CN117666977A - Global quantum security printing system and working method thereof - Google Patents
Global quantum security printing system and working method thereof Download PDFInfo
- Publication number
- CN117666977A CN117666977A CN202311668078.6A CN202311668078A CN117666977A CN 117666977 A CN117666977 A CN 117666977A CN 202311668078 A CN202311668078 A CN 202311668078A CN 117666977 A CN117666977 A CN 117666977A
- Authority
- CN
- China
- Prior art keywords
- quantum
- data
- identity
- printer
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 claims description 26
- 238000004364 calculation method Methods 0.000 claims description 13
- 239000000284 extract Substances 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 8
- 239000000306 component Substances 0.000 description 4
- 101150035983 str1 gene Proteins 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006378 damage Effects 0.000 description 2
- 238000003384 imaging method Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1202—Dedicated interfaces to print systems specifically adapted to achieve a particular effect
- G06F3/1222—Increasing security of the print job
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
- G06F21/608—Secure printing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1223—Dedicated interfaces to print systems specifically adapted to use a particular technique
- G06F3/1237—Print job management
- G06F3/1238—Secure printing, e.g. user identification, user rights for device usage, unallowed content, blanking portions or fields of a page, releasing held jobs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1278—Dedicated interfaces to print systems specifically adapted to adopt a particular infrastructure
- G06F3/1285—Remote printer device, e.g. being remote from client or server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Electromagnetism (AREA)
- Computing Systems (AREA)
- Accessory Devices And Overall Control Thereof (AREA)
Abstract
The invention discloses a global quantum security printing system and a working method thereof. The method comprises the following steps: the quantum security printer and the quantum security terminal register identities to the quantum CA to obtain quantum identities, after the quantum security printer is started, the quantum security terminal and the quantum CA authenticate the identities of the quantum security printer, then the quantum security terminal sends data to be printed to the quantum security printer, after the identities of the quantum security printer and the quantum CA authenticate the identities of the quantum security terminal successfully, the quantum security printer authenticates the data to be printed, and after the authentication succeeds, data printing is carried out. According to the invention, a quantum execution environment is constructed, so that the safety of information is effectively ensured; the invention has the advantages of adding the identity recognition function and the data authentication function, ensuring the legal source of the data information and ensuring the authenticity of the data information.
Description
Technical Field
The invention relates to the field of information security, in particular to a global quantum security printing system and a working method thereof.
Background
Modern printers are becoming more intelligent and networked, and printing services are becoming increasingly available everywhere, as electronic products require power and are difficult to store for decades, and printing services continue to exist in large numbers for a short period of time. The security of the printing business relates to a plurality of matters such as the security of printer hardware equipment, the security of information circulation, the security of power fittings, the security of environment and the like.
Existing printing systems generally include three major components, namely a data source, a network transport, and a printer.
Data source: generally, a computer (intelligent terminal equipment such as a computer and a mobile phone) is easy to attack, so that data which does not enter a printing link is divulged easily.
Network transmission: in the information transmission stage, risks such as monitoring, interception and tampering are easy to occur.
A printer: the security of the internal data is not effectively guaranteed, and the data authentication capability is also lacked, so that the authenticity of the data is questioned, and the identity authentication capability is also lacked, so that the validity of the data source cannot be determined. Taking a laser printer as an example, a traditional laser printer can comprise a power supply system, a direct current control system, an interface system, a laser scanning system, an imaging system and a paper rubbing system, wherein the systems are directly communicated, data between any two systems is clamped, so that the information security involved in the printer is threatened, and the data authentication capability is also lacked, so that the authenticity of the data is questioned, and meanwhile, the identity authentication capability is also lacked, and the legality of the data source cannot be determined.
Disclosure of Invention
The invention aims to: the invention aims to provide a global quantum security printing system and a working method thereof, which solve the information security problem existing in the working and use processes of the current printer. According to the invention, a quantum execution environment is constructed, so that the safety of information is effectively ensured; the invention has the advantages that the identity recognition function is added, the legality of the source of the data information is ensured, and the safety of the information is further improved; the invention increases the data authentication function, so that the authenticity of the data information is ensured.
The technical scheme is as follows: the system comprises a quantum security terminal, a quantum security printer, a quantum CA and a quantum key base station, wherein the quantum security terminal and the quantum security printer are respectively connected with the quantum CA and the quantum key base station, the quantum CA and the quantum key base station are connected with each other, and the quantum security terminal and the quantum security printer are connected with each other;
the quantum security terminal is used for generating data to be printed and authenticating the identity of the quantum security printer;
the quantum CA is used for issuing and authenticating the identity;
the quantum key base station is used for generating and distributing quantum keys;
the quantum security printer is used for executing data printing and comprises a network communication module, a quantum execution module and a data printing module which are sequentially connected;
the network communication module is used for executing data communication between the quantum security printer and external equipment;
the quantum execution module is used for authenticating the data to be printed and authenticating the identity of the quantum security terminal;
the data printing module is used for receiving the authenticated data and executing printing.
Further, the quantum execution module comprises a quantum encryption and decryption module, a quantum key management module and a quantum identity authentication module, wherein the quantum encryption and decryption module is respectively connected with the quantum key management module, the network communication module and the data printing module, the quantum key management module is mutually connected with the network communication module, and the quantum identity authentication module is respectively connected with the network communication module and the quantum key management module;
the quantum key management module is used for generating and distributing quantum keys;
an encryption algorithm is preset in the quantum encryption and decryption module and is used for encrypting, decrypting and authenticating data;
the quantum identity authentication module is used for identity authentication of the quantum security terminal.
Further, the quantum execution module further comprises a printing history management module, wherein the printing history management module is connected with the quantum encryption and decryption module and is used for storing data to be printed and storing printing history records.
Further, the quantum security terminal, the quantum CA and the quantum key management module are preset with the same key pool.
A method of operating a global quantum security printing system, the method comprising the steps of:
step one, a quantum security printer and a quantum security terminal register identities of quantum CA, and the quantum CA issues a quantum identity ID to the quantum security printer a Quantum CA vector quantum security terminal issues quantum identity ID b After the issuance is completed, the quantum security printer and the quantum CA both store the quantum identity ID a The quantum security terminal and the quantum CA both store the quantum identity ID b ;
Step two, the quantum security printer performs user identity authentication, and after the user identity authentication is successful, the quantum security printer is started;
step three, quantum security terminal and quantum CA are based on quantum identity ID a Carrying out identity authentication on the quantum security printer, and after the identity authentication of the quantum security printer by the quantum security terminal and the quantum CA is passed, sending data to be printed to the quantum security printer by the quantum security terminal;
step four, quantum security printer and quantum CA based on quantum identity ID b The identity authentication is carried out on the quantum security terminal, after the identity authentication of the quantum security terminal is passed by the quantum security printer and the quantum CA,and authenticating the received data to be printed by the quantum security printer, and printing the data to be printed after the authentication of the data to be printed is passed.
Further, the method further comprises:
step five, after the printing of the data is finished, the quantum security printer performs user identity authentication, and after the user identity authentication is successful, the quantum security printer is powered off;
in the second step and the fifth step, the quantum security printer performs user identity authentication through a biological recognition method.
Further, in the third step, the quantum identity ID a Including public identity ID 1 And privacy identity ID 2 The quantum security terminal and the quantum CA are based on quantum identity ID a The process of identity authentication for the quantum security printer is as follows:
flow a1, quantum security printer based on local privacy identity ID 2 Generating a Disposable identity OTID 1 Quantum CA based on local privacy identity ID 2 Generating a Disposable identity OTID 2 ;
Flow a2, quantum security printer based on local public identity ID 1 Disposable identity OTID 1 Generating a file Sign, and authenticating the identity of the quantum security printer based on the file Sign, the quantum security terminal and the quantum CA;
after the process a3, the quantum security terminal and the quantum CA pass through the identity authentication of the quantum security printer, the quantum security terminal sends data to be printed to the quantum security printer.
Further, in the fourth step, the quantum identity ID b Including public identity ID 3 And privacy identity ID 4 The quantum security printer and the quantum CA are based on quantum identity ID b The process of identity authentication for the quantum security terminal is as follows:
flow b1, quantum security terminal based on local privacy identity ID 4 Generating a Disposable identity OTID 3 Quantum CA based on local privacy identity ID 4 Generating a one-time identityOTID 4 ;
Flow b2, quantum security terminal based on local public identity ID 3 Disposable identity OTID 3 Generating a file Sign , Based on file Sign ′ The quantum security printer and the quantum CA authenticate the identity of the quantum security terminal;
and after the process b3, the quantum security printer and the quantum CA pass the identity authentication of the quantum security terminal, the quantum security printer authenticates the received data to be printed.
Further, in the third step, the sending, by the quantum security terminal, data to be printed to the quantum security printer further includes:
the quantum security terminal performs hash calculation on data to be printed to obtain a hash value H (data), and locally extracts a quantum key r to encrypt the data to be printed and the hash value H (data) to obtain encrypted dataAnd recording the position identification of the quantum key r, and then encrypting the dataAnd the position identification of the secret key r is sent to the quantum security printer.
Further, in the fourth step, the authenticating the received data to be printed by the quantum security printer further includes:
the quantum encryption and decryption module in the quantum security printer receives encrypted data r [ data, H (data) ] from the quantum security terminal]The quantum encryption and decryption module sends a request g for obtaining a quantum key and a position identifier of the key r to the quantum key management module, the quantum key management module obtains the key at a corresponding position from a local key Chi La according to the position identifiers of the request g and the key r and sends an obtained key r 'to the quantum encryption and decryption module, and the quantum encryption and decryption module encrypts data by using the key r'Decrypting to obtain data to be printed and a hash value H (data) ', performing hash calculation on the decrypted data to be printed to obtain a hash value H (data)', comparing the calculated hash value H (data) 'with the decrypted hash value H (data)', if the comparison is equal, authenticating the decrypted data to be printed, otherwise, authenticating the data to be printed, and if the comparison is not equal, authenticating the data to be printed;
after the authentication of the data to be printed obtained after decryption passes, the quantum encryption and decryption module sends the data to be printed data to the printing history management module and the data printing module, the data printing module receives the data to be printed data 'and performs data printing, and the printing history management module stores the received data to be printed data' and also stores printing history records.
The invention has the beneficial effects that:
1. according to the invention, a quantum execution environment is built based on the quantum execution module, so that the safety isolation of hardware and software is realized, various software attacks can be effectively defended, and the safety of information is effectively ensured;
2. the invention realizes the identity authentication function based on the quantum execution module, ensures that the source of data information is legal, and further improves the safety of the information;
3. the invention realizes the data authentication function based on the quantum execution module, so that the authenticity of the data information is ensured;
4. the invention adopts the quantum key to encrypt and decrypt the data information, and the quantum key is one-time pad, thereby ensuring the safety in the data information transmission process.
Drawings
FIG. 1 is a schematic diagram of the structural components of a global quantum security printing system according to the present invention;
FIG. 2 is a schematic diagram of the structural components of the quantum security printer of the present invention;
FIG. 3 is a block diagram illustrating steps of a method of operating a global quantum security printing system according to the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples:
existing printing systems generally include three major components, namely a data source, a network transport, and a printer. Data source: generally, a computer (intelligent terminal equipment such as a computer and a mobile phone) is adopted, and a common terminal is easy to attack, so that data which does not enter a printing link is divulged; network transmission: in the information transmission stage, risks such as monitoring, interception and tampering are easy to occur; a printer: the security of the internal data is not effectively guaranteed, and the data authentication capability is also lacked, so that the authenticity of the data is questioned, and the identity authentication capability is also lacked, so that the validity of the data source cannot be determined.
Taking a laser printer as an example, a traditional laser printer can comprise a power supply system, a direct current control system, an interface system, a laser scanning system, an imaging system and a paper rubbing system, wherein the systems are directly communicated, data between any two systems is clamped, so that the information security involved in the printer is threatened, and the data authentication capability is also lacked, so that the authenticity of the data is questioned, and meanwhile, the identity authentication capability is also lacked, and the legality of the data source cannot be determined. The interface system is used as a bridge connected with the printer and the computer and is responsible for translating the data in a certain format transmitted by the computer into a format which can be processed by the DC board and transmitting the data to the DC board. DC boards are direct current control systems that are used primarily to coordinate and control operation between the various systems of the printer, such as: data is received from the interface system, and the laser scanning unit, the test sensor, the AC/DC distribution, the overvoltage/undercurrent protection, the energy-saving mode, the high-voltage power distribution and the like are driven and controlled.
According to the invention, the quantum execution module is deployed in the interface system, the quantum execution environment is constructed based on the quantum execution module, the integrated safety isolation of software and hardware is realized, various software attacks can be effectively defended, the data safety is ensured, and meanwhile, the data authenticity is ensured and the legal source of the data is ensured due to the data authentication capability and the identity authentication capability of the quantum execution module.
The core components, chips, operating systems and APP used by the common PC or mobile terminal are various in sources, and the existence of the backdoor and the vulnerability of the hardware or the software can possibly lead to data disclosure, such as: 1. application software attack, namely stealing information input by a user keyboard through an input method, and completely bypassing antivirus software; 2. when the operating system attacks, the operating system collects various error logs and reports the error logs actively, and simultaneously reports the privacy data of the user; 3. and under the attack of a hardware chip, the CPU autonomously transmits data to a manufacturer.
The invention upgrades the common PC or mobile terminal into the quantum security terminal, the quantum security terminal has a unique gateway connected with the external Internet or private network, and all incoming and outgoing data can be forcedly quantum encrypted and decrypted.
As shown in fig. 1, the invention provides a global quantum security printing system, which comprises a quantum security terminal, a quantum security printer, a quantum CA and a quantum key base station, wherein the quantum security terminal and the quantum security printer are respectively connected with the quantum CA and the quantum key base station, the quantum CA is connected with the quantum key base station, and the quantum security terminal is connected with the quantum security printer.
The quantum security terminal is used for generating data to be printed and authenticating the identity of the quantum security printer. The quantum security terminal may include a network communication module that performs data communication externally, a quantum execution module, and a print data generation module. The printing data generation module is used for generating or generating the data to be printed in the invention; the quantum execution module in the quantum security terminal is the same as the quantum execution module in the quantum security printer and is used for encrypting and decrypting data, acquiring the quantum identity of the quantum security terminal from the quantum CA, presetting a key pool at the quantum key base station, authenticating the identity of the quantum security printer, authenticating the quantum security terminal by matching the quantum security printer and the quantum CA, and authenticating the data to be printed by matching the quantum security printer.
Quantum CA is used for the issuance and authentication of identities. The quantum CA of the present invention may be, for example, a CA authentication center as mentioned in the patent digital certificate generation, identity authentication method, and quantum CA authentication center and system (202210185146.2).
The quantum key base station is used for generating and distributing the quantum key. The quantum key base station of the present invention may be, for example, a key management system as mentioned in a quantum security key distribution method and system (202211092604.4).
As shown in fig. 2, the quantum security printer is used for executing data printing, and comprises a network communication module, a quantum execution module and a data printing module which are sequentially connected.
The network communication module is respectively connected with the quantum security terminal, the quantum CA and the quantum key base station and is used for network communication.
The data printing module is used for receiving the authenticated data and executing printing.
The quantum execution module is used for authenticating the data to be printed and authenticating the identity of the quantum security terminal.
The quantum execution module comprises a quantum encryption and decryption module, a quantum key management module and a quantum identity authentication module, wherein the quantum encryption and decryption module is respectively connected with the quantum key management module, the network communication module and the data printing module, the quantum key management module is mutually connected with the network communication module, and the quantum identity authentication module is respectively connected with the network communication module and the quantum key management module.
The quantum execution module further comprises a printing history management module, wherein the printing history management module is connected with the quantum encryption and decryption module and is used for storing data to be printed and storing printing history records.
The quantum encryption and decryption module, the quantum key management module and the quantum identity authentication module all realize external communication through the network communication module, and the quantum encryption and decryption module and the quantum identity authentication module all acquire a quantum key from the quantum key management module.
The quantum key management module is mainly used for generating and distributing quantum keys. In the invention, the quantum key management module also performs security inspection of the quantum key and destruction of the quantum key. The quantum key management module can generate true random numbers through a key system distributed by a QKD single photon mode or through light quanta preset under a physical line, wherein the preset keys comprise an online mode and an offline mode, the online mode comprises a USB flash disk and the like, the online mode comprises the transmission of keys from a special quantum key transmission network, for example, the quantum key management module is connected with a quantum key base station through a network communication module, and the quantum key management module can acquire keys or complementary keys from the quantum key base station. The security check of the quantum key is to ensure the consistency of the source key and the receiver key. Key destruction is deletion after one use of the session key.
The quantum key management module, the quantum security terminal and the quantum CA all acquire the quantum key from the quantum key base station, so that the same key pool is preset, and the subsequent key pool is also supplemented by the quantum key base station.
The quantum encryption and decryption module is preset with an encryption algorithm for encrypting and decrypting data and authenticating data. The quantum encryption and decryption module encrypts data to be transmitted or decrypts the received data through quantum key and one-time pad, and simultaneously authenticates data consistency through hash algorithm.
The quantum identity authentication module is used for identity authentication of the quantum security terminal. Before the quantum security printer is started to print data, the quantum security terminal and the quantum CA need to authenticate the identity of the quantum security printer, and after the authentication is passed, the quantum security printer can receive the data to be printed. After receiving the data to be printed, the quantum security printer and the quantum CA need to authenticate the identity of the quantum security terminal. The quantum security printer realizes the authentication of the identity of the quantum security printer through the quantum identity authentication module and the authentication of the identity of the subsequent quantum security terminal.
The printing history management module is used for storing data to be printed and storing printing history records. The printing history record comprises the number of printing files, printing time, printing document titles and the like, and is convenient for subsequent tracking and searching. The printing history management module is deployed in the quantum execution module, can only read the stored data and cannot modify the stored data, so that the non-tamper property and the security of the stored printing data content and the printing history record can be ensured.
As shown in fig. 3, the present invention further proposes a working method of the global quantum security printing system, which includes the following steps:
step one, a quantum security printer and a quantum security terminal register identities of quantum CA, and the quantum CA issues a quantum identity ID to the quantum security printer a Quantum CA vector quantum security terminal issues quantum identity ID b After the issuance is completed, the quantum security printer and the quantum CA both store the quantum identity ID a The quantum security terminal and the quantum CA both store the quantum identity ID b 。
The quantum identity authentication module in the quantum security printer performs identity registration to the quantum CA through the network communication module, and the quantum CA issues the quantum identity ID of the quantum security printer to the quantum CA a Quantum identity ID of quantum security printer a Including public identity ID 1 And privacy identity ID 2 After the issuance, the public identity ID of the quantum security printer is stored in the quantum CA and the quantum identity authentication module in the quantum security printer 1 And privacy identity ID 2 。
And step two, carrying out user identity authentication by the quantum security printer, and starting the quantum security printer after the user identity authentication is successful.
The quantum security printer may authenticate the identity of the user by biometric methods, such as: fingerprint identification, face recognition and the like, wherein a user is an authorized manager of the quantum security printer, and if the quantum security printer fails to authenticate the identity of the user, the quantum security printer cannot be started normally.
Step three, quantum security terminal and quantum CA are based on quantum identity ID a And (3) carrying out identity authentication on the quantum security printer, and after the quantum security terminal and the quantum CA pass through the identity authentication of the quantum security printer, sending data to be printed to the quantum security printer by the quantum security terminal.
Quantum security terminal and quantum CA based on quantum identity ID a Flow for identity authentication of quantum security printerThe process is as follows:
flow a1, quantum security printer based on local privacy identity ID 2 Generating a Disposable identity OTID 1 Quantum CA based on local privacy identity ID 2 Generating a Disposable identity OTID 2 。
Quantum identity authentication module in quantum security printer is based on local privacy identity ID 2 Generating a Disposable identity OTID 1 The specific process is as follows:
the quantum identity authentication module obtains a random number from the local area for generating irreducible polynomial P 1 . The position identification of the quantum key x, y and z is shared between the quantum identity authentication module and the quantum CA, and the position identification of the key is: the mth bit starts to take L keys. For example, a preset key pool has a group of random numbers with 1024 bits of length, and the position information of the key a is from the 6 th bit, and the length is 128; the location information of the key b is from 140 bits and the length is 128; the location information of key c is from 300 bits and has a length of 128. The positional identification of the key referred to hereinafter also means the same.
And the quantum identity authentication module pulls the quantum key at the corresponding position from the key pool of the quantum key management module based on the position identification of the shared quantum key x, y and z to obtain the quantum key x, y and z. And pulling the quantum key at the corresponding position from the local key pool by the quantum CA based on the position identification of the shared quantum key x, y and z to obtain the quantum key x, y and z.
Quantum identity authentication module is based on irreducible polynomial P 1 Obtaining hash function H by quantum key x 1 And based on the hash function H 1 Private identity ID to local 2 Hash calculation is performed to obtain a hash value H (ID) 2 ) Then the quantum key y is used to compare the hash value H (ID 2 ) Encryption is carried out to obtain a disposable identity OTID 1 The method comprises the following steps:
irreducible polynomial P 1 The character string formed by each coefficient except the highest item is recorded as str1, and the quantum identity authentication module encrypts the character string str1 by using the quantum key z to obtainThe quantum identity authentication module is used for communicating the ∈10 through the network communication module>To quantum CA.
Quantum CA based on local privacy identity ID 2 Generating a Disposable identity OTID 2 The specific process is as follows:
quantum CA uses a key z pairDecrypting to obtain str1', and generating an irreducible polynomial P based on str1 1 '. Quantum CA is based on irreducible polynomials P 1 ' Generation of hash function H by Quantum Key x 1 ' and based on the hash function H 1 ' to local privacy identity ID 2 Hash calculation is performed to obtain a hash value H (ID) 2 ) ' then the hash value H (ID) is again paired with the key y 2 ) ' encryption is carried out to obtain the disposable identity OTID 2 The method comprises the following steps:
flow a2, quantum security printer based on local public identity ID 1 Disposable identity OTID 1 And generating a file Sign, and authenticating the identity of the quantum security printer based on the file Sign, the quantum security terminal and the quantum CA.
Quantum identity authentication module in quantum security printer is based on local public identity ID 1 Disposable identity OTID 1 Generating a file Sign, namely:
Sign=[ID 1 ,OTID 1 ]。
based on the file Sign, the process of authenticating the identity of the quantum security printer by the quantum security terminal and the quantum CA is as follows:
s1, a quantum identity authentication module in a quantum security printer obtains a random number from the local and is used for generating an irreducible polynomial P 2 Irreducible polynomial P 2 The string of coefficients for each term except the highest term is denoted str2.
S2, presetting the same key pool with the quantum security terminal and the quantum CA by a quantum key management module in the quantum security printer.
The quantum identity authentication module in the quantum security printer shares a group of position identifiers of quantum keys u, v and w with the quantum security terminal and the quantum CA. The quantum identity authentication module obtains quantum keys u, v and w from a key pool of the quantum key management module according to the position identifiers of the shared quantum keys u, v and w, and the quantum security terminal and the quantum CA obtain the quantum keys u, v and w from a local key pool respectively according to the position identifiers of the shared quantum keys u, v and w.
Or the quantum identity authentication module records the position identifiers of the quantum keys u, v and w extracted from the key pool of the quantum key management module, and sends the position identifiers to the quantum CA and the quantum security terminal. Since only the location identification of the key is transmitted, even if hijacked by a hacker, the corresponding key cannot be obtained through the location identification without the same key pool.
S3, quantum identity authentication module is based on irreducible polynomial P 2 Generating a hash function H from a key u 2 Using a hash function H 2 And carrying out hash calculation on the file Sign to obtain a hash value H (Sign).
The quantum identity authentication module encrypts the hash value H (Sign) by using the key v to obtainThe quantum identity authentication module encrypts a character string str2 by using a secret key w to obtain +.>
Quantum bodyThe authentication module willAnd sent to the quantum security terminal.
S4, the quantum security terminal signs the received file and encrypts the hash valueEncrypted character string->And the quantum security terminal and the quantum CA draw the quantum keys at the corresponding positions from the local key pool according to the position identifiers of the shared quantum keys u, v and w to obtain the quantum keys u, v and w. In order to distinguish the quantum key obtained by the quantum identity authentication module, the quantum key obtained by the quantum security terminal is recorded as u 1 ′、v 1 ′、w 1 The quantum key obtained by quantum CA is marked as u ', v ', w '.
S5, the quantum security terminal uses the secret key v' to encrypt the hash valueDecrypting to obtain a hash value H (Sign) ', and using the key w' to encrypt the character string +.>Decrypting to obtain a character string str2', and then generating an irreducible polynomial P by the quantum security terminal based on the character string str2 2 'based on the secret key u' and the irreducible polynomial P 2 ' production Hash function H 2 ' Hash function H is used 2 And carrying out hash calculation on the file Sign to obtain a hash value H '(Sign)' and comparing the hash value H '(Sign)' obtained by calculation with the hash value H (Sign) 'obtained by decryption, wherein if the hash value H' (Sign) 'and the hash value H (Sign)' are equal, the quantum security terminal passes the identity authentication of the quantum security printer, and otherwise, the quantum security terminal does not pass the identity authentication of the quantum security printer.
S6, quantum CA uses key v' to encrypt hash valueDecrypting to obtain a hash value H (Sign) ", and using the key w" to encrypt the character string ++>Decrypting to obtain a string str2 ", and then generating an irreducible polynomial P by the quantum CA based on the string str2 2 Based on the key u' and the irreducible polynomial P 2 "produce Hash function H 2 "use Hash function H 2 And carrying out hash calculation on the file Sign to obtain a hash value H '(Sign), and comparing the calculated hash value H' (Sign) with the hash value H (Sign) obtained by decryption, wherein if the hash values are equal, the hash value comparison passes, and otherwise, the quantum CA does not pass the identity authentication of the quantum security printer.
Quantum CA will receive public identity ID in file Sign 1 With locally stored public identity ID in Quantum CA 1 And comparing, if the public identities are equal, the public identities pass comparison, and if the public identities pass the comparison, the quantum CA does not pass the identity authentication of the quantum security printer.
Quantum CA sends out one-time identity OTID in received file Sign 1 With locally stored one-time identity OTID in quantum CA 2 And comparing, if the identity authentication and the identity authentication are equal, the one-time identity comparison passes, otherwise, the identity authentication of the quantum security printer by the quantum CA does not pass.
Only when hash value comparison, public identity comparison and one-time identity comparison are all passed, the quantum CA passes the identity authentication of the quantum security printer, and if any one of the comparison fails, the quantum CA does not pass the identity authentication of the quantum security printer.
After the process a3, the quantum security terminal and the quantum CA pass through the identity authentication of the quantum security printer, the quantum security terminal sends data to be printed to the quantum security printer.
The quantum security terminal performs hash calculation on data to be printed to obtain a hash valueH (data). The quantum security terminal locally extracts a quantum key r to encrypt data to be printed and a hash value H (data) to obtain encrypted dataAnd records the location identity of the quantum key r. Quantum security terminal encrypts dataAnd the position identification of the secret key r is sent to the quantum security printer.
Step four, quantum security printer and quantum CA based on quantum identity ID b And carrying out identity authentication on the quantum security terminal, after the quantum security printer and the quantum CA pass through the identity authentication of the quantum security terminal, authenticating the received data to be printed by the quantum security printer, and printing the data to be printed after the data to be printed passes through the authentication.
Quantum identity ID b Including public identity ID 3 And privacy identity ID 4 Quantum security printer and quantum CA based on quantum identity ID b The process of identity authentication for the quantum security terminal is as follows:
flow b1, quantum security terminal based on local privacy identity ID 4 Generating a Disposable identity OTID 3 Quantum CA based on local privacy identity ID 4 Generating a Disposable identity OTID 4 ;
Flow b2, quantum security terminal based on local public identity ID 3 Disposable identity OTID 3 Generating a file Sign , Based on file Sign , The quantum security printer and the quantum CA authenticate the identity of the quantum security terminal;
and after the process b3, the quantum security printer and the quantum CA pass the identity authentication of the quantum security terminal, the quantum security printer authenticates the received data to be printed.
Quantum security printer and quantum CA based on quantum identity ID b The process of identity authentication of the quantum security terminal, the quantum security terminal and the quantum CA are based on the quantum bodyPart ID a The identity authentication process of the quantum security printer is the same, including the generation of a disposable identity, the identity authentication based on the disposable identity, etc., and details are not repeated here.
The specific process of authenticating the received data to be printed by the quantum security printer is as follows:
the quantum encryption and decryption module in the quantum security printer receives encrypted data from the quantum security terminal through the network communication moduleAnd the location identity of the key r. The quantum encryption and decryption module sends a request g for obtaining the quantum key and a position identifier of a key r to the quantum key management module, and the quantum key management module obtains the key at a corresponding position from the local key Chi La according to the request g and the position identifier of the key r and sends the obtained key r' to the quantum encryption and decryption module. The quantum encryption and decryption module uses a secret key r' to encrypt data +.>Decrypting to obtain data to be printed and a hash value H (data) ', carrying out hash calculation on the data to be printed obtained by decrypting by adopting a hash algorithm identical to that of the quantum security terminal to obtain the hash value H (data) ', comparing the hash value H (data) ' ' obtained by calculation with the hash value H (data) ' obtained by decrypting, if the comparison is equal, authenticating the data to be printed obtained by decrypting, otherwise, authenticating the data to be printed, and if the comparison is not equal, authenticating the data to be printed.
After the authentication of the data to be printed obtained after decryption passes, the quantum encryption and decryption module sends the data to be printed to the printing history management module and the data printing module, the data printing module receives the data to be printed and prints the data, and the printing history management module stores the received data to be printed and also stores printing history records, for example: print time, number of files, etc.
Through the above process, it can be ensured that the quantum security printer is legitimate and print data is received from a legitimate quantum security terminal. Further, the authentication of the data to be printed ensures that the data to be printed is not tampered in the transmission process, and ensures the integrity of the data to be printed.
And fifthly, after the printing of the printed data is finished, the quantum security printer performs user identity authentication as in the starting process, and after the user identity authentication is successful, the quantum security printer is powered off.
The quantum security printer may authenticate the identity of the user by biometric methods, such as: fingerprint identification, face recognition and the like, wherein a user is an authorized manager of the quantum security printer, and if the quantum security printer fails to authenticate the identity of the user, the quantum security printer cannot be normally shut down.
Claims (10)
1. The system is characterized by comprising a quantum security terminal, a quantum security printer, a quantum CA and a quantum key base station, wherein the quantum security terminal and the quantum security printer are respectively connected with the quantum CA and the quantum key base station, the quantum CA is connected with the quantum key base station, and the quantum security terminal is connected with the quantum security printer;
the quantum security terminal is used for generating data to be printed and authenticating the identity of the quantum security printer;
the quantum CA is used for issuing and authenticating the identity;
the quantum key base station is used for generating and distributing quantum keys;
the quantum security printer is used for executing data printing and comprises a network communication module, a quantum execution module and a data printing module which are sequentially connected;
the network communication module is used for executing data communication between the quantum security printer and external equipment;
the quantum execution module is used for authenticating the data to be printed and authenticating the identity of the quantum security terminal;
the data printing module is used for receiving the authenticated data and executing printing.
2. The global quantum security printing system according to claim 1, wherein the quantum execution module comprises a quantum encryption and decryption module, a quantum key management module and a quantum identity authentication module, the quantum encryption and decryption module is respectively connected with the quantum key management module, a network communication module and a data printing module, the quantum key management module is mutually connected with the network communication module, and the quantum identity authentication module is respectively connected with the network communication module and the quantum key management module;
the quantum key management module is used for generating and distributing quantum keys;
an encryption algorithm is preset in the quantum encryption and decryption module and is used for encrypting, decrypting and authenticating data;
the quantum identity authentication module is used for identity authentication of the quantum security terminal.
3. The global quantum security printing system according to claim 2, wherein the quantum execution module further comprises a printing history management module, the printing history management module is connected with the quantum encryption and decryption module, and the printing history management module is used for storing data to be printed and storing a printing history record.
4. A global quantum security printing system according to claim 2 or 3, wherein the quantum security terminal, quantum CA, quantum key management module are pre-configured with the same key pool.
5. A method of operating a global quantum security printing system based on claim 4, the method comprising the steps of:
step one, a quantum security printer and a quantum security terminal register identities of quantum CA, and the quantum CA issues a quantum identity ID to the quantum security printer a Quantum CA vector quantum security terminal issues quantum identity ID b After the issuance is completed, the quantum security printer and the quantum CA both store the quantum identity ID a The quantum security terminal and the quantum CA both store the quantum identity ID b ;
Step two, the quantum security printer performs user identity authentication, and after the user identity authentication is successful, the quantum security printer is started;
step three, quantum security terminal and quantum CA are based on quantum identity ID a Carrying out identity authentication on the quantum security printer, and after the identity authentication of the quantum security printer by the quantum security terminal and the quantum CA is passed, sending data to be printed to the quantum security printer by the quantum security terminal;
step four, quantum security printer and quantum CA based on quantum identity ID b And carrying out identity authentication on the quantum security terminal, after the quantum security printer and the quantum CA pass through the identity authentication of the quantum security terminal, authenticating the received data to be printed by the quantum security printer, and printing the data to be printed after the data to be printed passes through the authentication.
6. A method of operating a global quantum security printing system according to claim 5, further comprising:
step five, after the printing of the data is finished, the quantum security printer performs user identity authentication, and after the user identity authentication is successful, the quantum security printer is powered off;
in the second step and the fifth step, the quantum security printer performs user identity authentication through a biological recognition method.
7. The method of claim 5, wherein in step three, the quantum identity ID is a Including public identity ID 1 And privacy identity ID 2 The quantum security terminal and the quantum CA are based on quantum identity ID a The process of identity authentication for the quantum security printer is as follows:
flow a1, local-based privacy of quantum security printerIdentity ID 2 Generating a Disposable identity OTID 1 Quantum CA based on local privacy identity ID 2 Generating a Disposable identity OTID 2 ;
Flow a2, quantum security printer based on local public identity ID 1 Disposable identity OTID 1 Generating a file Sign, and authenticating the identity of the quantum security printer based on the file Sign, the quantum security terminal and the quantum CA;
after the process a3, the quantum security terminal and the quantum CA pass through the identity authentication of the quantum security printer, the quantum security terminal sends data to be printed to the quantum security printer.
8. The method of claim 5, wherein in step four, the quantum identity ID is b Including public identity ID 3 And privacy identity ID 4 The quantum security printer and the quantum CA are based on quantum identity ID b The process of identity authentication for the quantum security terminal is as follows:
flow b1, quantum security terminal based on local privacy identity ID 4 Generating a Disposable identity OTID 3 Quantum CA based on local privacy identity ID 4 Generating a Disposable identity OTID 4 ;
Flow b2, quantum security terminal based on local public identity ID 3 Disposable identity OTID 3 Generating a file Sign, and authenticating the identity of the quantum security terminal based on the file Sign by the quantum security printer and the quantum CA;
and after the process b3, the quantum security printer and the quantum CA pass the identity authentication of the quantum security terminal, the quantum security printer authenticates the received data to be printed.
9. The method of claim 4, wherein in step three, the quantum security terminal sending data to be printed to the quantum security printer further comprises:
said amount isThe sub-security terminal performs hash calculation on data to be printed to obtain a hash value H (data), and the quantum security terminal locally extracts a quantum key r to encrypt the data to be printed and the hash value H (data) to obtain encrypted dataAnd recording the location identity of the quantum key r, then encrypting the data +.>And the position identification of the secret key r is sent to the quantum security printer.
10. The method of claim 9, wherein in step four, the authenticating the received data to be printed by the quantum security printer further comprises:
a quantum encryption and decryption module in the quantum security printer receives encrypted data from the quantum security terminalThe quantum encryption and decryption module sends a request g for obtaining a quantum key and a position identifier of the key r to the quantum key management module, the quantum key management module obtains the key at a corresponding position from a local key Chi La according to the position identifiers of the request g and the key r and sends the obtained key r 'to the quantum encryption and decryption module, and the quantum encryption and decryption module uses the key r' to encrypt data->Decrypting to obtain data to be printed and a hash value H (data) ', performing hash calculation on the decrypted data to be printed to obtain a hash value H (data)', comparing the calculated hash value H (data) 'with the decrypted hash value H (data)', and if the comparison is equal, obtaining the decrypted data to be printedThe printing data' passes the authentication, otherwise, the authentication does not pass;
after the authentication of the data to be printed obtained after decryption passes, the quantum encryption and decryption module sends the data to be printed data to the printing history management module and the data printing module, the data printing module receives the data to be printed data 'and performs data printing, and the printing history management module stores the received data to be printed data' and also stores printing history records.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311668078.6A CN117666977A (en) | 2023-12-07 | 2023-12-07 | Global quantum security printing system and working method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311668078.6A CN117666977A (en) | 2023-12-07 | 2023-12-07 | Global quantum security printing system and working method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117666977A true CN117666977A (en) | 2024-03-08 |
Family
ID=90067694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311668078.6A Pending CN117666977A (en) | 2023-12-07 | 2023-12-07 | Global quantum security printing system and working method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117666977A (en) |
-
2023
- 2023-12-07 CN CN202311668078.6A patent/CN117666977A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11824991B2 (en) | Securing transactions with a blockchain network | |
| EP1866873B1 (en) | Method, system, personal security device and computer program product for cryptographically secured biometric authentication | |
| CN102217277B (en) | Method and system for token-based authentication | |
| JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
| US8966269B2 (en) | Integrity protected smart card transaction | |
| EP3435591A1 (en) | 1:n biometric authentication, encryption, signature system | |
| US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
| JP2006014325A (en) | Method and apparatus for using portable security token to facilitate public key certification for device group in network | |
| CN106953732B (en) | Key management system and method for chip card | |
| US7076062B1 (en) | Methods and arrangements for using a signature generating device for encryption-based authentication | |
| JP3362780B2 (en) | Authentication method in communication system, center device, recording medium storing authentication program | |
| TWI476629B (en) | Data security and security systems and methods | |
| US20090319778A1 (en) | User authentication system and method without password | |
| CN111541708B (en) | Identity authentication method based on power distribution | |
| JP2021111925A (en) | Electronic signature system | |
| KR19990038925A (en) | Secure Two-Way Authentication Method in a Distributed Environment | |
| CN117666977A (en) | Global quantum security printing system and working method thereof | |
| JP2001005784A (en) | Device and method for collating password | |
| CN118054901B (en) | Network communication method and storage device based on key identification quick transfer | |
| US20040030892A1 (en) | Dynamic identification method without identification code | |
| US20040225709A1 (en) | Automatically configuring security system | |
| US20240169350A1 (en) | Securing transactions with a blockchain network | |
| KR20100064292A (en) | Method for passive rfid security according to security mode | |
| KR101043401B1 (en) | host device and printer authorizing secure document, and method thereof | |
| CN115798082A (en) | Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |