服务器和充注终端的双向认证。S14. Verify the legitimacy of the cloud server by comparing the random number sent and the random number received. If the comparison results are consistent, the two-way authentication of the cloud server and the charging terminal is completed.
S15、充注终端返回验证结果,并向云服务器发送量子密钥充注申请。S15. The charging terminal returns the verification result and sends a quantum key charging application to the cloud server.
S16、云服务器将接收到量子密钥充注申请转发给量子密钥基础设施层。S16. The cloud server forwards the received quantum key injection application to the quantum key infrastructure layer.
S17、量子密钥基础设施层收到充注申请后,生成本次待充注的量子密钥,发送给云服务器。S17. After receiving the charging application, the quantum key infrastructure layer generates the quantum key to be charged and sends it to the cloud server.
S18、云服务器接收待充注量子密钥,使用以用户SIM卡手机号为标识的SM9公钥加密待充注量子密钥并下发给充注终端。S18. The cloud server receives the quantum key to be charged, uses the SM9 public key identified by the user's SIM card mobile phone number to encrypt the quantum key to be charged, and sends it to the charging terminal.
S19、充注终端使用SM9私钥解密获得待充注量子密钥,对用户SIM卡进行充注。S19. The charging terminal uses the SM9 private key to decrypt and obtain the quantum key to be charged, and charges the user's SIM card.
上述主要从方法的角度对本公开实施例的方案进行了介绍。可以理解的是,量子密钥充注装置为了实现上述功能,其包含了执行各个功能相应的硬件结构和软件模块中的至少一个。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本公开实施例能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本公开实施例的范围。The above mainly introduces the scheme of the embodiment of the present disclosure from the perspective of the method. It can be understood that in order to realize the above functions, the quantum key filling device includes at least one of the hardware structure and software modules corresponding to the execution of each function. Those skilled in the art should easily realize that, in combination with the units and algorithm steps of each example described in the embodiment disclosed in this article, the embodiment of the present disclosure can be implemented in the form of hardware or a combination of hardware and computer software. Whether a function is executed in the form of hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to exceed the scope of the embodiment of the present disclosure.
本公开实施例可以根据上述方法实施例对量子密钥充注装置进行功能模块的划分,例如,可以对应每一个功能划分每一个功能模块,也可以将两个或两个以上的功能集成在一个功能模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件的形式实现。需要说明的是,本公开实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。下面以采用对应每一个功能划分每一个功能模块为例进行说明。The disclosed embodiment can divide the quantum key filling device into functional modules according to the above method embodiment. For example, each functional module can be divided corresponding to each function, or two or more functions can be integrated into one functional module. The above integrated module can be implemented in the form of hardware or software. It should be noted that the division of modules in the disclosed embodiment is schematic and is only a logical function division. There may be other division methods in actual implementation. The following is an example of dividing each functional module corresponding to each function.
图7为本申请实施例提供的一种量子密钥充注装置的结构示意图,应用于充注终端,可以实现上述方法实施例所提供的量子密钥充注方法。量子密钥充注装置400包括:认证模块401、通信模块402和充注模块403。另一些实施例中,FIG7 is a schematic diagram of the structure of a quantum key filling device provided in an embodiment of the present application, which is applied to a filling terminal and can implement the quantum key filling method provided in the above method embodiment. The quantum key filling device 400 includes: an authentication module 401, a communication module 402 and a filling module 403. In some other embodiments,
认证模块401,用于基于插入充注终端的SIM卡,向云服务器发送认证请求信息,以使得云服务器对SIM卡进行身份认证。The authentication module 401 is used to send authentication request information to the cloud server based on the SIM card inserted into the charging terminal, so that the cloud server performs identity authentication on the SIM card.
通信模块402,用于在确定SIM卡认证通过的情况下,向云服务器发送充注申请;接收云服务器发送的量子密钥数据包。The communication module 402 is used to send a recharge application to the cloud server when it is determined that the SIM card authentication is passed; and receive a quantum key data packet sent by the cloud server.
充注模块403,用于基于量子密钥数据包进行量子密钥的充注。The filling module 403 is used to fill the quantum key based on the quantum key data packet.
一种可能的实现方法,认证模块401,具体用于获取SIM卡的用户标识码;基于SIM卡的用户标识码进行一键认证,获取SIM卡的身份令牌;生成第一加密密文;第一加密密文包括SIM卡的用户标识码和SIM卡的身份令牌;第一加密密文由第一SM9公钥进行加密得到;通信模块402,还用于向云服务器发送携带第一加密密文的认证请求信息。A possible implementation method, the authentication module 401 is specifically used to obtain the user identification code of the SIM card; perform one-click authentication based on the user identification code of the SIM card to obtain the identity token of the SIM card; generate a first encrypted ciphertext; the first encrypted ciphertext includes the user identification code of the SIM card and the identity token of the SIM card; the first encrypted ciphertext is encrypted by the first SM9 public key; the communication module 402 is also used to send an authentication request message carrying the first encrypted ciphertext to the cloud server.
一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;通信模块402,还用于在SIM卡认证通过的情况下,接收云服务器发送的第二加密密文,第二加密密文由SM4对称密钥加密得到;第二加密密文包括第二SM9私钥,第二SM9私钥由云服务器基于SIM卡的用户标识码生成。In a possible implementation, the first encrypted ciphertext also includes an SM4 symmetric key generated by the charging terminal; the communication module 402 is also used to receive a second encrypted ciphertext sent by the cloud server when the SIM card authentication is passed, and the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key, and the second SM9 private key is generated by the cloud server based on the user identification code of the SIM card.
一种可能的实现方式,量子密钥数据包为云服务器将SIM卡的身份信息作为第二SM9公钥进行加密得到的;充注模块403,具体用于采用第二SM9私钥对量子密钥数据包进行解密,得到量子密钥;基于量子密钥,进行量子密钥的充注。In one possible implementation method, the quantum key data packet is obtained by the cloud server encrypting the identity information of the SIM card as the second SM9 public key; the charging module 403 is specifically used to use the second SM9 private key to decrypt the quantum key data packet to obtain the quantum key; and based on the quantum key, the quantum key is charged.
图8为本申请实施例提供的一种量子密钥充注装置的结构示意图,应用于云服务器,可以实现上述方法实施例所提供的量子密钥充注方法。该量子密钥充注装置500包括:通信模块501和认证模块502;另一些实施例中,量子密钥充注装置500还可以包括:生成模块503。FIG8 is a schematic diagram of the structure of a quantum key filling device provided in an embodiment of the present application, which is applied to a cloud server and can implement the quantum key filling method provided in the above method embodiment. The quantum key filling device 500 includes: a communication module 501 and an authentication module 502; in other embodiments, the quantum key filling device 500 may also include: a generation module 503.
通信模块501用于,接收充注终端发送的认证请求信息。The communication module 501 is used to receive authentication request information sent by the charging terminal.
认证模块502用于,基于认证请求信息,对插入充注终端的SIM卡进行身份认证。The authentication module 502 is used to perform identity authentication on the SIM card inserted into the charging terminal based on the authentication request information.
通信模块501还用于,在认证通过的情况下,接收充注终端发送的充注申请;响应于充注申请,向充注终端发送量子密钥数据包。The communication module 501 is also used to, when the authentication is passed, receive a charging application sent by the charging terminal; and in response to the charging application, send a quantum key data packet to the charging terminal.
一种可能的实现方式,通信模块501,具体用于从认证请求信息中获取第一加密密文;第一加密密文由第一SM9公钥进行加密得到;第一加密密文包括插入充注终端的SIM卡的用户标识码和SIM卡的身份令牌;采用第一SM9公钥对第一加密密文进行解密,得到SIM卡的用户标识码和SIM卡的身份令牌。A possible implementation method, the communication module 501 is specifically used to obtain a first encrypted ciphertext from the authentication request information; the first encrypted ciphertext is encrypted by a first SM9 public key; the first encrypted ciphertext includes a user identification code of a SIM card inserted into a charging terminal and an identity token of the SIM card; the first encrypted ciphertext is decrypted using the first SM9 public key to obtain the user identification code of the SIM card and the identity token of the SIM card.
一种可能的实现方式,认证模块502,具体用于基于SIM卡的用户识别码和SIM卡的身份令牌,对SIM卡进行身份认证。In a possible implementation, the authentication module 502 is specifically configured to authenticate the SIM card based on the user identification code of the SIM card and the identity token of the SIM card.
另一种可能的实现方式,第一加密密文还包括由充注终端生成的SM4对称密钥;生成模块503,用于在认证通过的情况下,基于SIM卡的用户识别码生成第二SM9私钥;生成第二加密密文,第二加密密文由SM4对称密钥进行加密得到;第二加密密文包括第二SM9私钥;通信模块501,还用于向充注终端发送第二加密密文。Another possible implementation method is that the first encrypted ciphertext also includes an SM4 symmetric key generated by the charging terminal; a generation module 503 is used to generate a second SM9 private key based on the user identification code of the SIM card when the authentication is passed; a second encrypted ciphertext is generated, and the second encrypted ciphertext is encrypted by the SM4 symmetric key; the second encrypted ciphertext includes a second SM9 private key; and the communication module 501 is also used to send the second encrypted ciphertext to the charging terminal.
又一种可能的实现方式,通信模块501,还用于从量子密钥分发网络获取量子密钥;将SIM卡的用户识别码作为第二SM9公钥对量子密钥进行加密,得到量子密钥数据包。In another possible implementation, the communication module 501 is also used to obtain a quantum key from a quantum key distribution network; the user identification code of the SIM card is used as the second SM9 public key to encrypt the quantum key to obtain a quantum key data packet.
在采用硬件的形式实现上述集成的模块的功能的情况下,本公开实施例提供了上述实施例中所涉及的电子设备的一种可能的结构。如图9所示,该电子设备700包括:处理器702,总线704。可选的,该电子设备700还可以包括存储器701;可选地,该电子设备700还可以包括通信接口703。In the case of implementing the functions of the above-mentioned integrated modules in the form of hardware, the embodiment of the present disclosure provides a possible structure of the electronic device involved in the above-mentioned embodiment. As shown in Figure 9, the electronic device 700 includes: a processor 702, a bus 704. Optionally, the electronic device 700 may also include a memory 701; optionally, the electronic device 700 may also include a communication interface 703.
处理器702,可以是实现或执行结合本公开实施例所描述的各种示例性的逻辑方框,模块和电路。该处理器702可以是中央处理器,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本公开实施例所描述的各种示例性的逻辑方框,模块和电路。处理器702也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等。The processor 702 may be a processor that implements or executes various exemplary logic blocks, modules, and circuits described in conjunction with the embodiments of the present disclosure. The processor 702 may be a central processing unit, a general-purpose processor, a digital signal processor, an application-specific integrated circuit, a field programmable gate array, or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It may implement or execute various exemplary logic blocks, modules, and circuits described in conjunction with the embodiments of the present disclosure. The processor 702 may also be a combination that implements computing functions, such as a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and the like.
通信接口703,用于与其他设备通过通信网络连接。该通信网络可以是以太网,无线接入网,无线局域网(wireless local area networks,WLAN)等。The communication interface 703 is used to connect with other devices via a communication network, such as Ethernet, wireless access network, wireless local area network (WLAN), etc.
存储器701,可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。The memory 701 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, a random access memory (RAM) or other types of dynamic storage devices that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), a disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto.
作为一种可能的实现方式,存储器701可以独立于处理器702存在,存储器701可以通过总线704与处理器702相连接,用于存储指令或者程序代码。处理器702调用并执行存储器701中存储的指令或程序代码时,能够实现本公开实施例提供的知识图谱构建方法。另一种可能的实现方式中,存储器701也可以和处理器702集成在一起。As a possible implementation, the memory 701 can exist independently of the processor 702, and the memory 701 can be connected to the processor 702 via a bus 704 to store instructions or program codes. When the processor 702 calls and executes the instructions or program codes stored in the memory 701, the knowledge graph construction method provided by the embodiment of the present disclosure can be implemented. In another possible implementation, the memory 701 can also be integrated with the processor 702.
总线704,可以是扩展工业标准结构(extended industry standardarchitecture,EISA)总线等。总线704可以分为地址总线、数据总线、控制总线等。为便于表示,图9中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The bus 704 may be an extended industry standard architecture (EISA) bus, etc. The bus 704 may be divided into an address bus, a data bus, a control bus, etc. For ease of representation, FIG9 only uses one thick line, but does not mean that there is only one bus or one type of bus.
本公开的一些实施例提供了一种计算机可读存储介质(例如,非暂态计算机可读存储介质),该计算机可读存储介质中存储有计算机程序指令,计算机程序指令在计算机上运行时,使得计算机执行如上述实施例中任一实施例所述的量子密钥充注方法。Some embodiments of the present disclosure provide a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium), which stores computer program instructions. When the computer program instructions are executed on a computer, the computer executes the quantum key injection method as described in any of the above embodiments.
示例性的,上述计算机可读存储介质可以包括,但不限于:磁存储器件(例如,硬盘、软盘或磁带等),光盘(例如,压缩盘(Compact Disk,CD)、数字通用盘(DigitalVersatile Disk,DVD)等),智能卡和闪存器件(例如,可擦写可编程只读存储器(ErasableProgrammable Read-Only Memory,EPROM)、卡、棒或钥匙驱动器等)。本公开描述的各种计算机可读存储介质可代表用于存储信息的一个或多个设备和/或其它机器可读存储介质。术语“机器可读存储介质”可包括但不限于,无线信道和能够存储、包含和/或承载指令和/或数据的各种其它介质。Exemplarily, the above-mentioned computer-readable storage media may include, but are not limited to: magnetic storage devices (e.g., hard disks, floppy disks or magnetic tapes, etc.), optical disks (e.g., compact disks (CD), digital versatile disks (DVD), etc.), smart cards and flash memory devices (e.g., erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.). The various computer-readable storage media described in the present disclosure may represent one or more devices and/or other machine-readable storage media for storing information. The term "machine-readable storage medium" may include, but is not limited to, wireless channels and various other media capable of storing, containing and/or carrying instructions and/or data.
本公开实施例提供一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得该计算机执行上述实施例中任一实施例所述的量子密钥充注方法。The embodiments of the present disclosure provide a computer program product comprising instructions. When the computer program product is run on a computer, the computer is enabled to execute the quantum key injection method described in any one of the above embodiments.
以上所述,仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何在本公开揭露的技术范围内的变化或替换,都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应该以权利要求的保护范围为准。The above is only a specific implementation of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any changes or substitutions within the technical scope disclosed in the present disclosure should be included in the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure should be based on the protection scope of the claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410675178.XACN118450381A (en) | 2024-05-28 | 2024-05-28 | Quantum key injection system, method, device, storage medium and program product |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410675178.XACN118450381A (en) | 2024-05-28 | 2024-05-28 | Quantum key injection system, method, device, storage medium and program product |
| Publication Number | Publication Date |
|---|---|
| CN118450381Atrue CN118450381A (en) | 2024-08-06 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410675178.XAPendingCN118450381A (en) | 2024-05-28 | 2024-05-28 | Quantum key injection system, method, device, storage medium and program product |
| Country | Link |
|---|---|
| CN (1) | CN118450381A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119276480A (en)* | 2024-09-25 | 2025-01-07 | 中移互联网有限公司 | A connection method for SDP gateway |
| CN119316127A (en)* | 2024-09-13 | 2025-01-14 | 中国移动通信有限公司研究院 | A quantum key injection method, device, system, storage medium and computer program product |
| CN119483929A (en)* | 2024-10-29 | 2025-02-18 | 中移互联网有限公司 | Quantum key injection method, system, electronic device and readable storage medium |
| CN119544199A (en)* | 2024-10-28 | 2025-02-28 | 中移互联网有限公司 | A key processing method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119316127A (en)* | 2024-09-13 | 2025-01-14 | 中国移动通信有限公司研究院 | A quantum key injection method, device, system, storage medium and computer program product |
| CN119276480A (en)* | 2024-09-25 | 2025-01-07 | 中移互联网有限公司 | A connection method for SDP gateway |
| CN119544199A (en)* | 2024-10-28 | 2025-02-28 | 中移互联网有限公司 | A key processing method |
| CN119483929A (en)* | 2024-10-29 | 2025-02-18 | 中移互联网有限公司 | Quantum key injection method, system, electronic device and readable storage medium |
| Publication | Publication Date | Title |
|---|---|---|
| CN107317789B (en) | Key distribution, authentication method, device and system | |
| US8724819B2 (en) | Credential provisioning | |
| CN101189827B (en) | Method for comprehensively authenticating and managing service provider, terminal and user identity module, and system and terminal using the method | |
| CN118450381A (en) | Quantum key injection system, method, device, storage medium and program product | |
| US20110131640A1 (en) | Secure transfer of data | |
| EP2767029B1 (en) | Secure communication | |
| CN115567210B (en) | Method and system for realizing zero trust access by adopting quantum key distribution | |
| CN106161402A (en) | Encryption equipment key injected system based on cloud environment, method and device | |
| CN101641976A (en) | An authentication method | |
| US8230218B2 (en) | Mobile station authentication in tetra networks | |
| CN113868684A (en) | Signature method, device, server, medium and signature system | |
| CN114765543B (en) | Encryption communication method and system of quantum cryptography network expansion equipment | |
| JP2008535427A (en) | Secure communication between data processing device and security module | |
| CN113886781B (en) | Multi-authentication encryption method, system, electronic equipment and medium based on block chain | |
| CN111756530A (en) | Quantum service mobile engine system, network architecture and related equipment | |
| CN118540163A (en) | Quantum security enhancement method for national security SSL VPN protocol | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN117479154B (en) | Office terminal data processing method and system based on unified multi-domain identification authentication | |
| CN118694528A (en) | Quantum-resistant security enhancement method for online certificate issuance and key pair distribution | |
| Yoon et al. | Security enhancement scheme for mobile device using H/W cryptographic module | |
| EP1790116B1 (en) | Method and system for managing authentication and payment for use of broadcast material | |
| US12341910B1 (en) | Systems and methods for blockchain-enabled end-to-end encryption | |
| US12445310B2 (en) | Systems and methods for blockchain-enabled end-to-end encryption in instant messaging applications | |
| CN118694618A (en) | A method to enhance the quantum security of the central authentication service protocol | |
| CN120658388A (en) | Communication method, apparatus, device, storage medium, and program product |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |