[go: up one dir, main page]

CN118138227B - Edge security updating method and device for remote quantum encryption transmission - Google Patents

Edge security updating method and device for remote quantum encryption transmission Download PDF

Info

Publication number
CN118138227B
CN118138227B CN202410202784.XA CN202410202784A CN118138227B CN 118138227 B CN118138227 B CN 118138227B CN 202410202784 A CN202410202784 A CN 202410202784A CN 118138227 B CN118138227 B CN 118138227B
Authority
CN
China
Prior art keywords
terminal
quantum
security
upgrade
installation package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410202784.XA
Other languages
Chinese (zh)
Other versions
CN118138227A (en
Inventor
房玉东
屈立新
宋宇宸
张卫伟
张永生
秦大磊
薛明
田小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Light Network Technology Co ltd
Big Data Center Of Emergency Management Department
Original Assignee
Beijing Light Network Technology Co ltd
Big Data Center Of Emergency Management Department
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Light Network Technology Co ltd, Big Data Center Of Emergency Management Department filed Critical Beijing Light Network Technology Co ltd
Priority to CN202410202784.XA priority Critical patent/CN118138227B/en
Publication of CN118138227A publication Critical patent/CN118138227A/en
Application granted granted Critical
Publication of CN118138227B publication Critical patent/CN118138227B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an edge security updating method and device for remote quantum encryption transmission, which relate to the technical field of data processing, and the method comprises the following steps: acquiring a quantum center and an edge terminal; obtaining a secure encryption networking; encrypting the upgrade installation package based on the security terminal additionally arranged on the quantum center to obtain an encrypted upgrade installation package; positioning a first encrypted transmission channel between the first edge terminal and the quantum center; transmitting the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel; acquiring a decrypted upgrade installation package; according to the decrypted upgrade installation package, the terminal equipment corresponding to the first edge terminal is upgraded, and the technical problems that the stability and safety of the updating of the edge terminal equipment are poor due to the fact that a safety terminal is not available in the existing updating technology of encrypted data transmission are solved, and the security of the upgrade installation package is poor.

Description

Edge security updating method and device for remote quantum encryption transmission
Technical Field
The invention relates to the technical field of data processing, in particular to an edge security updating method and device for remote quantum encryption transmission.
Background
With the development of the internet of things, a large amount of encrypted data transmission sharing enables terminal equipment to be frequently updated and upgraded in real time so as to have the capability of adapting to data exchange and storage, and in order to ensure the stability and safety of operation of the terminal equipment, an encrypted updating technology with higher safety is important, but in the existing updating technology of encrypted data transmission, since a safety terminal is not installed, the updating of the terminal equipment is carried out by depending on the Internet, and then an installation packet of the equipment is lost or damaged by malicious attack, so that the stability and safety of the terminal equipment at the edge of data transmission are poor.
Therefore, how to ensure the safety and stability of the update of the terminal device is an urgent problem to be solved at present.
Disclosure of Invention
The application provides an edge safety updating method and device for remote quantum encryption transmission, which solve the technical problems that the stability and safety of updating an edge terminal device are poor due to the fact that a safety terminal is not available in the existing updating technology of encryption data transmission, and further the safety of an upgrade installation package is poor, and achieve the technical effects that the updating of the edge terminal device is more stable and safe.
In view of the above, the present application provides an edge security update method for remote quantum cryptography transmission.
In a first aspect, the present application provides a method for edge security update of remote quantum cryptography transmission, the method comprising:
Performing communication node attribute analysis on the target area to obtain a quantum center and an edge terminal; the secure encryption networking is obtained by additionally installing a secure terminal on the quantum center and the edge terminal; when the quantum center receives an equipment upgrading instruction, encrypting an upgrading installation package based on a security terminal additionally arranged in the quantum center to obtain an encrypted upgrading installation package; analyzing a first edge terminal corresponding to the upgrade installation package, and positioning a first encryption transmission channel between the first edge terminal and the quantum center; transmitting the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel; decrypting the encrypted upgrade installation package by a security terminal additionally arranged on the first edge terminal to obtain a decrypted upgrade installation package; and upgrading the terminal equipment corresponding to the first edge terminal according to the decrypted upgrade installation package.
Further, the method comprises the steps of,
Providing a first random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, and storing the first random number to the first edge terminal; providing a first true random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, wherein the first true random number is a symmetrical supplement of the first random number; and generating an encryption key according to the fact that the first true random number is the first random number, and encrypting the upgrade installation package by the encryption key.
Further, the method comprises the steps of,
Acquiring an upgrading state of the first edge terminal; when the upgrading state of the first edge terminal is in an upgrading completion state, acquiring equipment configuration parameters of terminal equipment corresponding to the first edge terminal after upgrading; and packaging the upgraded configuration parameters and transmitting the packaged configuration parameters to the quantum center for upgrading verification.
Further, the method comprises the steps of,
Packaging the updated equipment configuration parameters to generate an updating verification packet; the security terminal additionally arranged on the first edge terminal encrypts the upgrade verification package to obtain an encrypted upgrade verification package; sending the encrypted upgrade verification packet to the quantum center through the first encryption transmission channel; and decrypting the encrypted upgrade verification package by the security terminal additionally arranged in the quantum center to obtain a decrypted upgrade verification package, and then performing upgrade verification on the decrypted upgrade verification package.
Further, the method comprises the steps of,
Acquiring initial configuration parameters of terminal equipment corresponding to the first edge terminal; analyzing the decrypted upgrade installation package to obtain upgrade configuration parameters; comparing the initial configuration parameters with the upgrade configuration parameters to obtain difference configuration parameters; and upgrading the terminal equipment corresponding to the first edge terminal according to the difference configuration parameters.
Further, the method comprises the steps of,
The quantum security card is arranged on the edge terminal; the quantum security network service terminal is deployed in the quantum center and generates a secret key and a distribution secret key for the quantum security card.
Further, the method comprises the steps of,
The encryption security card is respectively arranged on the quantum center and the edge terminal; and the quantum security server is used for carrying out encryption service on the encryption security card.
In a second aspect, the present application provides an edge security updating apparatus for remote quantum cryptography transmission, the apparatus comprising:
The node attribute analysis module is used for carrying out communication node attribute analysis on the target area to obtain a quantum center and an edge terminal;
The safe terminal installation module is used for obtaining a safe encryption networking by additionally installing a safe terminal on the quantum center and the edge terminal;
the installation package encryption module is used for encrypting the upgrade installation package based on the security terminal additionally arranged in the quantum center when the quantum center receives the equipment upgrade instruction, so as to obtain the encrypted upgrade installation package;
The encryption transmission channel acquisition module is used for analyzing a first edge terminal corresponding to the upgrade installation package and positioning a first encryption transmission channel between the first edge terminal and the quantum center;
the installation package sending module is used for sending the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel;
the installation package decryption module is used for decrypting the encrypted upgrade installation package by the security terminal additionally arranged on the first edge terminal to obtain a decrypted upgrade installation package;
and the terminal equipment upgrading module is used for upgrading the terminal equipment corresponding to the first edge terminal according to the decrypted upgrading installation package.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
According to the edge security updating method and device for remote quantum encryption transmission, communication node attribute analysis is carried out on a target area, a quantum center and edge terminals are obtained, security terminals are additionally arranged on the quantum center and the edge terminals, a security encryption networking is obtained, when the quantum center receives equipment upgrading instructions, the upgrading installation package is encrypted based on the security terminals additionally arranged on the quantum center, the encrypted upgrading installation package is obtained, then a first edge terminal corresponding to the upgrading installation package is analyzed, a first encryption transmission channel between the first edge terminal and the quantum center is positioned, the encrypted upgrading installation package is sent to the first edge terminal from the quantum center through the first encryption transmission channel, the encrypted upgrading installation package is decrypted by the security terminals additionally arranged on the first edge terminal, the decrypted upgrading installation package is finally upgraded according to the terminal equipment corresponding to the first edge terminal, and the technical problems that in an existing encryption data transmission updating technology, the security of the upgrading installation package is poor and the stability and the security of the edge terminal equipment are poor are solved.
Drawings
FIG. 1 is a schematic flow chart of an edge security updating method for remote quantum encryption transmission;
fig. 2 is a schematic structural diagram of an edge security updating device for remote quantum encryption transmission.
Reference numerals illustrate: the system comprises a node attribute analysis module 11, a security terminal installation module 12, an installation packet encryption module 13, an encrypted transmission channel acquisition module 14, an installation packet transmission module 15, an installation packet decryption module 16 and a terminal equipment upgrading module 17.
Detailed Description
The application solves the technical problems of poor stability and safety of updating the edge terminal equipment caused by poor safety of an upgrade installation package due to the fact that a safety terminal is not available in the existing updating technology of encrypted data transmission, and achieves the technical effects of more stable and safe updating of the edge terminal equipment.
Example 1
As shown in fig. 1, the present application provides an edge security updating method for remote quantum encryption transmission, which includes:
Performing communication node attribute analysis on the target area to obtain a quantum center and an edge terminal;
Preferably, data related to the target area communication network is collected, including network topology, device information, IP address assignment, communication nodes, etc. According to the collected data, network topology analysis is carried out to obtain main communication nodes, attribute analysis is carried out to the communication nodes, node types are judged according to node equipment information, functional characteristics and the like to obtain a quantum center and an edge terminal, the quantum center and the edge terminal are client terminal equipment, the quantum center generally has higher-level functions and is responsible for network management, configuration, policy control and the like, the quantum center can be a core router, a network controller and the like, the edge terminal is generally located at a user side and is responsible for connecting an interface between user equipment and a service provider network, the edge terminal can be a router, a firewall, a light cat and the like, for example, the edge terminal is generally a client terminal node, the quantum center and the edge terminal are obtained, and a foundation is provided for obtaining a secure encryption networking by installing the secure terminal to the quantum center and the edge terminal.
The secure encryption networking is obtained by additionally installing a secure terminal on the quantum center and the edge terminal;
The quantum security card is arranged on the edge terminal;
The quantum security network service terminal is deployed in the quantum center and generates a secret key and a distribution secret key for the quantum security card.
Preferably, the security terminal comprises a quantum security card and a quantum security network service terminal, a proper security terminal device is selected according to the compatibility of actual demands and network devices, the security terminal device is generally selected as a quantum security terminal, the security terminal device has the functions of quantum key distribution, quantum random number generation, quantum encryption and the like, the quantum security card can be arranged on an edge terminal and used for protecting the communication between the terminal and a network, and meanwhile, the quantum security network service terminal can be deployed on a quantum center to generate a key and distribute the key for the quantum security card. According to the compatibility of the actual demand and the network equipment, selecting a proper quantum security card and quantum security network service terminal equipment, installing the quantum security card on an edge terminal, configuring the installed quantum security card, finally deploying the quantum security network service terminal on a quantum center to obtain a secure encryption networking, and if the quantum security terminal is selected to be additionally installed, finally obtaining the quantum encryption network. By arranging the quantum security card on the edge terminal and disposing the quantum security network service terminal on the quantum center, the security and confidentiality of network communication can be improved by generating a secret key and distributing the secret key for the quantum security card.
When the quantum center receives an equipment upgrading instruction, encrypting an upgrading installation package based on a security terminal additionally arranged in the quantum center to obtain an encrypted upgrading installation package;
Preferably, when the quantum center receives an upgrade instruction of the device, the upgrade installation package is encrypted based on a security terminal arranged in the quantum center to obtain an encrypted upgrade installation package, specifically, when the quantum center receives the upgrade instruction of the device, the upgrade software package is processed into an encrypted file through an encryption algorithm, the encrypted file becomes a ciphertext which cannot be directly read in the transmission process, and the encrypted file can be restored into an original upgrade software package only after being decrypted by using a corresponding secret key, so that the upgrade operation is performed, and the data integrity and confidentiality in the upgrade software package are ensured.
Further, the upgrade installation package is encrypted based on the security terminal additionally arranged in the quantum center, and the method comprises the following steps:
providing a first random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, and storing the first random number to the first edge terminal;
Providing a first true random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, wherein the first true random number is a symmetrical supplement of the first random number;
And generating an encryption key according to the fact that the first true random number is the first random number, and encrypting the upgrade installation package by the encryption key.
Preferably, when the quantum center receives the equipment upgrading instruction, the security terminal generates a first random number on the quantum center through a random number generation function of the security terminal, and transmits the first random number to the first edge terminal. The first edge terminal receives the first random number, stores the first random number in a storage medium of the first edge terminal, takes the first true random number as input based on the first true random number, and generates an encryption key through a key derivation function or other cryptographic operation, wherein the first true random number is a symmetric complement of the first random number and refers to a completely random and unpredictable number sequence, and specifically, if the first random number is a determined value, the first true random number is the opposite value. And encrypting the upgrade installation package by using the generated encryption key through a symmetric encryption algorithm in a cryptography algorithm by the quantum center to obtain the encrypted upgrade installation package. The quantum center provides the first random number for the first edge terminal, the first random number is stored in the first edge terminal, and the encryption key is generated according to the first true random number, so that the safety and confidentiality in the upgrading process can be ensured.
Analyzing a first edge terminal corresponding to the upgrade installation package, and positioning a first encryption transmission channel between the first edge terminal and the quantum center;
Preferably, the upgrade installation package is parsed, the format and content of the upgrade installation package need to be known first, generally, the upgrade installation package includes the required content such as an update program, a configuration file, a system file and the like, the content can be used for installing, updating or upgrading the software and the system of the target device, after confirming the source of the upgrade installation package, the upgrade installation package is decompressed, the content such as the update program, the configuration file, the system file and the like in the upgrade installation package is obtained, the content is analyzed, the upgrade object and the executable operation are confirmed according to the content and the upgrade plan in the upgrade installation package, and the corresponding encrypted transmission channel between the first edge terminal and the quantum center is confirmed according to the IP address, the MAC address, the device type and the like of the device, namely, the first encrypted transmission channel provides a basis for subsequently transmitting the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encrypted transmission channel.
Transmitting the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel;
Decrypting the encrypted upgrade installation package by a security terminal additionally arranged on the first edge terminal to obtain a decrypted upgrade installation package;
Preferably, the state of the first encrypted transmission channel is confirmed, so that the safety and stability of the communication channel are ensured, and after the first encrypted transmission channel is confirmed to be normal, the encrypted upgrade installation package is sent to the first edge terminal from the quantum center by using the first encrypted transmission channel. And receiving the encrypted upgrade installation package on the first edge terminal, loading the encrypted upgrade installation package into the security terminal, preparing for decryption operation, decrypting the encrypted upgrade installation package through the security terminal additionally arranged on the first edge terminal, and obtaining the decrypted upgrade installation package after decryption is successful, thereby providing a basis for subsequent upgrading of terminal equipment corresponding to the first edge terminal according to the decrypted upgrade installation package.
And upgrading the terminal equipment corresponding to the first edge terminal according to the decrypted upgrade installation package.
Specifically, according to the decrypted upgrade installation package, an upgrade operation may be performed to update a terminal device corresponding to the first edge terminal, when the installation package is decrypted, the upgrade installation package is restored to an original upgrade installation package content, generally, the first edge terminal will send an update to a corresponding terminal device in a suitable manner according to a requirement of the upgrade content, and after receiving an update requirement, the terminal device performs corresponding installation and configuration, which may include replacing an old version, performing a necessary restart operation to ensure normal operation after the device is updated.
Further, according to the decrypted upgrade installation package, upgrading the terminal equipment corresponding to the first edge terminal, wherein the method comprises the following steps:
Acquiring an upgrading state of the first edge terminal;
when the upgrading state of the first edge terminal is in an upgrading completion state, acquiring equipment configuration parameters of terminal equipment corresponding to the first edge terminal after upgrading;
And packaging the upgraded configuration parameters and transmitting the packaged configuration parameters to the quantum center for upgrading verification.
Preferably, the terminal equipment corresponding to the first edge terminal is upgraded according to the decrypted upgrade installation package, after the upgrade, a connection is established between the terminal equipment and the first edge terminal, a query command is sent to the terminal equipment to obtain the current upgrade state, after upgrade state information returned by the first edge terminal is received, the information is analyzed to determine the upgrade state, the upgrade state comprises upgrading, waiting for upgrade, upgrade completion and the like, whether the terminal equipment is in the upgrade completion state is judged according to the analyzed upgrade state, if the upgrade state is upgrade completion, the terminal equipment is indicated to successfully complete the upgrade, when the upgrade state of the first edge terminal is in the upgrade completion state, the terminal equipment configuration parameters after the upgrade are obtained through communication with the node, the configuration parameters after the upgrade are packaged and transmitted to the quantum center for upgrade verification, and the upgrade state of the first edge terminal is determined, so that the safety and reliability of data can be ensured.
Further, the method includes the steps of packaging the updated equipment configuration parameters and transmitting the packaged equipment configuration parameters to the quantum center for updating verification, and the method includes the steps of:
packaging the updated equipment configuration parameters to generate an updating verification packet;
The security terminal additionally arranged on the first edge terminal encrypts the upgrade verification package to obtain an encrypted upgrade verification package;
Sending the encrypted upgrade verification packet to the quantum center through the first encryption transmission channel;
And decrypting the encrypted upgrade verification package by the security terminal additionally arranged in the quantum center to obtain a decrypted upgrade verification package, and then performing upgrade verification on the decrypted upgrade verification package.
Preferably, the updated device configuration parameters are packaged into a data packet, namely an upgrade verification packet, the upgrade verification packet is encrypted by a security terminal additionally arranged on the first edge terminal, and the encrypted upgrade verification packet contains encrypted data and a corresponding encryption key. The encryption key is ensured to be safely stored so as to be used in decryption, the encrypted upgrade verification package is sent to the quantum center through the first encryption transmission channel, the safety and the reliability of the transmission process are ensured, the corresponding safety terminal is used for receiving the encrypted upgrade verification package on the quantum center, the stored encryption key is used for decrypting the encrypted upgrade verification package, the safety and the correctness of the key are ensured so as to ensure the accuracy of decryption, the decrypted upgrade verification package is obtained after decryption, the original equipment configuration parameters are contained, the upgrade verification is carried out on the decrypted upgrade verification package, the upgrade verification is carried out on the decrypted verification white through analyzing, checking and comparing the configuration parameters, so that the configuration of the upgraded equipment meets the expectations, and the safety and the accuracy of encryption and decryption can be ensured.
Further, according to the decrypted upgrade installation package, upgrading the terminal equipment corresponding to the first edge terminal, and the method further comprises the steps of:
acquiring initial configuration parameters of terminal equipment corresponding to the first edge terminal;
analyzing the decrypted upgrade installation package to obtain upgrade configuration parameters;
comparing the initial configuration parameters with the upgrade configuration parameters to obtain difference configuration parameters;
and upgrading the terminal equipment corresponding to the first edge terminal according to the difference configuration parameters.
Preferably, a connection is established with the first edge terminal, a query command is sent to the first edge terminal to obtain initial equipment configuration parameters, the initial configuration parameters are analyzed, after the initial configuration parameters returned by the first edge terminal are received, the parameters are analyzed to obtain initial configuration information of the equipment, the decrypted upgrade verification package is analyzed, upgrade configuration parameters are extracted, the upgrade configuration parameters only comprise equipment settings, function configurations and the like which need to be modified or updated, the initial configuration parameters and the upgrade configuration parameters are compared, difference configuration parameters between the initial configuration parameters and the upgrade configuration parameters are found out, the difference configuration parameters represent specific settings or functions which need to be upgraded, and the settings which need to be modified or updated are applied to terminal equipment corresponding to the first edge terminal according to the difference configuration parameters, so that the correctness and the safety in the upgrade process are further ensured.
Further, the additional installation safety terminal further comprises:
the encryption security card is respectively arranged on the quantum center and the edge terminal;
And the quantum security server is used for carrying out encryption service on the encryption security card.
Specifically, the additional installation safety terminal further comprises an encryption safety card and a quantum safety service end, the encryption safety card is mainly used for carrying out encryption safety protection on network communication, the quantum safety service end can be used for carrying out encryption service on the encryption safety card, safety and confidentiality of the network communication are improved, proper encryption safety card and quantum safety service end equipment are selected according to practical requirements and compatibility of network equipment, the encryption safety card is respectively installed on a quantum center and an edge terminal, the installed encryption safety card is configured, the quantum safety service end is deployed on the quantum center, and the deployed quantum safety service end is configured, so that the additional installation of the safety terminal is completed. The encryption security card is deployed on the quantum center and the edge terminal, and the encryption security card is subjected to encryption service through the quantum security service terminal, so that the security and confidentiality of network communication can be improved, and data interception and tampering are prevented.
In summary, the embodiment of the application has at least the following technical effects:
According to the edge safety updating method and device for remote quantum encryption transmission, communication node attribute analysis is carried out on a target area, a quantum center and edge terminals are obtained, safety terminals are additionally arranged on the quantum center and the edge terminals, a safety encryption networking is obtained, when the quantum center receives equipment upgrading instructions, the upgrading installation package is encrypted based on the safety terminals additionally arranged on the quantum center, the encrypted upgrading installation package is obtained, then a first edge terminal corresponding to the upgrading installation package is analyzed, a first encryption transmission channel between the first edge terminal and the quantum center is positioned, the encrypted upgrading installation package is sent to the first edge terminal from the quantum center through the first encryption transmission channel, the safety terminals additionally arranged on the first edge terminal decrypt the encrypted upgrading installation package, the decrypted upgrading installation package is finally upgraded according to the terminal equipment corresponding to the first edge terminal, and the problems that in an updating technology of the traditional encryption data transmission, the safety of the upgrading installation package is poor, the stability of the edge terminal equipment is poor, the safety of the upgrading installation package is poor, and the safety of the terminal equipment is stable are solved.
Example two
Based on the same inventive concept as the edge security updating method of remote quantum cryptography transmission in the foregoing embodiments, as shown in fig. 2, the present application provides an edge security updating apparatus of remote quantum cryptography transmission, the apparatus comprising:
The node attribute analysis module 11 is used for carrying out communication node attribute analysis on the target area to obtain a quantum center and an edge terminal;
the secure terminal installation module 12, where the secure terminal installation module 12 is configured to obtain a secure encryption networking by adding a secure terminal to the quantum center and the edge terminal;
the installation package encryption module 13 is used for encrypting the upgrade installation package based on the security terminal installed in the quantum center when the quantum center receives the equipment upgrade instruction, so as to obtain an encrypted upgrade installation package;
the encrypted transmission channel acquisition module 14, where the encrypted transmission channel acquisition module 14 is configured to parse a first edge terminal corresponding to the upgrade installation package, and locate a first encrypted transmission channel between the first edge terminal and the quantum center;
An installation package transmitting module 15, where the installation package transmitting module 15 is configured to transmit the encrypted upgrade installation package from the quantum center to the first edge terminal via the first encrypted transmission channel;
the installation package decryption module 16, wherein the installation package decryption module 16 is configured to decrypt the encrypted upgrade installation package by a security terminal installed in the first edge terminal, and obtain a decrypted upgrade installation package;
The terminal equipment upgrading module 17, the terminal equipment upgrading module 17 is configured to upgrade the terminal equipment corresponding to the first edge terminal according to the decrypted upgrade installation package.
Further, the secure terminal installation module 12 includes:
The quantum security card is arranged on the edge terminal;
The quantum security network service terminal is deployed in the quantum center and generates a secret key and a distribution secret key for the quantum security card.
Further, the secure terminal installation module 12 further includes:
the encryption security card is respectively arranged on the quantum center and the edge terminal;
And the quantum security server is used for carrying out encryption service on the encryption security card.
Further, the installation package encryption module 13 further includes:
providing a first random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, and storing the first random number to the first edge terminal;
Providing a first true random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, wherein the first true random number is a symmetrical supplement of the first random number;
And generating an encryption key according to the fact that the first true random number is the first random number, and encrypting the upgrade installation package by the encryption key.
Further, the terminal device upgrade module 17 includes:
Acquiring an upgrading state of the first edge terminal;
when the upgrading state of the first edge terminal is in an upgrading completion state, acquiring equipment configuration parameters of terminal equipment corresponding to the first edge terminal after upgrading;
And packaging the upgraded configuration parameters and transmitting the packaged configuration parameters to the quantum center for upgrading verification.
Further, the terminal device upgrade module 17 further includes:
packaging the updated equipment configuration parameters to generate an updating verification packet;
The security terminal additionally arranged on the first edge terminal encrypts the upgrade verification package to obtain an encrypted upgrade verification package;
Sending the encrypted upgrade verification packet to the quantum center through the first encryption transmission channel;
And decrypting the encrypted upgrade verification package by the security terminal additionally arranged in the quantum center to obtain a decrypted upgrade verification package, and then performing upgrade verification on the decrypted upgrade verification package.
Further, the terminal device upgrade module 17 further includes:
acquiring initial configuration parameters of terminal equipment corresponding to the first edge terminal;
analyzing the decrypted upgrade installation package to obtain upgrade configuration parameters;
comparing the initial configuration parameters with the upgrade configuration parameters to obtain difference configuration parameters;
and upgrading the terminal equipment corresponding to the first edge terminal according to the difference configuration parameters.
The foregoing detailed description of an edge security updating method for remote quantum cryptography transmission will be clear to those skilled in the art, and the device disclosed in this embodiment is relatively simple in description, and the relevant points refer to the method section for describing the device disclosed in this embodiment.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (5)

1. An edge security updating method for remote quantum encryption transmission, comprising:
Performing communication node attribute analysis on the target area to obtain a quantum center and a first edge terminal;
the secure encryption networking is obtained by additionally installing a secure terminal on the quantum center and the first edge terminal;
When the quantum center receives an equipment upgrading instruction, encrypting an upgrading installation package based on a security terminal added to the quantum center to obtain an encrypted upgrading installation package, wherein the encrypting of the upgrading installation package based on the security terminal added to the quantum center comprises the following steps:
providing a first random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, and storing the first random number to the first edge terminal;
Providing a first true random number for the first edge terminal based on the security terminal additionally arranged on the quantum center, wherein the first true random number is a symmetrical supplement of the first random number, and for any given first random number, the first true random number is a completely random and unpredictable number sequence with the value completely opposite to that of the first random number;
generating an encryption key according to the first true random number and the first random number, and encrypting the upgrade installation package by the encryption key;
Analyzing a first edge terminal corresponding to the upgrade installation package, and positioning a first encryption transmission channel between the first edge terminal and the quantum center;
Transmitting the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel;
and decrypting the encrypted upgrade installation package by the security terminal additionally arranged on the first edge terminal to obtain a decrypted upgrade installation package, wherein the additionally arranged security terminal further comprises:
an encrypted security card disposed on the quantum center and the first edge terminal, respectively;
The quantum security service end is deployed on the quantum center, the deployed quantum security service end is configured, the security terminal is installed, and the quantum security service end is used for carrying out encryption service on the encryption security card;
A quantum security card disposed on the first edge terminal;
the quantum security network service terminal is deployed in the quantum center and generates a secret key and a distribution secret key for the quantum security card;
And upgrading the terminal equipment corresponding to the first edge terminal according to the decrypted upgrade installation package.
2. The method of claim 1, wherein upgrading the terminal device corresponding to the first edge terminal according to the decrypted upgrade installation package further comprises:
Acquiring an upgrading state of the first edge terminal;
when the upgrading state of the first edge terminal is in an upgrading completion state, acquiring equipment configuration parameters of terminal equipment corresponding to the first edge terminal after upgrading;
And packaging the upgraded configuration parameters and transmitting the packaged configuration parameters to the quantum center for upgrading verification.
3. The method of claim 2, wherein packaging the upgraded device configuration parameters and transmitting to the quantum center for upgrade verification, comprising:
packaging the updated equipment configuration parameters to generate an updating verification packet;
The security terminal additionally arranged on the first edge terminal encrypts the upgrade verification package to obtain an encrypted upgrade verification package;
Sending the encrypted upgrade verification packet to the quantum center through the first encryption transmission channel;
And decrypting the encrypted upgrade verification package by the security terminal additionally arranged in the quantum center to obtain a decrypted upgrade verification package, and then performing upgrade verification on the decrypted upgrade verification package.
4. The method of claim 1, wherein upgrading the terminal device corresponding to the first edge terminal according to the decrypted upgrade installation package comprises:
acquiring initial configuration parameters of terminal equipment corresponding to the first edge terminal;
analyzing the decrypted upgrade installation package to obtain upgrade configuration parameters;
comparing the initial configuration parameters with the upgrade configuration parameters to obtain difference configuration parameters;
and upgrading the terminal equipment corresponding to the first edge terminal according to the difference configuration parameters.
5. An edge security updating apparatus for remote quantum cryptography transmission, the apparatus comprising:
The node attribute analysis module is used for carrying out communication node attribute analysis on the target area to obtain a quantum center and a first edge terminal;
The safe terminal installation module is used for obtaining a safe encryption networking by additionally installing a safe terminal on the quantum center and the first edge terminal;
The installation package encryption module is used for encrypting the upgrade installation package based on the security terminal additionally arranged in the quantum center when the quantum center receives the equipment upgrade instruction to obtain the encrypted upgrade installation package, wherein the upgrade installation package is encrypted based on the security terminal additionally arranged in the quantum center, and the installation package encryption module comprises the following steps:
providing a first random number for the first edge terminal based on a security terminal additionally arranged on the quantum center, and storing the first random number to the first edge terminal;
Providing a first true random number for the first edge terminal based on the security terminal additionally arranged on the quantum center, wherein the first true random number is a symmetrical supplement of the first random number, and for any given first random number, the first true random number is a completely random and unpredictable number sequence with the value completely opposite to that of the first random number;
generating an encryption key according to the first true random number and the first random number, and encrypting the upgrade installation package by the encryption key;
The encryption transmission channel acquisition module is used for analyzing a first edge terminal corresponding to the upgrade installation package and positioning a first encryption transmission channel between the first edge terminal and the quantum center;
the installation package sending module is used for sending the encrypted upgrade installation package from the quantum center to the first edge terminal through the first encryption transmission channel;
the installation package decryption module is used for decrypting the encrypted upgrade installation package by the security terminal additionally installed by the first edge terminal to obtain a decrypted upgrade installation package, wherein the additionally installed security terminal further comprises:
an encrypted security card disposed on the quantum center and the first edge terminal, respectively;
The quantum security service end is deployed on the quantum center, the deployed quantum security service end is configured, the security terminal is installed, and the quantum security service end is used for carrying out encryption service on the encryption security card;
A quantum security card disposed on the first edge terminal;
the quantum security network service terminal is deployed in the quantum center and generates a secret key and a distribution secret key for the quantum security card;
and the terminal equipment upgrading module is used for upgrading the terminal equipment corresponding to the first edge terminal according to the decrypted upgrading installation package.
CN202410202784.XA 2024-02-23 2024-02-23 Edge security updating method and device for remote quantum encryption transmission Active CN118138227B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410202784.XA CN118138227B (en) 2024-02-23 2024-02-23 Edge security updating method and device for remote quantum encryption transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410202784.XA CN118138227B (en) 2024-02-23 2024-02-23 Edge security updating method and device for remote quantum encryption transmission

Publications (2)

Publication Number Publication Date
CN118138227A CN118138227A (en) 2024-06-04
CN118138227B true CN118138227B (en) 2024-09-17

Family

ID=91241493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410202784.XA Active CN118138227B (en) 2024-02-23 2024-02-23 Edge security updating method and device for remote quantum encryption transmission

Country Status (1)

Country Link
CN (1) CN118138227B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116566824A (en) * 2023-05-23 2023-08-08 济南量子技术研究院 Quantum security OTA upgrading method and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018017168A2 (en) * 2016-04-21 2018-01-25 Alibaba Group Holding Limited System and method for encryption and decryption based on quantum key distribution
CN116208330A (en) * 2023-02-23 2023-06-02 浙江大学 Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption
CN117097462B (en) * 2023-07-06 2024-05-24 南京中科齐信科技有限公司 Vehicle-mounted intelligent software upgrading encryption system based on quantum key system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116566824A (en) * 2023-05-23 2023-08-08 济南量子技术研究院 Quantum security OTA upgrading method and system

Also Published As

Publication number Publication date
CN118138227A (en) 2024-06-04

Similar Documents

Publication Publication Date Title
US12217042B2 (en) Method and apparatus for processing upgrade package of vehicle
CN112333158B (en) Privacy protection method and system based on block chain all-in-one machine
EP3633949A1 (en) Method and system for performing ssl handshake
CN110621014B (en) Vehicle-mounted equipment, program upgrading method thereof and server
CN113015159B (en) Initial security configuration method, security module and terminal
CN105027493A (en) Secure mobile app connection bus
CN109302369A (en) A kind of data transmission method and device based on key authentication
CN101964791A (en) Communication authenticating system and method of client and WEB application
CN111107085A (en) Safety communication method based on publish-subscribe mode
CN117176384A (en) TSN network data safety transmission method based on domestic data distribution service
CN111654503A (en) Remote control method, device, equipment and storage medium
CN111639350B (en) Cipher service system and encryption method
CN115174071A (en) Safe transmission method and system for remote upgrading scene of train-mounted software
US20240179523A1 (en) Configuration method and apparatus for terminal device, and communication device
CN109450643B (en) Signature verification method realized on Android platform based on native service
CN113784354B (en) Request conversion method and device based on gateway
CN118138227B (en) Edge security updating method and device for remote quantum encryption transmission
CN113014592A (en) Automatic registration system and method for Internet of things equipment
CN116506848B (en) Secret transmission method and device for upgrading data packet, electronic equipment and storage medium
CN118101298A (en) Data encryption transmission method, device, computer equipment, medium and program product
CN110830243A (en) Symmetric key distribution method, device, vehicle and storage medium
CN114924752B (en) Block chain intelligent contract deployment method, device and storage medium
US20230370247A1 (en) Method for protecting a network access profile against cloning
US7852782B2 (en) Method of creating a split terminal between a base terminal and equipments connected in series
CN118317299B (en) 5G encryption communication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant