[go: up one dir, main page]

CN120812582A - Quantum encryption-based data transmission method and system - Google Patents

Quantum encryption-based data transmission method and system

Info

Publication number
CN120812582A
CN120812582A CN202510968012.1A CN202510968012A CN120812582A CN 120812582 A CN120812582 A CN 120812582A CN 202510968012 A CN202510968012 A CN 202510968012A CN 120812582 A CN120812582 A CN 120812582A
Authority
CN
China
Prior art keywords
communication node
quantum
session key
communication
service platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510968012.1A
Other languages
Chinese (zh)
Inventor
张博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xizang Chuangbo Tonghang Technology Co ltd
Original Assignee
Xizang Chuangbo Tonghang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xizang Chuangbo Tonghang Technology Co ltd filed Critical Xizang Chuangbo Tonghang Technology Co ltd
Priority to CN202510968012.1A priority Critical patent/CN120812582A/en
Publication of CN120812582A publication Critical patent/CN120812582A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/06Airborne or Satellite Networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本公开的实施例提供一种基于量子加密的数据传输方法及系统,该方法适于在基于量子加密的数据传输系统中执行,该系统包括第一通信节点、第二通信节点、通信平台和量子密码服务平台,该方法包括:第一通信节点向量子密码服务平台请求获取会话密钥;第一通信节点使用会话密钥对业务数据进行加密,将加密数据上传至通信平台;第二通信节点从通信平台获取加密数据,并向量子密码服务平台请求获取会话密钥;第二通信节点根据会话密钥对加密数据进行解密,获取明文数据。

Embodiments of the present disclosure provide a data transmission method and system based on quantum encryption. The method is suitable for execution in a data transmission system based on quantum encryption, the system including a first communication node, a second communication node, a communication platform, and a quantum cryptography service platform. The method includes: the first communication node requests a session key from the quantum cryptography service platform; the first communication node encrypts business data using the session key and uploads the encrypted data to the communication platform; the second communication node obtains the encrypted data from the communication platform and requests the session key from the quantum cryptography service platform; the second communication node decrypts the encrypted data according to the session key to obtain plaintext data.

Description

Quantum encryption-based data transmission method and system
Technical Field
The embodiment of the disclosure relates to the field of quantum communication, in particular to a data transmission method and system based on quantum encryption.
Background
Unmanned aerial vehicles can perform tasks in various complex environments, such as environmental monitoring, express delivery, disaster relief, and the like. However, in the processes of remote control, image transmission, data acquisition, etc., wireless communication technology is often relied on to transmit control instructions and acquired sensitive data. The data are subjected to network attack threats such as interception, tampering, counterfeiting and the like in the transmission process, so that serious safety problems such as information leakage, control failure and the like are caused. Traditional encryption communication methods, such as symmetric encryption and asymmetric encryption, can effectively protect confidentiality and integrity of data, but are gradually at risk of being cracked.
Quantum encryption communication is one of important applications of quantum information science, and can provide a safer solution for information transmission compared with the traditional encryption method by utilizing the characteristics of unclonability, unpredictability and the like of quantum mechanics. Based on Quantum Key Distribution (QKD) and a quantum encryption algorithm, the unmanned aerial vehicle communication system can realize quantum-level communication security, and the cracking risk of a traditional encryption mode is avoided. Therefore, quantum safety protection is provided for unmanned aerial vehicle communication by combining quantum communication with a traditional unmanned aerial vehicle communication system, and the method becomes an important technical research direction.
Currently, quantum cryptography is mainly applied to point-to-point key transmission and encryption between fixed communication nodes. However, there are often a large number of devices and ever changing session requirements in practical applications, and existing communication schemes cannot maintain security in a high dynamic and high frequency communication environment.
Disclosure of Invention
The embodiments described herein provide a data transmission method and system based on quantum encryption, by combining quantum encryption technology with a communication platform, and taking into account quantum key management and encrypted communication in a dynamic environment, so that quantum encryption can be performed not only between static ground sites, but also in a dynamic, easily-interfered mobile communication scenario.
According to a first aspect of the present disclosure, there is provided a data transmission method based on quantum encryption, which is suitable for being executed in a data transmission system based on quantum encryption, the system including a first communication node, a second communication node, a communication platform and a quantum cryptography service platform, the method including that the first communication node requests to acquire a session key from the quantum cryptography service platform, the first communication node encrypts service data using the session key to upload encrypted data to the communication platform, the second communication node acquires encrypted data from the communication platform and requests to acquire the session key from the quantum cryptography service platform, and the second communication node decrypts the encrypted data according to the session key to acquire plaintext data.
In some embodiments of the disclosure, the first communication node requesting to obtain the session key from the quantum cryptography service platform includes the first communication node initiating a network access request to the quantum cryptography service platform, the network access request including identity information of the first communication node, the quantum cryptography service platform authenticating the first communication node according to the identity information of the first communication node, the first communication node initiating a session key creation request to the quantum cryptography service platform after the authentication passes, the quantum cryptography service platform generating a session key according to the session key creation request through a quantum key distribution protocol and issuing the session key to the first communication node.
In some embodiments of the present disclosure, the first communication node requesting the quantum cryptography service platform for a session key further includes the quantum cryptography service platform generating a unique session ID for the session key creation request and storing the session ID in a key management database in association with the generated session key.
In some embodiments of the present disclosure, the second communication node obtains encrypted data from the communication platform, and the vector sub-password service platform requests to obtain a session key includes the second communication node sending a network access request to the vector sub-password service platform, the network access request including identity information of the second communication node, the quantum password service platform authenticating the second communication node according to the identity information of the second communication node, the second communication node initiating a session key query request to the vector sub-password service platform after the authentication passes, the session key query request including a session ID, and the quantum password service platform issuing a session key matched with the session ID to the second communication node according to the session ID.
In some embodiments of the disclosure, the method further comprises the steps that after the communication platform receives the encrypted data, the vector sub-password service platform sends a session key inquiry request, the session key inquiry request comprises a session ID (identity) bound with the session key and communication platform identity information, after the quantum password service platform receives the inquiry request, the identity of the communication platform is verified, after verification is passed, the corresponding session key is searched according to the session ID in the inquiry request, the quantum password service platform returns the generated session key to the communication platform, and the communication platform decrypts the encrypted data by using the session key acquired from the quantum password service platform.
According to a second aspect of the present disclosure, a data transmission system based on quantum cryptography is provided. The system comprises a communication platform, a quantum cryptography service platform, a first communication node and a second communication node, wherein the first communication node is used for sending an access request and a session key creation request by the vector sub cryptography service platform, acquiring a session key, encrypting service data by using the session key and uploading the encrypted data to the communication platform, the quantum cryptography service platform is used for generating a unique session ID for the session key creation request and binding the session ID with the generated session key and storing the session ID in a key management database, and the second communication node is used for acquiring the encrypted data from the communication platform, sending an access request and a session key inquiry request by the vector sub cryptography service platform, acquiring a session key corresponding to the session ID, decrypting the encrypted data according to the session key and acquiring plaintext data.
In some embodiments of the present disclosure, a communication platform provides a communication link between a first communication node and a second communication node, and a quantum cryptography service platform is used to generate, manage, distribute, and fill keys using quantum key distribution techniques, providing a quantum-resistant encryption algorithm for the communication link.
In some embodiments of the present disclosure, the first communication node and the second communication node have a built-in quantum security SDK for encrypting or decrypting the transmitted data according to the session key.
In some embodiments of the present disclosure, the first communication node and the second communication node are drones or terrestrial clients.
In some embodiments of the present disclosure, the quantum cryptography service platform is further configured to record an operation log including a key creation request, a key distribution process, and a key query request, and monitor abnormal behavior.
According to the data transmission method and system based on quantum encryption, the quantum encryption technology is combined with a traditional communication platform, and quantum key management and encryption communication under a dynamic environment are considered, so that quantum encryption can be performed between static ground sites and can be applied to a dynamic and easily-interfered mobile communication scene. The session key generation and management scheme based on quantum communication ensures that the security can be kept in a high-dynamic and high-frequency communication environment, and reduces the risk of key leakage.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the following brief description of the drawings of the embodiments will be given, it being understood that the drawings described below relate only to some embodiments of the present disclosure, not to limitations of the present disclosure, in which:
Fig. 1 is a schematic block diagram of a quantum-encryption-based data transmission system according to an embodiment of the present disclosure;
fig. 2 is an exemplary flow chart of a quantum-encryption-based data transmission method according to an embodiment of the disclosure.
It is noted that the elements in the drawings are schematic and are not drawn to scale.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings. It will be apparent that the described embodiments are some, but not all, of the embodiments of the present disclosure. All other embodiments, which can be made by those skilled in the art based on the described embodiments of the present disclosure without the need for creative efforts, are also within the scope of the protection of the present disclosure.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the presently disclosed subject matter belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the specification and relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein. In addition, terms such as "first" and "second" are used merely to distinguish one component (or portion of a component) from another component (or another portion of a component).
The key of the quantum encryption and decryption process is the secure transmission and management of the quantum key. The embodiment of the disclosure realizes data transmission between two or more communication nodes through the quantum key and the quantum encryption algorithm so as to prevent data leakage or tampering in the communication process.
Fig. 1 is a schematic block diagram of a quantum-encryption-based data transmission system according to an embodiment of the present disclosure. As shown in FIG. 1, the system comprises a communication platform, a quantum cryptography service platform, a first communication node and a second communication node, wherein the communication platform and the quantum cryptography service platform work cooperatively to realize the quantum security encryption and decryption protection of communication data.
The first communication node may send an access request and a session key creation request to the vector sub-password service platform, obtain a session key, encrypt service data using the session key, and upload the encrypted data to the communication platform. The data encrypted by using the quantum key cannot be cracked by an attacker even if it is intercepted in the transmission process, because the key is limited to be valid only between authorized devices and the security check is already performed at the time of quantum key distribution. The quantum cryptography service platform is used for generating a unique session ID for the session key creation request and storing the session ID and the generated session key in a key management database in a binding manner. The second communication node may acquire encrypted data from the communication platform, and the vector sub-password service platform sends an access request and a session key query request to acquire a session key corresponding to the session ID, and decrypt the encrypted data according to the session key to acquire plaintext data. This ensures that the session keys at both ends are symmetrical and can be used for encryption and decryption.
The communication platform provides a communication link between the first communication node and the second communication node, and ensures the smoothness of data transmission. The encrypted data is uploaded to the communication platform so that the data can be transmitted through the network, but since the data is encrypted, an attacker cannot directly acquire the data content even if the attacker intercepts the data.
The quantum cryptography service platform uses a quantum key distribution technology to generate, manage, distribute and fill keys, provides a quantum resistance encryption algorithm for a communication link, and supports various encryption protocols, such as a quantum security key exchange protocol, a quantum digital signature and the like, so as to adapt to different application scenes. The quantum key distribution technology utilizes the unclonability and quantum unreliability of the quantum state to ensure that the key cannot be stolen or tampered in the transmission process. The session key will be used for subsequent data encryption and decryption. If the communication platform needs to access the data stored in the cloud or local, the vector sub-password service platform can initiate a query request to obtain a session key corresponding to the current session ID. Once the session key is obtained, the platform can decrypt the data and perform the relevant operations using the session key.
The first communication node may be a drone, a terrestrial client, or other device with communication capabilities. The second communication node may also be a drone, a terrestrial client, or other device. It should be noted that the number of communication nodes shown in fig. 1 is merely exemplary, and the communication nodes may be extended according to actual network requirements. For example, the communication platform may access graphical, remote and task data of multiple unmanned aerial vehicles, provide a secure authentication interface, a data upload interface, a ciphertext data download interface, and the like.
In each communication node, a quantum security SDK (quantum security software development kit) is integrated, capable of providing quantum computing-related encryption algorithms, protocols, and API interfaces. The quantum security SDK provides support for a quantum encryption algorithm for the node, ensures that the encryption mode used in the data transmission process meets quantum resistance, and can resist potential quantum attack.
According to one embodiment of the present disclosure, the quantum cryptography service platform may also record an operation log including a key creation request, a key distribution process, and a key inquiry request, and monitor abnormal behavior. For example, when a communication node requests generation of a new key, the platform records information such as the time of the request, the identity of the requester, the type of key requested, and the length of the key. Each time a key is successfully or unsuccessfully distributed, the time of key distribution, the communication link, the quantum channel used by the key (e.g., quantum key distribution protocol) is recorded. And dynamically updating the key according to the abnormal detection result, and triggering a re-key program immediately if the risk of key leakage occurs.
Fig. 2 illustrates an exemplary flow chart of a quantum-encryption-based data transmission method according to an embodiment of the disclosure. First, S1, a first communication node requests a quantum cryptography service platform to acquire a session key.
According to one embodiment of the present disclosure, to ensure that a first communication node is able to securely connect to a network and access a communication platform, the first communication node first initiates a network access request to the vector sub-password service platform, the network access request comprising identity information of the first communication node, such as a device ID, a device type, a device location, an authentication key or other form of identity identifier, etc.
And the quantum cryptography service platform authenticates the first communication node according to the identity information of the first communication node. For example, the quantum cryptography service platform checks whether the first communication node is a registered legitimate device by comparing authentication information stored in the platform database. After passing the authentication, the first communication node initiates a session key creation request to the vector sub-cipher service platform. And the quantum cryptography service platform generates a session key through a quantum key distribution protocol according to the session key creation request and transmits the session key to the first communication node. The generated session key is transmitted through a quantum key distribution protocol, and any monitoring or tampering actions of a third party can be detected in the quantum key distribution process. The session key for each communication session is unique and protected by quantum cryptography such that an attacker cannot decrypt the data without the key.
To effectively manage the association of keys and communication sessions, the quantum cryptography service platform generates a unique session ID for a session key creation request and stores the session ID in a key management database in association with the generated session key. For example, the session ID is created based on a time stamp, random number generation, or a hash algorithm, or the like. The generated session ID and the corresponding session key are stored in a quantum key management database or session management module. By binding the session ID with the session key, the lifecycle of the session key can be efficiently managed. For example, when a session ends, the associated session key and session ID are destroyed, ensuring that the key is not compromised. In this way, the quantum cryptography service platform can query and confirm the corresponding session key through the session ID in the subsequent communication process, without repeatedly generating a new key. If a plurality of sessions are performed simultaneously in communication, the system can distinguish and manage each session key through different session IDs, so that the concurrency processing capability of the system is improved.
S2, the first communication node encrypts the service data by using the session key, and uploads the encrypted data to the communication platform.
The first communication node may send service data to be sent, such as sensor data, control signals, log information, etc. of the unmanned aerial vehicle. The first communication node adopts a quantum resistance encryption algorithm, performs encryption conversion on service data based on the acquired session key, and converts the original data into unreadable ciphertext. The encrypted data is encapsulated into a data packet or message format with some necessary metadata (e.g., session ID, timestamp, data type identifier, etc.) to help the communication platform identify the data content and manner of processing. The first communication node uploads the encrypted data to the communication platform for storage or forwarding via a secure network protocol (e.g., TLS/SSL, quantum security protocol, etc.).
S3, the second communication node acquires encrypted data from the communication platform and requests to acquire a session key from the vector sub-password service platform.
According to one embodiment of the present disclosure, the second communication node transmits a network access request to the vector child cryptographic service platform, the network access request including identity information of the second communication node, the identity information including a device ID, a device type, a location, etc. of the node. And the quantum cryptography service platform authenticates the second communication node according to the identity information of the second communication node, so that only the authorized equipment can access the session key.
After passing the authentication, the second communication node initiates a session key query request containing a session ID (which may be generated by the first communication node and sent to the second communication node) to the vector child cryptographic service platform. And the quantum cryptography service platform issues the matched session key to the second communication node according to the session ID. The transmission of the key uses quantum key distribution techniques to prevent interception or tampering. The session key is unique for each session and the session ID is valid only for the validity period, once the session ends or exceeds the validity period, the session ID will be invalidated, which makes it impossible to re-use the same key for decryption even if an attacker acquires the encrypted data. This dynamic key generation mechanism reduces the chance of an attacker attacking by cracking or guessing the key.
S4, the second communication node decrypts the encrypted data according to the session key to obtain plaintext data.
The decryption process ensures confidentiality of data through a session key and a quantum encryption security mechanism. Only legitimate communication nodes, such as the second communication node, can successfully decrypt the data, which avoids the risk of data leakage or theft halfway.
According to one embodiment of the present disclosure, the communication platform may send a session key query request to the vector sub-cryptographic service platform after receiving the encrypted data, the session key query request including a session ID and communication platform identity information bound to the session key. After receiving the inquiry request, the quantum cryptography service platform verifies the identity of the communication platform, and after verification, the corresponding session key is retrieved according to the session ID in the inquiry request. And the quantum cryptography service platform returns the generated session key to the communication platform. The communication platform decrypts the encrypted data using the session key obtained from the quantum cryptography service platform. The decrypted plaintext data may be further processed or used as desired. For example, exposing data to a user, storing data, or other business logic operations.
In summary, according to the data transmission method and system based on quantum encryption in the embodiments of the present disclosure, by combining the quantum key management platform with the conventional communication platform, seamless docking between data encryption and key management is realized, and quantum key management and encryption communication under a dynamic environment are considered, so that quantum encryption can be performed not only between static ground sites, but also in a dynamic and easily-interfered mobile communication scenario. The session key generation and management scheme based on quantum communication ensures that the security can be kept in a high-dynamic and high-frequency communication environment, and reduces the risk of key leakage.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As used herein and in the appended claims, the singular forms of words include the plural and vice versa, unless the context clearly dictates otherwise. Thus, when referring to the singular, the plural of the corresponding term is generally included. Similarly, the terms "comprising" and "including" are to be construed as being inclusive rather than exclusive. Likewise, the terms "comprising" and "or" should be interpreted as inclusive, unless such an interpretation is expressly prohibited herein. Where the term "example" is used herein, particularly when it follows a set of terms, the "example" is merely exemplary and illustrative and should not be considered exclusive or broad.
Further aspects and scope of applicability will become apparent from the description provided herein. It is to be understood that various aspects of the application may be implemented alone or in combination with one or more other aspects. It should also be understood that the description and specific examples are intended for purposes of illustration only and are not intended to limit the scope of the present disclosure.
While several embodiments of the present disclosure have been described in detail, it will be apparent to those skilled in the art that various modifications and variations can be made to the embodiments of the present disclosure without departing from the spirit and scope of the disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (10)

1.一种基于量子加密的数据传输方法,适于在基于量子加密的数据传输系统中执行,所述系统包括第一通信节点、第二通信节点、通信平台和量子密码服务平台,其特征在于,所述方法包括:1. A data transmission method based on quantum encryption, suitable for execution in a data transmission system based on quantum encryption, the system comprising a first communication node, a second communication node, a communication platform, and a quantum cryptography service platform, characterized in that the method comprises: 第一通信节点向量子密码服务平台请求获取会话密钥;The first communication node requests the quantum cryptography service platform to obtain a session key; 所述第一通信节点使用所述会话密钥对业务数据进行加密,将加密数据上传至通信平台;The first communication node encrypts the service data using the session key and uploads the encrypted data to the communication platform; 第二通信节点从所述通信平台获取所述加密数据,并向所述量子密码服务平台请求获取会话密钥;The second communication node obtains the encrypted data from the communication platform and requests the session key from the quantum cryptography service platform; 所述第二通信节点根据所述会话密钥对所述加密数据进行解密,获取明文数据。The second communication node decrypts the encrypted data according to the session key to obtain plaintext data. 2.根据权利要求1所述的基于量子加密的数据传输方法,其特征在于,所述第一通信节点向量子密码服务平台请求获取会话密钥包括:2. The data transmission method based on quantum encryption according to claim 1, wherein the first communication node requests the quantum cryptography service platform to obtain the session key, comprising: 第一通信节点向量子密码服务平台发起入网请求,所述入网请求包括第一通信节点的身份信息;The first communication node initiates a network access request to the quantum cryptography service platform, wherein the network access request includes identity information of the first communication node; 所述量子密码服务平台根据所述第一通信节点的身份信息对所述第一通信节点进行鉴权认证;The quantum cryptography service platform authenticates the first communication node according to the identity information of the first communication node; 在鉴权通过后,所述第一通信节点向所述量子密码服务平台发起会话密钥创建请求;After authentication is passed, the first communication node initiates a session key creation request to the quantum cryptography service platform; 所述量子密码服务平台根据所述会话密钥创建请求,通过量子密钥分发协议生成会话密钥,并将所述会话密钥下发至所述第一通信节点。The quantum cryptography service platform generates a session key through a quantum key distribution protocol according to the session key creation request, and sends the session key to the first communication node. 3.根据权利要求2所述的基于量子加密的数据传输方法,其特征在于,所述第一通信节点向量子密码服务平台请求获取会话密钥还包括:3. The data transmission method based on quantum encryption according to claim 2, wherein the first communication node requests the quantum cryptography service platform to obtain the session key further comprising: 所述量子密码服务平台为所述会话密钥创建请求生成唯一的会话ID,并将所述会话ID与生成的会话密钥绑定存储在密钥管理数据库中。The quantum cryptography service platform generates a unique session ID for the session key creation request, and stores the session ID in a key management database in a binding relationship with the generated session key. 4.根据权利要求3所述的基于量子加密的数据传输方法,其特征在于,所述第二通信节点从所述通信平台获取所述加密数据,并向所述量子密码服务平台请求获取会话密钥包括:4. The data transmission method based on quantum encryption according to claim 3, wherein the second communication node obtains the encrypted data from the communication platform and requests the session key from the quantum cryptography service platform, comprising: 所述第二通信节点向所述量子密码服务平台发送入网请求,所述入网请求包括第二通信节点的身份信息;The second communication node sends a network access request to the quantum cryptography service platform, where the network access request includes identity information of the second communication node; 所述量子密码服务平台根据所述第二通信节点的身份信息对所述第二通信节点进行鉴权认证;The quantum cryptography service platform authenticates the second communication node according to the identity information of the second communication node; 在鉴权通过后,所述第二通信节点向所述量子密码服务平台发起会话密钥查询请求,所述会话密钥查询请求包含会话ID;After authentication is passed, the second communication node initiates a session key query request to the quantum cryptography service platform, where the session key query request includes a session ID; 所述量子密码服务平台根据所述会话ID,将与之匹配的会话密钥下发至所述第二通信节点。The quantum cryptography service platform sends the session key matching the session ID to the second communication node according to the session ID. 5.根据权利要求1所述的基于量子加密的数据传输方法,其特征在于,所述方法还包括:5. The data transmission method based on quantum encryption according to claim 1, characterized in that the method further comprises: 通信平台接收到所述加密数据后,向所述量子密码服务平台发送会话密钥查询请求,所述会话密钥查询请求包含与会话密钥绑定的会话ID和通信平台身份信息;After receiving the encrypted data, the communication platform sends a session key query request to the quantum cryptography service platform, where the session key query request includes a session ID bound to the session key and the communication platform identity information; 所述量子密码服务平台接收到查询请求后,对所述通信平台的身份进行验证,验证通过后根据查询请求中的会话ID,检索对应的会话密钥;After receiving the query request, the quantum cryptography service platform verifies the identity of the communication platform, and after the verification is successful, retrieves the corresponding session key according to the session ID in the query request; 所述量子密码服务平台将生成的会话密钥返回给所述通信平台;The quantum cryptography service platform returns the generated session key to the communication platform; 所述通信平台使用从所述量子密码服务平台获取的会话密钥对所述加密数据进行解密。The communication platform decrypts the encrypted data using the session key obtained from the quantum cryptography service platform. 6.一种基于量子加密的数据传输系统,其特征在于,包括:通信平台、量子密码服务平台、第一通信节点和第二通信节点,所述第一通信节点用于向所述量子密码服务平台发送入网请求和会话密钥创建请求,获取会话密钥,使用所述会话密钥对业务数据进行加密,并将加密数据上传至所述通信平台;所述量子密码服务平台用于为所述会话密钥创建请求生成唯一的会话ID,并将所述会话ID与生成的会话密钥绑定存储在密钥管理数据库中;所述第二通信节点用于从所述通信平台获取所述加密数据,并向所述量子密码服务平台发送入网请求和会话密钥查询请求,获取会话ID对应的会话密钥,并根据所述会话密钥对所述加密数据进行解密,获取明文数据。6. A data transmission system based on quantum encryption, characterized in that it includes: a communication platform, a quantum cryptography service platform, a first communication node and a second communication node, wherein the first communication node is used to send a network access request and a session key creation request to the quantum cryptography service platform, obtain a session key, use the session key to encrypt business data, and upload the encrypted data to the communication platform; the quantum cryptography service platform is used to generate a unique session ID for the session key creation request, and bind the session ID and the generated session key and store them in a key management database; the second communication node is used to obtain the encrypted data from the communication platform, and send a network access request and a session key query request to the quantum cryptography service platform, obtain the session key corresponding to the session ID, and decrypt the encrypted data according to the session key to obtain plaintext data. 7.根据权利要求6所述的基于量子加密的数据传输系统,其特征在于,所述通信平台为所述第一通信节点与第二通信节点之间提供通信链路,所述量子密码服务平台用于使用量子密钥分发技术生成、管理、分发和充注密钥,为所述通信链路提供量子抗性加密算法。7. The data transmission system based on quantum encryption according to claim 6 is characterized in that the communication platform provides a communication link between the first communication node and the second communication node, and the quantum cryptography service platform is used to use quantum key distribution technology to generate, manage, distribute and inject keys, and provide a quantum-resistant encryption algorithm for the communication link. 8.根据权利要求6所述的基于量子加密的数据传输系统,其特征在于,所述第一通信节点和第二通信节点内置量子安全SDK,用于根据所述会话密钥对传输数据进行加密或解密。8. The data transmission system based on quantum encryption according to claim 6 is characterized in that the first communication node and the second communication node have built-in quantum security SDKs for encrypting or decrypting transmitted data according to the session key. 9.根据权利要求6所述的基于量子加密的数据传输系统,其特征在于,所述第一通信节点和所述第二通信节点为无人机或地面客户端。9. The data transmission system based on quantum encryption according to claim 6, characterized in that the first communication node and the second communication node are drones or ground clients. 10.根据权利要求6所述的基于量子加密的数据传输系统,其特征在于,所述量子密码服务平台还用于记录包括密钥创建请求、密钥分发过程和密钥查询请求的操作日志,并对异常行为进行监控。10. The data transmission system based on quantum encryption according to claim 6 is characterized in that the quantum cryptography service platform is also used to record operation logs including key creation requests, key distribution processes and key query requests, and monitor abnormal behaviors.
CN202510968012.1A 2025-07-14 2025-07-14 Quantum encryption-based data transmission method and system Pending CN120812582A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510968012.1A CN120812582A (en) 2025-07-14 2025-07-14 Quantum encryption-based data transmission method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510968012.1A CN120812582A (en) 2025-07-14 2025-07-14 Quantum encryption-based data transmission method and system

Publications (1)

Publication Number Publication Date
CN120812582A true CN120812582A (en) 2025-10-17

Family

ID=97309812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510968012.1A Pending CN120812582A (en) 2025-07-14 2025-07-14 Quantum encryption-based data transmission method and system

Country Status (1)

Country Link
CN (1) CN120812582A (en)

Similar Documents

Publication Publication Date Title
US11316677B2 (en) Quantum key distribution node apparatus and method for quantum key distribution thereof
KR101130415B1 (en) A method and system for recovering password protected private data via a communication network without exposing the private data
US20210119781A1 (en) Systems and methods for re-using cold storage keys
US20180063105A1 (en) Management of enciphered data sharing
JP2022542095A (en) Hardened secure encryption and decryption system
CN112597523B (en) File processing method, file conversion encryption machine, terminal, server and medium
US7725716B2 (en) Methods and systems for encrypting, transmitting, and storing electronic information and files
CN113779619B (en) Ceph distributed object storage system encryption and decryption method based on cryptographic algorithm
US20020021804A1 (en) System and method for data encryption
US20210112039A1 (en) Sharing of encrypted files without decryption
TW202231014A (en) Message transmitting system, user device and hardware security module for use therein
US20250260559A1 (en) Transmission of secure information in a content distribution network
CN114826702B (en) Database access password encryption method, device and computer equipment
JP2022522555A (en) Secure message delivery using semi-trusted relayers
IL323758A (en) Data storage and retrieval system using multi-layer encryption
CN118331787A (en) Data backup method, system, electronic device and storage medium
CN120812582A (en) Quantum encryption-based data transmission method and system
CN114945170A (en) Mobile terminal file transmission method based on commercial cipher algorithm
CN116599771B (en) Data hierarchical protection transmission method and device, storage medium and terminal
CN111431846A (en) Method, device and system for data transmission
US12406075B1 (en) System and method for scalable stream encryption and decryption
EP1387522A2 (en) Apparatus and method for securing a distributed network
CN119203118A (en) An encryption method and system for national secret Ceph block storage based on quantum key
CN117768119A (en) A searchable encrypted identity authentication method based on semi-quantum entanglement
TW202504293A (en) Backup system and backup method for instant messaging service data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination