[go: up one dir, main page]

CN120238533A - A method for sending and receiving attachment files, and a device - Google Patents

A method for sending and receiving attachment files, and a device Download PDF

Info

Publication number
CN120238533A
CN120238533A CN202311871047.0A CN202311871047A CN120238533A CN 120238533 A CN120238533 A CN 120238533A CN 202311871047 A CN202311871047 A CN 202311871047A CN 120238533 A CN120238533 A CN 120238533A
Authority
CN
China
Prior art keywords
key
encrypted
quantum
quantum key
attachment file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311871047.0A
Other languages
Chinese (zh)
Inventor
刘春华
徐振
张如通
周雷
牛涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202311871047.0A priority Critical patent/CN120238533A/en
Publication of CN120238533A publication Critical patent/CN120238533A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明属于信息通信技术领域,提供了一种附件文件发送方法、接收方法及设备,所述发送方法包括:针对待发送通信信息,接收一个或多个待加密附件文件的指定,生成密钥申请并发送至量子密码服务平台,所述密钥申请包括每个待加密附件文件所需的量子密钥量;自所述量子密码服务平台获取针对每个待加密附件文件生成的量子密钥及其标识信息;响应于信息发送确认指令,对每个待加密附件文件进行加密,并生成加密指引,发送所述通信信息和加密指引;加密指引包括对应每个附件文件的量子密钥标识信息,以使得接收方终端基于所述标识信息向所述量子密码服务平台获取量子密钥。本发明能够根据用户对附件文件的保密要求,针对任意一个或多个附件进行加密。

The present invention belongs to the field of information and communication technology, and provides an attachment file sending method, receiving method and device, the sending method comprising: for communication information to be sent, receiving the designation of one or more attachment files to be encrypted, generating a key application and sending it to a quantum cryptography service platform, the key application including the quantum key amount required for each attachment file to be encrypted; obtaining the quantum key and its identification information generated for each attachment file to be encrypted from the quantum cryptography service platform; in response to an information sending confirmation instruction, encrypting each attachment file to be encrypted, generating an encryption guide, and sending the communication information and the encryption guide; the encryption guide includes the quantum key identification information corresponding to each attachment file, so that the receiving terminal obtains the quantum key from the quantum cryptography service platform based on the identification information. The present invention can encrypt any one or more attachments according to the user's confidentiality requirements for the attachment file.

Description

Attachment file sending method, attachment file receiving method and attachment file receiving device
Technical Field
The present invention belongs to the technical field of information communication, and in particular, relates to a method for sending and receiving an attachment file, and a device thereof.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Email, instant messaging tools, etc. provide convenience for the transfer of documents, but once a document is transferred, it cannot be secured, especially for documents within enterprises or institutions, or other documents having privacy requirements. To ensure the security of the file, the transmitted file may be encrypted.
In the file transmission scenario, the mail text and the attachment to be sent are globally encrypted by the encryption mail service, and only the sender and the receiver can read the mail and the attachment. If the amount of data to be encrypted is large (e.g., the mail body content is large, or the attachment file is large), a long operation time is required. However, in general, not all the mail text and the attachment need to be encrypted, for example, a product recommended mail, the text may only introduce product summarization, and key information such as parameters of the product is sent in the form of attachment, so that the global encryption may cause waste of computing resources.
In addition, in the practical application scenario, a plurality of email recipients can be designated, the instant messaging software also has the functions of mass sending, multi-person conversation and the like, and for a certain attachment file, there may be a requirement that only part of people can review, for example, an internal email issued by a certain enterprise, all people can review the text, and for a certain attachment in the file, only people in a certain department are allowed to review, and the conventional encryption scheme cannot realize such rights management requirement.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a method for sending and receiving an attachment file and equipment thereof, which can encrypt any one or more attachments according to the confidentiality requirement of a user on the attachment file, develop the consulting authority for specific recipients, have higher flexibility and can meet the personalized requirement of the user.
In order to achieve the above object, a first aspect of the present invention provides an attachment file sending method, applied to a sender terminal, including the following steps:
Receiving communication information to be sent, wherein the communication information comprises one or more accessory files;
Receiving a specification of one or more accessory files to be encrypted, and receiving a specification of one or more decryption rights persons for the specification of one or more accessory files to be encrypted;
Generating a key application and sending the key application to a quantum cryptography service platform, wherein the key application comprises quantum key quantity and decryption authority information required by each accessory file to be encrypted;
Acquiring a quantum key generated for each accessory file to be encrypted and identification information of the quantum key from the quantum cryptography service platform;
And responding to the information sending confirmation instruction, encrypting each accessory file to be encrypted by adopting a corresponding quantum key, generating an encryption guide, and sending the communication information and the encryption guide, wherein the encryption guide comprises quantum key identification information corresponding to each accessory file, so that a receiver terminal can carry out identity authentication based on the appointed receiver information, and after the identity authentication passes, the quantum key is obtained from the quantum password service platform based on the identification information.
In some embodiments, the quantum key size required for the attachment file to be encrypted is the same as the attachment file size, or a set point.
In some embodiments, after receiving the specification of one or more accessory files to be encrypted, the security level of each accessory file to be encrypted is also received, and the required quantum key amount is determined according to the security level of each accessory file to be encrypted, wherein the quantum key amount required by the accessory file with the highest security level is the same as the size of the accessory file, and the quantum key amount required by the accessory file with the lower security level is a set value.
In some embodiments, if a plurality of to-be-encrypted attachment files are specified, corresponding relations between each quantum key and the attachment files are obtained from the quantum cryptography service platform, and when the to-be-encrypted attachment files are encrypted, the corresponding relations are written into the key guide.
In some embodiments, a plurality of encryption algorithms are preset, when each accessory file to be encrypted is encrypted, the specification of one or more accessory files to be encrypted is received, the specification of the encryption algorithm adopted by each accessory to be encrypted is also received, and when the accessory file to be encrypted is encrypted, the identification code of the encryption algorithm is written into the key guide.
In some embodiments, the encryption directive includes a key identification tag and an encrypted content tag corresponding to each encrypted attachment, the key identification tag including quantum key identification information for all encrypted attachment files, the encrypted content tag including a serial number of an attachment file and a corresponding serial number of an employed quantum key in the key identification tag, or a serial number of an attachment file, a corresponding serial number of an employed quantum key in the key identification tag, and an identification code of an employed encryption algorithm.
In some embodiments, a first shared quantum key between the quantum cryptography service platform and the quantum cryptography service platform is pre-stored, and the quantum key encrypted by the first shared quantum key is obtained from the quantum cryptography service platform and decrypted to obtain the quantum key.
In some embodiments, a quantum key encrypted by a temporary key and position information of the temporary key in the first shared quantum key are acquired from the quantum cryptography service platform, and the temporary key is acquired and decrypted according to the position information of the temporary key and the first shared quantum key to obtain the quantum key.
A second aspect of the present invention provides an attachment file receiving method, applied to a receiving side terminal, comprising the steps of:
Receiving communication information and encryption guidelines, wherein the encryption guidelines comprise identification information of quantum keys adopted by one or more encryption accessory files;
Responding to a viewing request for a certain encrypted attachment file, and transmitting identification information of a quantum key adopted by the attachment file and identity information of the receiver terminal to a quantum cryptography service platform;
After the identity information is authenticated by the quantum cryptography service platform, a quantum key searched based on the identification information is obtained; the quantum cipher service platform pre-stores a quantum key corresponding to the encrypted attachment file, identification information thereof and designated decryption authority person information;
And decrypting the encrypted attachment file.
In some embodiments, the key guide further comprises a correspondence between each encrypted attachment file and the quantum key, and the quantum key identification information of the encrypted attachment file is determined according to the correspondence in response to a viewing request for a certain encrypted attachment file.
In some embodiments, the key guide further comprises an identification code of an encryption algorithm adopted by each encrypted attachment file, and the encryption algorithm adopted by each encrypted attachment file is obtained according to the identification code during decryption.
In some embodiments, a second shared quantum key between the quantum cryptography service platform and the quantum cryptography service platform is pre-stored, and the quantum key encrypted by the second shared quantum key is obtained from the quantum cryptography service platform and decrypted to obtain the quantum key.
In some embodiments, the quantum key encrypted by the temporary key and the position information of the temporary key in the second shared quantum key are acquired from the quantum cryptography service platform, and the temporary key is acquired and decrypted according to the position information of the temporary key and the second shared quantum key to obtain the quantum key.
The third aspect of the present invention provides a key distribution method, applied to a quantum cryptography service platform, comprising the following steps:
Receiving a key application sent by a sender terminal, wherein the key application comprises one or more quantum key amounts required by the files to be encrypted and one or more decryption authorities specified for one or more files to be encrypted;
generating a quantum key and identification information of the quantum key aiming at each accessory file to be encrypted, and carrying out associated storage on the quantum key and the identification information thereof as well as a corresponding decryption authority to obtain a key distribution record;
and sending the quantum key and the identification information thereof to the sender terminal.
In some embodiments, if a plurality of to-be-encrypted attachment files are specified, generating quantum keys for the plurality of to-be-encrypted attachment files, and generating corresponding relations between each quantum key and the attachment file, and sending the generated corresponding relations to the sender terminal.
In some embodiments, a first shared quantum key between the sender terminal and the sender terminal is prestored, and the generated quantum key is encrypted based on the first shared quantum key and then sent to the sender terminal.
In some embodiments, generating a temporary key based on a portion of the first shared quantum key and recording location information of the temporary key in the first shared quantum key, encrypting the generated quantum key based on the temporary key, and transmitting the encrypted quantum key and the location information of the temporary key to the sender terminal.
In some embodiments, identification information of one or more quantum keys sent by a receiver terminal and identity information of the receiver terminal are received;
and searching whether a corresponding key distribution record exists according to each piece of identification information, if so, further judging whether a decryption authority consistent with the identity information of the receiver terminal exists in the key distribution record, and if so, acquiring one or more quantum keys associated with the decryption authority and sending the quantum keys to the receiver terminal.
In some embodiments, a second shared quantum key between the receiver terminal and the receiver terminal is pre-stored, and the searched quantum key is encrypted based on the second shared key and then sent to the receiver terminal.
In some embodiments, generating a temporary key based on a part of the second shared quantum key, recording the position information of the temporary key in the second shared quantum key, encrypting the searched quantum key based on the temporary key, and transmitting the encrypted quantum key and the position information of the temporary key to the receiver terminal.
A fourth aspect of the present invention provides a communication device comprising one or more processors, and a memory, wherein the memory stores one or more computer programs, the one or more computer programs comprising instructions that, when executed by the communication device, cause the communication device to perform the accessory file sending method, accessory file receiving method, or key distribution method.
A fifth aspect of the present invention provides a computer-readable storage medium having instructions stored therein that, when executed on a communication device, cause the communication device to perform the attachment file transmission method, the attachment file reception method, or the key distribution method.
A sixth aspect of the present invention provides an attachment file transmission system, including a sender terminal, a receiver terminal, and a quantum cryptography service platform, configured to perform the attachment file transmission method, the attachment file reception method, and the key distribution method, respectively.
Based on the above technical solutions, before sending the mail or other communication information, the user may apply for the quantum key to encrypt any one or more accessories therein, and compared with the overall encryption of the mail or other communication information, the quantum key with high security is adopted to encrypt only accessories with security requirements, so that pertinence and flexibility are both stronger, and the security is also higher by applying the quantum key with high strength to the designated accessories.
The method can assign decryption authority persons to the files to be encrypted, so that only the assigned decryption authority persons in the recipients can acquire the quantum key, authority control is realized, and in addition, different decryption authority persons can be assigned for different files, so that differentiated authority management is realized.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a schematic block diagram of a communication system in an embodiment of the invention;
FIG. 2 is a schematic block diagram of another communication system in an embodiment of the invention;
FIG. 3 is a flowchart illustrating an overall method for sending an attachment file according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating an overall method for receiving an attachment file according to an embodiment of the present invention;
FIG. 5 is a flowchart of an overall method for sending an attachment file applied to a sender terminal in an embodiment of the present invention;
Fig. 6 is a flowchart of an overall method for receiving an attachment file applied to a receiving terminal in an embodiment of the present invention;
FIG. 7 is a flowchart of a key distribution method applied to a quantum cryptography service platform according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an information transmission process according to an embodiment of the invention.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
Embodiments of the invention and features of the embodiments may be combined with each other without conflict.
As described in the background art, the encryption of the appointed attachment and the differentiated management of the attachment consulting authority cannot be realized by the existing encryption method, and the invention encrypts only the attachment appointed by the user and needing to be encrypted, and can appoint a decryption authority person aiming at the encrypted attachment, so that the encryption is more flexible, and the finer e-mail confidentiality requirement can be met.
Fig. 1 illustrates a schematic block diagram of an example communication system in which an embodiment of the application may be implemented. As shown, the communication system may include a sender terminal, a receiver terminal, and a quantum cryptography service platform. It will be appreciated that the sender terminal and the receiver terminal may be personal computers, mobile phones (also referred to as mobile phones), tablet computers, televisions (also referred to as smart screens or large screen devices), ultra-mobile personal computers (UMPCs), handheld computers, netbooks, personal Digital Assistants (PDAs), in-vehicle devices (also referred to as car phones), wearable electronic devices, virtual reality devices, and the like, and the embodiments of the present application are not limited in this respect.
The sender terminal, the receiver terminal and the quantum cryptography service platform can establish connection in a wired or wireless mode or a combination of the two modes. In the actual application process, specific devices corresponding to the sender terminal and the receiver terminal are not limited, for example, communication between the client and the server may be performed, communication between two servers may be performed, or communication between two clients may be performed through the server, as shown in fig. 2, and in the specific application process, the scene of information transmission is not limited, which is not described herein.
For example, the communication information to be sent is an email, and the sender terminal and the receiver terminal transmit information via an email server, and for example, the communication information to be sent is instant communication information, and the sender terminal and the receiver terminal transmit information via an instant communication server. In such an application scenario, the sender terminal and the receiver terminal need to install email service or instant messaging software. Hereinafter, the information transmitting and receiving methods are described around data interaction between the sender terminal, the receiver terminal, and the quantum cryptography service platform.
It will be appreciated that the "attachment file" in one or more embodiments of the present invention is not limited to files sent with emails, but may be files sent with messages in instant messaging software, or files attached to information published in a specific social context, which is not specifically limited herein. The attachment file may be any type of file including documents, images, video, audio, etc., and may be in any standard file format, such as PDF, JPEG, MP or Word documents, etc.
In one or more embodiments of the present invention, the term "decryption authority person" refers to a receiver specified by a sender terminal from one or more receivers for a certain attachment file, where in a special case, only one receiver, or all receivers for a certain attachment file are specified as decryption authority persons, the receiver and the decryption authority person may be identical.
Fig. 3 shows an overall flowchart of an attachment file sending method, comprising steps S301-S304, the method comprising the steps of:
s301, a sender terminal receives communication information to be sent, wherein the communication information comprises one or more accessory files;
s302, receiving the specification of one or more accessory files to be encrypted and receiving the specification of one or more decryption authorities specified for one or more accessory files to be encrypted;
S303, generating a key application and sending the key application to a quantum cryptography service platform, wherein the key application comprises quantum key quantity and decryption authority information required by each accessory file to be encrypted;
S304, the quantum cryptography service platform receives the key application, generates a quantum key for each accessory file and identification information of the quantum key, and carries out associated storage on the quantum key and the identification information thereof as well as a corresponding decryption authority to obtain a key distribution record;
S305, the quantum key and the identification information thereof are sent to the sender terminal;
S306, the sender terminal obtains the quantum key and the identification information thereof, responds to an information sending confirmation instruction, encrypts each accessory file by adopting the corresponding quantum key, generates an encryption guide, and sends the communication information and the encryption guide, wherein the encryption guide comprises quantum key identification information corresponding to each accessory file.
Based on the method, the user can arbitrarily designate the attachment file to be encrypted, and designate the decryption authority person for the designated arbitrary attachment file, so that the personalized encryption requirement of the user can be met.
In step S302, the sender terminal may receive the specification of the attachment file to be encrypted via a communication software interface, specifically, by clicking the attachment file to be encrypted with a mouse.
According to different security levels, in some embodiments, at least two security levels are set, the highest security level applies for a quantum key with the same data size as the file to be encrypted by adopting the thought of one-time-pad for the file with the highest security requirement, and the lower security level applies for a quantum key with the set data size for the file with the relatively lower security requirement. Wherein the data volume is the byte size occupied by the attachment file. For example, two security levels are set, and the quantum key amount to be applied is the same as the file data amount and the 16-byte key amount is set, respectively. It will be appreciated that more security levels may be set depending on the requirements of the actual application scenario.
In some embodiments, the security level of each attachment file is specified by the user, for example, after the user uploads the attachment, the user selects one attachment file to be encrypted, and the user is reminded to specify the security level of the attachment file by triggering the encryption function through operations such as menu selection and the like. In step S302, after receiving the specification of one or more accessory files to be encrypted, the sender terminal also receives security levels of each accessory file, generates a key application, and sends the key application to the quantum cryptography service platform, where the key application includes the data size and security levels of each accessory file; in step S303, the quantum cryptography service platform receives the key application, determines a required quantum key amount according to the security level of each attachment file, generates a quantum key, and identification information of the quantum key, and sends the quantum key and the identification information thereof to the sender terminal.
In step S302, the receiving of the specification of one or more decryption rights persons specified for one or more accessory files to be encrypted may be understood as:
(1) Designating the same one or more decryption authority persons for all or part of the attachment file to be encrypted, for example, designating the user A, B in the recipient as the decryption authority person for each of the plurality of attachments;
(2) For different files to be encrypted, different one or more decryption rights are specified, for example, user a may be specified as a decryption rights for a first file, user A, B may be specified as a decryption rights for a second file, and user B, C, D may be specified as a decryption rights for a third file.
As a specific implementation mode, after the user selects one of the accessory files to be encrypted, the user is reminded to select or manually input a decryption authority. For example, the information to be communicated is in the form of an E-mail, if the recipient information is input in advance, the user is reminded to select a decryption authority from the inputted recipients, or other decryption authorities are input manually, if the manually input decryption authority recipient information is not in the inputted recipient information, the manually input decryption authority recipient information is added to the recipient information and reminded, and for example, the information to be communicated is instant communication information, the user is reminded to designate the decryption authority from the group members of the chat group.
The situation (1) can meet the requirement that only part of people have the reference authority under the scenes of a plurality of recipients, and the situation (2) can meet the requirement that different recipients have the reference authority for different attachments under the scenes of a plurality of recipients, such as information issued by enterprises, wherein only the A department of the attachment has the reading authority, and only the B department of the attachment has the reading authority, so that the differentiated management of the reading authority is realized.
The form of the recipient information is not particularly limited herein. For example, if the communication information is an email, the address of the recipient is sent to the quantum cryptography service platform, and if the communication information is instant communication information, the account number of the recipient is sent to the quantum cryptography service platform.
In step S304, if quantum keys are generated for a plurality of attachment files, corresponding relations between each quantum key and the plurality of attachment files are generated and sent to the sender terminal, and in step 306, the corresponding relations are written into encryption guidelines. By generating the corresponding relation between each quantum key and the accessory file, the following sender and receiver can confirm the corresponding relation between a plurality of quantum keys and a plurality of accessory files conveniently.
In step 306, the sender terminal and the receiver terminal each preset a plurality of encryption algorithms, each of which is provided with a unique identification code, and specifically, a plurality of encryption algorithms may be preset in the email service or the instant messaging software. In some embodiments, the encryption algorithm employed by each attachment file is specified by the user, e.g., after the user has specified the security level of the attachment file, the user is also prompted to specify the encryption algorithm to be employed. As a specific implementation manner, in step S302, an encryption algorithm adopted by the sender terminal for the to-be-encrypted attachment file is also received, and an identification code of the adopted encryption algorithm is written into the encryption guide. Since the index of the encryption algorithm is known only to the sender and the receiver, even if the communication information is intercepted by the third party, it is difficult to crack the encrypted part of the content.
As a specific form of the encryption guide, the message header of the communication information to be transmitted includes an encrypted content tag and a key identification tag, and the number of the encrypted content tags is consistent with the number of the files to be encrypted. Each encrypted content tag comprises a serial number corresponding to the accessory file and a serial number corresponding to the adopted quantum key in the key identification tag, and if a sender terminal and a receiver terminal are preset with a plurality of encryption algorithms, the encrypted content tag further comprises an identification code of the encryption algorithm.
As one example, the message header may take the form:
The encrypted content label is [ serial number of the attachment file, serial number corresponding to the adopted quantum key in the key identification label, identification code of the adopted encryption algorithm ];
key identification tag-quantum key identification message. For example:
X-attachmentEncrypt:[3,1,401]
X-attachmentEncrypt:[4,2,401]
X-attachmentEncrypt:[5,3,401]
X-group:0a395b37400ea5f8,1f8bcb31d2d29ef4,0eed1a3fd437724f
the attachments with serial numbers of 3, 4 and 5 are to be encrypted, quantum key k 1、k2、k3 is respectively applied, the encryption algorithm corresponding to the identification code 401 is SM4-ECB algorithm, and the content behind the X-group label is the identification information of quantum key k 1、k2、k3.
The encryption guide is used for indicating which accessory file is encrypted by which quantum key and which encryption algorithm is adopted to the receiver, and provides a path for acquiring the quantum key, so that the receiver can decrypt the accessory file.
In some application scenarios, in step S304, if decryption authority persons of a plurality of attachment files are identical, identical quantum keys are generated for the plurality of attachment files.
As an example, the communication is an email, and there are 5 attachments in the email that need to be encrypted, where the 1 st, 3 rd and 5 th attachments are to be seen by user A (a@quatum-info.com), the 2 nd and 4 th attachments are to be seen by user B (b@quatum-info.com), and the body content of the email and the remaining attachments are viewable by all recipients. The sender s can apply for 2 quantum keys to the vector sub-cipher service platform p, k1 is used for encrypting the 1 st, 3 rd and 5 th attachments, and k2 is used for encrypting the 2 nd and 4 th attachments. Meanwhile, the vector codon cryptographic service platform reports the information when the application is performed, which indicates that the authority applies for the quantum key k1 is the A user (a@quatum-info. Com), and the authority applies for the quantum key k2 is the B user (b@quatum-info. Com).
On the basis of the above attachment file sending method, fig. 4 shows an overall flowchart of an attachment file receiving method, which includes steps S401-S403, specifically includes the following steps:
s401, receiving communication information and encryption guidelines, wherein the encryption guidelines comprise identification information of quantum keys adopted by one or more encryption accessory files;
S402, responding to a viewing request for a certain encrypted attachment file, and sending identification information of a quantum key adopted by the attachment file and identity information of the receiver terminal to a quantum cryptography service platform;
S403, the quantum cryptography service platform searches whether a corresponding key distribution record exists according to each piece of identification information, if so, further judges whether a decryption authority consistent with the identity information of the receiver terminal exists in the key distribution record, and if so, acquires one or more quantum keys associated with the decryption authority and sends the one or more quantum keys to the receiver terminal;
and S404, the receiving party terminal receives the quantum key and decrypts the accessory file.
If there are multiple encrypted attachment files, the encryption guide also comprises the corresponding relation between each attachment file and the adopted quantum key identification information. If the receiver terminal and the sender terminal are preset with the same multiple encryption algorithms, the encryption guide also comprises identification codes of the encryption algorithms.
It will be appreciated that after receiving the communication information, the user may choose to download to the local on-demand view or to view online for an attachment, and if an online view is performed for an attachment, the attachment may be downloaded to the cache and then opened. The user opens the encrypted attachment file as the time for requesting the key, and the security before being opened can be ensured whether the encrypted attachment file is downloaded locally or not.
And the receiving terminal responds to a viewing request of a user for a certain encrypted attachment file, initiates a process of requesting a quantum key from the quantum cryptography service platform, and decrypts the attachment file after obtaining the quantum key.
In step S402, if the key guide further includes a correspondence between each encrypted attachment file and the quantum key, the quantum key identification information of the encrypted attachment file is determined according to the correspondence in response to a viewing request for a certain encrypted attachment file.
In step S404, if the key guide further includes an identification code of the encryption algorithm, the encryption algorithm adopted by the attachment file is also obtained. As described above, the encryption guide includes a key identification tag and an encrypted content tag for each encrypted attachment file, and the specific form thereof is not described herein.
By designating the decryption authority for each attachment file, the differential authority management of multiple attachment files in the same communication information is realized, so that the encryption granularity can be controlled in a refined manner, the high flexibility is realized, and the customized encryption requirement of a user can be met.
As an example, the communication information is an email, and the information reported by the sender s vector sub-cipher service platform p when applying for the quantum key is specifically 1, the number of the quantum keys is applied, 2, the length of each quantum key, and 3, the receiver of the authority application of the quantum key is applied to each quantum key.
For example, the data reported in json format shows that 3 quantum keys with the length of 16 bytes are applied, the quantum key 1 only allows a@sina.com as a receiver to apply the quantum key to the secret platform, the quantum key 2 only allows b@163.com as the receiver to apply the quantum key to the secret platform, and the quantum key 3 allows a@163.com, b@163.com and c@sohu.com as the receiver to apply.
The quantum cryptography service platform p records the received report information, generates 3 quantum keys k 1、k2、k3, and returns the 3 quantum keys to the sender s together with labels token1, token2 and token3 corresponding to the 3 quantum keys. The quantum cryptography service platform p records the corresponding relation between three quantum keys and the labels and allowed recipients thereof in a key information table maintained by the quantum cryptography service platform p:
k1——eb4511d6ae6646fd(token1)——a@sina.com
k2——83c43f6d9177b4b6(token2)——b@163.com
k3——ca93aa80bcab8ced(token3)——a@sina.com,b@163.com,c@sohu.com
The information reported when the receiver r vector codon service platform with the mailbox account number b@163.com applies for the quantum key is the number of the applied quantum key, 2, the receiver mailbox account number, 3, the identification corresponding to the quantum key;
for example, the following json format is used to report the data representation b@163.com as the recipient, apply for 2 quantum keys, and attach the corresponding identifiers for the two quantum keys.
After receiving the application of the receiver r, the quantum cryptography service platform p retrieves the data in the key information table, finds the allowed receiver according to the two labels keyToken, compares the allowed receiver with the account, confirms that b@163.com described by the account has the application authority of the two quantum keys, and sends the quantum keys k 2 and k 3 corresponding to the two labels to the receiver r.
In order to prevent an eavesdropper from impersonating the identity of the receiver to acquire the communication information, for example, the eavesdropper illegally acquires the login account number of the communication software of the receiver through a hacking method, in some embodiments, the sender terminal and the quantum cryptography service platform are both pre-stored with a first shared quantum key for encrypting and decrypting the communication information between the sender terminal and the quantum cryptography service platform. And the receiver terminal and the quantum cryptography service platform are both pre-stored with a second shared quantum key for encrypting and decrypting communication information between the receiver terminal and the quantum cryptography service platform.
More specifically, in step S303, the quantum cryptography service platform encrypts the generated quantum key with the first shared quantum key and sends the encrypted quantum key to the sender terminal.
In step S403, the quantum cryptography service platform encrypts the searched quantum key with the second shared quantum key and sends the encrypted quantum key to the receiver terminal.
Thus, even if an eavesdropper illegally acquires encryption guidance by cracking an account of the communication software, the eavesdropper cannot crack due to the adoption of a shared key between the receiver terminal and the quantum cryptography service platform.
In order to further improve security, in some embodiments, the quantum cryptography service platform encrypts a part of the secret key in the first shared quantum key or the second shared quantum key, marks the encrypted secret key as a temporary secret key, and when sending the encrypted information to the sender terminal or the receiver terminal, sends the position information of the temporary secret key in the first shared quantum key or the second shared quantum key at the same time. Specifically, the partial key may be a continuous one-segment key in the first shared quantum key or the second shared quantum key, or may be a combination of discontinuous multiple-segment keys. As an example, the first shared quantum key or the second shared quantum key is a continuous piece of binary data, and 2048 th to 2064 th bytes may be truncated for encryption, or a plurality of location intervals, such as 600 th to 1000 th and 2504 th to 2720 th bytes, may be designated for encryption after concatenation.
Based on this, the temporary key used for encrypting the quantum key to be transmitted adopts one-time pad, even if the receiving terminal is stolen, since it is not known how the key was used before all, the communication data before the theft is still secure. In addition, since the quantum key applied each time is encrypted and protected by different parts of the shared key, if only the position information of the key is eavesdropped in the transmission process, the communication data cannot be cracked because the transmission is not the key itself.
As an example, as shown in fig. 8, the sender s and the receiver r obtain shared keys k ps and k pr, respectively, with the quantum cryptography service platform p in advance. Sender s processes the email attachment to be sent and selects the attachment to be encrypted therein, e.g., attachment 1.
As shown in step ①, the sender s-vector sub-password service platform p applies for the quantum key required for encrypting the email this time, and simultaneously informs the quantum password service platform p of the recipient information.
As shown in step ②, after receiving the application, the quantum cryptography service platform p saves the application information, generates a quantum key k 1, encrypts k 1 by using a shared key k ps between the quantum cryptography service platform p and the sender s to obtain k ps(k1), and sends a quantum key identifier token1 corresponding to k ps(k1) and k 1 to the sender s as shown in step ②.
The sender s receives token1 and k ps(k1) and decrypts k ps(k1) using the shared key k ps with the quantum cryptography service platform p, resulting in quantum key k 1.
The sender s encrypts the 1 st attachment using the quantum key k 1 to generate the ciphertext file of the 1 st attachment.
The sender adds the following information in the email header:
X-attachmentEncrypt:[1,1,401]
X-group:0a395b37400ea5f8
The content behind the X-ATTACHMENTENCRYPT label is the attachment number, the key selection and the encryption algorithm code. Referring to encrypting the 1 st attachment using the 1 st quantum key, the encryption algorithm is the SM4 algorithm ECB encryption mode (here the definition of the national secret standard GM/T0006-2012 is used, 401 refers to SM 4-ECB).
The X-group label is followed by a quantum key identification, namely the content of token1, which is a character string composed of hexadecimal digital symbols, randomly generated by a quantum cryptography service platform p, and each quantum key identification is unique.
The sender s sends the e-mail (including at least the mail header and all attachments) processed as described above to the mail server, as shown in step ③.
The recipient r pulls the email locally on the mail server, as shown in step ④.
The receiver r reads the key selection, the quantum key identification, the encryption range (attachment number) and the encryption algorithm code information in the mail header, and as shown in step ⑤, sends the quantum key identification token1 (content 0a395b37400ea5f 8) indicated by the X-group tag to the quantum cryptography service platform p to apply for the corresponding quantum key k 1.
After the quantum cryptography service platform p receives the application, it firstly checks whether the applicant is a legal addressee reported by the sender s in step 3, if so, as shown in step ⑥, encrypts k 1 with a shared key k pr between the quantum key k 1 and the receiver r to obtain k pr(k1), and as shown in step ⑤, sends k pr(k1) to the receiver r.
The receiver r decrypts k pr(k1) using the shared key k pr with the quantum cryptography service platform p, resulting in a quantum key k 1.
The receiver uses the 1 st quantum key k 1 to decrypt the 1 st attachment of the E-mail by using SM4-ECB algorithm to obtain an attachment plaintext file, replaces the attachment ciphertext file at the same position, and the decryption process is finished.
According to the technical scheme, different security requirements of different users on the accessory files can be met, and differentiated authority control of a plurality of accessories in the same communication information can be achieved, wherein the differentiation is achieved in the following aspects that (1) encryption can be conducted only on appointed accessories in the plurality of accessories, (2) quantum keys with different security levels can be adopted for encryption in the plurality of accessories, and (3) appointed receivers with authority decryption for all the accessories can be different in the plurality of accessories.
Fig. 5 shows a method for sending an attachment file based on a quantum key according to one or more embodiments of the present invention, where the method is applied to a sender terminal, and includes the following steps:
S501, receiving communication information to be transmitted, wherein the communication information comprises one or more accessory files;
S502, receiving the specification of one or more accessory files to be encrypted and receiving the specification of one or more decryption authorities specified for one or more accessory files to be encrypted;
S503, generating a key application and sending the key application to a quantum cryptography service platform, wherein the key application comprises quantum key quantity and decryption authority information required by each accessory file to be encrypted;
s504, acquiring a quantum key generated for each accessory file to be encrypted and identification information of the quantum key from the quantum cryptography service platform;
And S505, in response to the information sending confirmation instruction, encrypting each accessory file to be encrypted by adopting a corresponding quantum key, generating an encryption guide, and sending the communication information and the encryption guide, wherein the encryption guide comprises quantum key identification information corresponding to each accessory file, so that a receiver terminal can carry out identity authentication based on the appointed receiver information, and after the identity authentication passes, the quantum key is acquired from the quantum password service platform based on the identification information.
In step S503, according to different security levels, if the security level is high, the quantum key size required for the to-be-encrypted attachment file is the same as the attachment file size. If the security level is general, the quantum key amount required by the file to be encrypted is set as the set value.
The security level is specified by a user, the required key amount is determined based on the specified security level, specifically, after the specification of one or more to-be-encrypted attachment files is received, the security level of each to-be-encrypted attachment file is also received, the required quantum key amount is determined according to the security level of each to-be-encrypted attachment file and is sent to the quantum cryptography service platform, the quantum key amount required by the attachment file with the highest security level is the same as the attachment file in size, and the quantum key amount required by the attachment file with the lower security level is a set value.
In step S502, a plurality of encryption algorithms are preset in the sender terminal, and after receiving the specification of one or more accessory files to be encrypted, the sender terminal also receives the encryption algorithm adopted by each accessory file to be encrypted, and in step S505, when encrypting the accessory file to be encrypted, the identification code of the encryption algorithm is written into the key guide.
In step S504, if a plurality of to-be-encrypted attachment files are specified, corresponding relations between each quantum key and the attachment files are also obtained from the quantum cryptography service platform, and in step S505, when the to-be-encrypted attachment files are encrypted, the corresponding relations are written into the key guide.
The encryption guide comprises a key identification tag and an encryption content tag corresponding to each encryption accessory, the key identification tag comprises quantum key identification information of all encryption accessory files, the encryption content tag comprises serial numbers of the accessory files and serial numbers corresponding to the adopted quantum keys in the key identification tag, or serial numbers of the accessory files, serial numbers corresponding to the adopted quantum keys in the key identification tag and identification codes of the adopted encryption algorithm.
In order to realize the security in the quantum key transmission process, the sender terminal pre-stores a first shared quantum key between the sender terminal and the quantum cryptography service platform, and the quantum key encrypted by the first shared quantum key is obtained from the quantum cryptography service platform and decrypted to obtain the quantum key.
More specifically, the method comprises the steps of obtaining a quantum key encrypted by a temporary key from the quantum cryptography service platform and position information of the temporary key in the first shared quantum key, obtaining the temporary key according to the position information of the temporary key and the first shared quantum key, and decrypting to obtain the quantum key.
Fig. 6 shows a quantum key based attachment file receiving method according to one or more embodiments of the present invention, where the method is applied to a receiver terminal, and includes the following steps:
S601, receiving communication information and encryption guidelines, wherein the encryption guidelines comprise identification information of quantum keys adopted by one or more encryption accessory files;
S602, responding to a viewing request for a certain encrypted attachment file, and transmitting identification information of a quantum key adopted by the attachment file and identity information of the receiver terminal to a quantum cryptography service platform;
S603, after the identification information is authenticated by the quantum cryptography service platform, a quantum key searched based on the identification information is obtained, wherein the quantum key corresponding to the encryption accessory file, the identification information thereof and the designated decryption authority person information are prestored by the quantum cryptography service platform;
s604, decrypting the encrypted accessory file.
In step S601, the key guide further comprises a corresponding relation between each encryption accessory file and the quantum key, and in step S602, quantum key identification information of the encryption accessory files is determined according to the corresponding relation in response to a viewing request for a certain encryption accessory file.
In step S601, the key guide further comprises an identification code of an encryption algorithm adopted by each encryption accessory file, and in step S604, the encryption algorithm adopted by each encryption accessory file is obtained according to the identification code during decryption.
In order to realize the security in the quantum key transmission process, a second shared quantum key between the quantum key and the quantum cipher service platform is prestored, and the quantum key encrypted by the second shared quantum key is obtained from the quantum cipher service platform and decrypted to obtain the quantum key.
More specifically, the method comprises the steps of obtaining a quantum key encrypted by a temporary key from the quantum cryptography service platform and position information of the temporary key in the second shared quantum key, obtaining the temporary key according to the position information of the temporary key and the second shared quantum key, and decrypting to obtain the quantum key.
Fig. 7 shows a key distribution method applied to a quantum cryptography service platform, comprising the steps of:
S701, receiving a key application sent by a sender terminal, wherein the key application comprises one or more quantum key amounts required by the files to be encrypted and one or more decryption authorities specified for one or more files to be encrypted;
s702, generating a quantum key and identification information of the quantum key for each accessory file to be encrypted, and carrying out associated storage on the quantum key and the identification information thereof as well as a corresponding decryption authority person to obtain a key distribution record;
And S703, transmitting the quantum key and the identification information thereof to the sender terminal.
In step S702, if a plurality of to-be-encrypted attachment files are specified, quantum keys are generated for the plurality of to-be-encrypted attachment files, and meanwhile, corresponding relations between each quantum key and the attachment file are also generated.
In order to ensure the security in the quantum key transmission process, the quantum cryptography service platform pre-stores a first shared quantum key between the quantum cryptography service platform and the sender terminal, encrypts the generated quantum key based on the first shared quantum key and then sends the encrypted quantum key to the sender terminal.
More specifically, a temporary key is generated based on a part of the first shared quantum key, and the position information of the temporary key in the first shared quantum key is recorded, the generated quantum key is encrypted based on the temporary key, and the encrypted quantum key and the position information of the temporary key are transmitted to the sender terminal.
To enable the distribution of the quantum key to the recipient, the method further comprises:
s704, receiving identification information of one or more quantum keys sent by a receiver terminal and identity information of the receiver terminal;
S705, according to each piece of the identification information, searching whether a corresponding key distribution record exists, if so, further executing step S706, and if not, returning an identification information error prompt;
S706, judging whether a decryption authority consistent with the identity information of the receiver terminal exists in the key distribution record, if so, acquiring one or more quantum keys associated with the decryption authority, and sending the quantum keys to the receiver terminal, and if not, failing the identity authentication.
The quantum cryptography service platform pre-stores a second shared quantum key between the quantum cryptography service platform and the receiver terminal, encrypts the searched quantum key based on the second shared key and then sends the encrypted quantum key to the receiver terminal.
More specifically, a temporary key is generated based on a part of the second shared quantum key, the position information of the temporary key in the second shared quantum key is recorded, the searched quantum key is encrypted based on the temporary key, and the encrypted quantum key and the position information of the temporary key are sent to the receiver terminal.
One or more embodiments of the present invention also provide a communication device that may be used to implement the methods performed in the sender terminal, the receiver terminal, and the quantum cryptography service platform in the above embodiments. The electronic device includes one or more processors, one or more memories coupled to the processors, and a communication module coupled to the processors.
The memory may include one or more non-volatile memories and one or more volatile memories. Examples of non-volatile Memory include, but are not limited to, at least one of Read-Only Memory (ROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, hard disk, compact Disc (CD), digital video disk (DIGITAL VERSATILE DISC, DVD), or other magnetic and/or optical storage. Examples of volatile memory include, but are not limited to, at least one of random access memory (Random Access Memory, RAM), or other volatile memory that does not last for the duration of the power outage. The computer program may be stored in ROM. The processor implements any one of the above-mentioned attachment file transmitting method, attachment file receiving method, and key distribution method when executing the computer program.
In some embodiments, the program may be tangibly embodied in a computer-readable medium, which may be included in a device (such as in a memory) or other storage device accessible by the device. The program may be loaded from a computer readable medium into RAM for execution. The computer readable medium may comprise any type of tangible non-volatile memory, such as ROM, EPROM, flash memory, hard disk, which stores a computer program which, when executed by a processor, implements any one of the above-described attachment file transmission method, attachment file reception method, key distribution method.
One or more embodiments of the present invention also provide an attachment file transfer system, including a sender terminal, a receiver terminal, and a quantum cryptography service platform.
The various embodiments of the invention may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software, which may be executed by a controller, microprocessor or other computing device. While various aspects of the embodiments of the disclosure are illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
Although the operations of the method of the present invention are depicted in the drawings in a particular order, this is not required or implied that the operations be performed in the particular order or that all of the illustrated operations be performed to achieve desirable results. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform. It should also be noted that features and functions of two or more devices according to the present disclosure may be embodied in one device. Conversely, the features and functions of one device described above may be further divided into multiple devices to be embodied.

Claims (23)

1.一种附件文件发送方法,应用于发送方终端,其特征在于,包括以下步骤:1. A method for sending an attachment file, applied to a sending terminal, characterized in that it includes the following steps: 接收待发送通信信息,所述通信信息中包括一个或多个附件文件;Receiving communication information to be sent, wherein the communication information includes one or more attachment files; 接收一个或多个待加密附件文件的指定,以及接收针对其中一个或多个待加密附件文件指定的一个或多个解密权限人的指定;receiving a designation of one or more attachment files to be encrypted, and receiving a designation of one or more persons with decryption authority designated for the one or more attachment files to be encrypted; 生成密钥申请并发送至量子密码服务平台,所述密钥申请包括每个待加密附件文件所需的量子密钥量和解密权限人信息;Generate a key application and send it to the quantum cryptography service platform, the key application including the quantum key quantity and decryption authority information required for each attachment file to be encrypted; 自所述量子密码服务平台获取针对每个待加密附件文件生成的量子密钥,及所述量子密钥的标识信息;Obtaining, from the quantum cryptography service platform, a quantum key generated for each attachment file to be encrypted and identification information of the quantum key; 响应于信息发送确认指令,对每个待加密附件文件采用相应量子密钥进行加密,并生成加密指引,发送所述通信信息和所述加密指引,所述加密指引包括对应每个附件文件的量子密钥标识信息;以使得接收方终端能够基于指定的接收方信息进行身份认证,以及身份认证通过后基于所述标识信息向所述量子密码服务平台获取量子密钥。In response to the information sending confirmation instruction, each attachment file to be encrypted is encrypted using the corresponding quantum key, and an encryption guide is generated, and the communication information and the encryption guide are sent, wherein the encryption guide includes the quantum key identification information corresponding to each attachment file; so that the receiving terminal can perform identity authentication based on the specified receiving terminal information, and obtain the quantum key from the quantum cryptography service platform based on the identification information after the identity authentication is passed. 2.如权利要求1所述的附件文件发送方法,其特征在于,待加密附件文件所需的量子密钥量大小与该附件文件大小相同,或为设定值。2. The attachment file sending method as described in claim 1 is characterized in that the size of the quantum key required for the attachment file to be encrypted is the same as the size of the attachment file, or is a set value. 3.如权利要求1所述的附件文件发送方法,其特征在于,接收一个或多个待加密附件文件的指定后,还接收每个所述待加密附件文件的保密等级,根据每个待加密附件文件的保密等级,确定所需的量子密钥量;最高保密等级附件文件所需的量子密钥量大小与该附件文件大小相同;较低保密等级附件文件所需的量子密钥量大小为设定值。3. The attachment file sending method as described in claim 1 is characterized in that after receiving the designation of one or more attachment files to be encrypted, the confidentiality level of each attachment file to be encrypted is also received, and the required quantum key amount is determined according to the confidentiality level of each attachment file to be encrypted; the quantum key amount required for the highest confidentiality level attachment file is the same as the size of the attachment file; the quantum key amount required for the lower confidentiality level attachment file is a set value. 4.如权利要求1所述的附件文件发送方法,其特征在于,若指定了多个待加密附件文件,还自所述量子密码服务平台获取各个量子密钥与附件文件之间的对应关系,对待加密附件文件进行加密时,将所述对应关系写入所述密钥指引。4. The attachment file sending method according to claim 1 is characterized in that if multiple attachment files to be encrypted are specified, the correspondence between each quantum key and the attachment file is obtained from the quantum cryptography service platform, and when the attachment file to be encrypted is encrypted, the correspondence is written into the key guide. 5.如权利要求1所述的附件文件发送方法,其特征在于,预置多种加密算法,对每个待加密附件文件进行加密时,接收一个或多个待加密附件文件的指定后,还接收每个所述待加密附件所采用加密算法的指定;对待加密附件文件进行加密时,将所述加密算法的标识码写入所述密钥指引。5. The attachment file sending method as described in claim 1 is characterized in that multiple encryption algorithms are preset, and when each attachment file to be encrypted is encrypted, after receiving the designation of one or more attachment files to be encrypted, the designation of the encryption algorithm used for each attachment to be encrypted is also received; when the attachment file to be encrypted is encrypted, the identification code of the encryption algorithm is written into the key guide. 6.如权利要求4或5所述的附件文件发送方法,其特征在于,所述加密指引包括密钥标识标签和对应每个加密附件的加密内容标签,所述密钥标识标签包括所有加密附件文件的量子密钥标识信息,所述加密内容标签包括附件文件的序号,以及所采用量子密钥在所述密钥标识标签中对应的序号,或,附件文件的序号、所采用量子密钥在所述密钥标识标签中对应的序号,以及所采用加密算法的标识码。6. The attachment file sending method according to claim 4 or 5 is characterized in that the encryption guide includes a key identification tag and an encrypted content tag corresponding to each encrypted attachment, the key identification tag includes the quantum key identification information of all encrypted attachment files, and the encrypted content tag includes the serial number of the attachment file, and the serial number corresponding to the adopted quantum key in the key identification tag, or the serial number of the attachment file, the serial number corresponding to the adopted quantum key in the key identification tag, and the identification code of the adopted encryption algorithm. 7.如权利要求1-5任一项所述的附件文件发送方法,其特征在于,预存与所述量子密码服务平台之间的第一共享量子密钥,自所述量子密码服务平台获取的是经由所述第一共享量子密钥加密的量子密钥,解密得到量子密钥。7. The method for sending an attachment file according to any one of claims 1 to 5, characterized in that a first shared quantum key between the quantum cryptography service platform and the quantum cryptography service platform is pre-stored, and what is obtained from the quantum cryptography service platform is a quantum key encrypted by the first shared quantum key, and the quantum key is decrypted to obtain the quantum key. 8.如权利要求7所述的附件文件发送方法,其特征在于,自所述量子密码服务平台获取经由临时密钥加密的量子密钥,以及所述临时密钥在所述第一共享量子密钥中的位置信息;根据所述临时密钥的位置信息和第一共享量子密钥,获取临时密钥,解密得到量子密钥。8. The method for sending an attachment file as described in claim 7 is characterized in that a quantum key encrypted by a temporary key and position information of the temporary key in the first shared quantum key are obtained from the quantum cryptography service platform; the temporary key is obtained according to the position information of the temporary key and the first shared quantum key, and the quantum key is decrypted to obtain the temporary key. 9.一种附件文件接收方法,应用于接收方终端,其特征在于,包括以下步骤:9. A method for receiving an attachment file, applied to a receiving terminal, characterized in that it comprises the following steps: 接收通信信息和加密指引,所述加密指引包括一个或多个加密附件文件所采用量子密钥的标识信息;Receiving communication information and encryption instructions, wherein the encryption instructions include identification information of a quantum key used to encrypt one or more attachment files; 响应于针对某个加密附件文件的查看请求,将所述附件文件所采用量子密钥的标识信息,及所述接收方终端的身份信息发送至量子密码服务平台;In response to a viewing request for a certain encrypted attachment file, the identification information of the quantum key used in the attachment file and the identity information of the receiving terminal are sent to the quantum cryptography service platform; 在所述量子密码服务平台对所述身份信息认证通过后,获取基于所述标识信息查找的量子密钥;所述量子密码服务平台预存加密附件文件对应的量子密钥及其标识信息,以及指定的解密权限人信息;After the quantum cryptography service platform authenticates the identity information, a quantum key searched based on the identification information is obtained; the quantum cryptography service platform pre-stores the quantum key corresponding to the encrypted attachment file and its identification information, as well as the designated decryption authority information; 对所述加密附件文件进行解密。The encrypted attachment file is decrypted. 10.如权利要求9所述的附件文件接收方法,其特征在于,所述密钥指引还包括每个加密附件文件与量子密钥之间的对应关系;响应于针对某个加密附件文件的查看请求,根据所述对应关系确定所述加密附件文件的量子密钥标识信息。10. The attachment file receiving method according to claim 9 is characterized in that the key guidance also includes a correspondence between each encrypted attachment file and a quantum key; in response to a viewing request for a certain encrypted attachment file, the quantum key identification information of the encrypted attachment file is determined according to the correspondence. 11.如权利要求9所述的附件文件接收方法,其特征在于,所述密钥指引还包括每个加密附件文件所采用加密算法的标识码;解密时根据所述标识码获取每个加密附件文件所采用的加密算法。11. The attachment file receiving method as described in claim 9 is characterized in that the key guide also includes an identification code of the encryption algorithm used by each encrypted attachment file; during decryption, the encryption algorithm used by each encrypted attachment file is obtained according to the identification code. 12.如权利要求9-11任一项所述的附件文件接收方法,其特征在于,预存与所述量子密码服务平台之间的第二共享量子密钥,自所述量子密码服务平台获取的是经由所述第二共享量子密钥加密的量子密钥,解密得到量子密钥。12. The method for receiving an attachment file according to any one of claims 9 to 11, characterized in that a second shared quantum key is pre-stored between the quantum cryptography service platform, and what is obtained from the quantum cryptography service platform is a quantum key encrypted by the second shared quantum key, and the quantum key is decrypted to obtain the quantum key. 13.如权利要求12所述的附件文件接收方法,其特征在于,自所述量子密码服务平台获取经由临时密钥加密的量子密钥,以及所述临时密钥在所述第二共享量子密钥中的位置信息;根据所述临时密钥的位置信息和第二共享量子密钥,获取临时密钥,解密得到量子密钥。13. The method for receiving an attachment file according to claim 12, characterized in that a quantum key encrypted by a temporary key and position information of the temporary key in the second shared quantum key are obtained from the quantum cryptography service platform; the temporary key is obtained according to the position information of the temporary key and the second shared quantum key, and the quantum key is decrypted to obtain the temporary key. 14.一种密钥分发方法,应用于量子密码服务平台,其特征在于,包括以下步骤:14. A key distribution method, applied to a quantum cryptography service platform, comprising the following steps: 接收发送方终端发送的密钥申请,所述密钥申请包括一个或多个待加密附件文件各自所需的量子密钥量,和针对其中一个或多个待加密附件文件指定的一个或多个解密权限人;Receiving a key application sent by a sending terminal, the key application including the quantum key quantity required for each of one or more attachment files to be encrypted, and one or more decryption authority persons specified for one or more of the attachment files to be encrypted; 针对每个所述待加密附件文件生成量子密钥,以及所述量子密钥的标识信息,将所述量子密钥及其标识信息,以及相应解密权限人进行关联存储,得到本次密钥分配记录;Generate a quantum key and identification information of the quantum key for each attachment file to be encrypted, associate and store the quantum key and its identification information with the corresponding decryption authority, and obtain a key distribution record; 将所述量子密钥及其标识信息发送至所述发送方终端。The quantum key and its identification information are sent to the sending terminal. 15.如权利要求14所述的密钥分发方法,其特征在于,若指定了多个待加密附件文件,针对所述多个待加密附件文件生成量子密钥的同时,还生成各个量子密钥与附件文件之间的对应关系,发送至所述发送方终端。15. The key distribution method according to claim 14 is characterized in that, if multiple attachment files to be encrypted are specified, while generating quantum keys for the multiple attachment files to be encrypted, a correspondence between each quantum key and the attachment file is also generated and sent to the sender terminal. 16.如权利要求14-15任一项所述的密钥分发方法,其特征在于,预存与所述发送方终端之间的第一共享量子密钥,将生成的量子密钥基于所述第一共享量子密钥加密后发送至所述发送方终端。16. The key distribution method according to any one of claims 14 to 15, characterized in that a first shared quantum key between the sender terminal and the sender terminal is pre-stored, and the generated quantum key is encrypted based on the first shared quantum key and sent to the sender terminal. 17.如权利要求16所述的密钥分发方法,其特征在于,基于部分所述第一共享量子密钥生成临时密钥,并记录所述临时密钥在所述第一共享量子密钥中的位置信息;将生成的量子密钥基于所述临时密钥加密,将加密的量子密钥和所述临时密钥的位置信息发送至所述发送方终端。17. The key distribution method according to claim 16 is characterized in that a temporary key is generated based on part of the first shared quantum key, and the position information of the temporary key in the first shared quantum key is recorded; the generated quantum key is encrypted based on the temporary key, and the encrypted quantum key and the position information of the temporary key are sent to the sending terminal. 18.如权利要求14-15任一项所述的密钥分发方法,其特征在于,18. The key distribution method according to any one of claims 14 to 15, characterized in that: 接收接收方终端发送的一个或多个量子密钥的标识信息,和所述接收方终端的身份信息;Receiving identification information of one or more quantum keys sent by a receiving terminal and identity information of the receiving terminal; 根据每个所述标识信息,查找是否存在相应密钥分配记录,若存在,进一步判断所述密钥分配记录中是否存在与所述接收方终端的身份信息一致的解密权限人,若存在,获取与所述解密权限人关联的一个或多个量子密钥,并发送至所述接收方终端。According to each of the identification information, check whether there is a corresponding key distribution record. If so, further determine whether there is a decryption authority person consistent with the identity information of the receiving terminal in the key distribution record. If so, obtain one or more quantum keys associated with the decryption authority person and send them to the receiving terminal. 19.如权利要求18所述的密钥分发方法,其特征在于,预存与所述接收方终端之间的第二共享量子密钥,将查找到的量子密钥基于所述第二共享密钥加密后发送至所述接收方终端。19. The key distribution method according to claim 18 is characterized in that a second shared quantum key between the receiver terminal and the receiver terminal is pre-stored, and the found quantum key is encrypted based on the second shared key and then sent to the receiver terminal. 20.如权利要求19所述的密钥分发方法,其特征在于,基于部分所述第二共享量子密钥生成临时密钥,并记录所述临时密钥在所述第二共享量子密钥中的位置信息;将查找到的量子密钥基于所述临时密钥加密,将加密的量子密钥和所述临时密钥的位置信息发送至所述接收方终端。20. The key distribution method according to claim 19 is characterized in that a temporary key is generated based on part of the second shared quantum key, and the position information of the temporary key in the second shared quantum key is recorded; the found quantum key is encrypted based on the temporary key, and the encrypted quantum key and the position information of the temporary key are sent to the receiving terminal. 21.一种通信设备,其特征在于,所述通信设备包括一个或多个处理器;以及存储器;其中,所述存储器中存储有一个或多个计算机程序,所述一个或多个计算机程序包括指令,当所述指令被所述通信设备执行时,使得所述通信设备执行根据权利要求1-20中任一项所述的方法。21. A communication device, characterized in that the communication device comprises one or more processors; and a memory; wherein one or more computer programs are stored in the memory, and the one or more computer programs include instructions, and when the instructions are executed by the communication device, the communication device executes the method according to any one of claims 1-20. 22.一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,其特征在于,当所述指令在通信设备上运行时,使得所述通信设备执行根据权利要求1-20中任一项所述的方法。22. A computer-readable storage medium storing instructions, wherein when the instructions are executed on a communication device, the communication device executes the method according to any one of claims 1 to 20. 23.一种附件文件传输系统,其特征在于,包括发送方终端、接收方终端和量子密码服务平台,分别被配置为执行如权利要求1-8任一项所述的附件文件发送方法、如权利要求9-13任一项所述的附件文件接收方法和如权利要求14-20任一项所述的密钥分发方法。23. An attachment file transmission system, characterized in that it includes a sender terminal, a receiver terminal and a quantum cryptography service platform, which are respectively configured to execute the attachment file sending method as described in any one of claims 1 to 8, the attachment file receiving method as described in any one of claims 9 to 13, and the key distribution method as described in any one of claims 14 to 20.
CN202311871047.0A 2023-12-29 2023-12-29 A method for sending and receiving attachment files, and a device Pending CN120238533A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311871047.0A CN120238533A (en) 2023-12-29 2023-12-29 A method for sending and receiving attachment files, and a device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311871047.0A CN120238533A (en) 2023-12-29 2023-12-29 A method for sending and receiving attachment files, and a device

Publications (1)

Publication Number Publication Date
CN120238533A true CN120238533A (en) 2025-07-01

Family

ID=96162588

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311871047.0A Pending CN120238533A (en) 2023-12-29 2023-12-29 A method for sending and receiving attachment files, and a device

Country Status (1)

Country Link
CN (1) CN120238533A (en)

Similar Documents

Publication Publication Date Title
US9590949B2 (en) Confidential message exchange using benign, context-aware cover message generation
CN100576196C (en) Content encryption method, system and method for providing content over network using the encryption method
CN104092550B (en) Cipher code protection method, system and device
US20080031458A1 (en) System, methods, and apparatus for simplified encryption
JP2008187280A (en) Electronic mail system, electronic mail relay device, electronic mail relay method, and electronic mail relay program
JP2010522488A (en) Secure electronic messaging system requiring key retrieval to distribute decryption key
US8220040B2 (en) Verifying that group membership requirements are met by users
EP3465976B1 (en) Secure messaging
CN104660589A (en) Method and system for controlling encryption of information and analyzing information as well as terminal
CN104243149A (en) Encrypting and decrypting method, device and server
US11444897B2 (en) System and method for providing privacy control to message based communications
US10404451B2 (en) Apparatus and method for message communication
KR101541165B1 (en) Mobile message encryption method, computer readable recording medium recording program performing the method and download server storing the method
KR101485968B1 (en) Method for accessing to encoded files
CN101841785A (en) Method for sending encrypted message by cellphone and system thereof
CN105743884A (en) Mail hiding method and mail hiding system
CN111541603B (en) Independent intelligent safety mail terminal and encryption method
JP2007281622A (en) Electronic mail system, and electronic mail relaying apparatus, method, and program
KR100577875B1 (en) Encryption and Decryption Method of Transmission Data
CN1997141B (en) A method and system for control of the video captured figure in the instant communication
CN106972928B (en) Bastion machine private key management method, device and system
JP2001285286A (en) Authentication method, recording medium, authentication system, terminal device, and recording medium creating device for authentication
CN120238533A (en) A method for sending and receiving attachment files, and a device
JP2008219743A (en) File encryption management system and method for implementing the system
CN120238293A (en) A method for sending information, a method for receiving information and a device based on quantum key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination