Search

CN-121984679-A - Remote access handshake method, device, equipment and medium based on double quantum protection

CN121984679ACN 121984679 ACN121984679 ACN 121984679ACN-121984679-A

Abstract

The application discloses a remote access handshake method, device, equipment and medium based on double quantum resistance protection, which are applied to the field of encryption communication and comprise the steps of sending a connection request to a server, setting a corresponding authentication protocol according to a quantum authentication identifier and a quantum authentication resistance key exchange suite fed back by the server, carrying out handshake with the server based on the authentication protocol and the quantum authentication resistance key exchange suite, sending a certificate quantum authentication resistance protocol request to the server if the handshake is successful, analyzing quantum resistance information fed back by the server, carrying out quantum resistance verification on a target certificate fed back by the server for the first time through an obtained preset quantum resistance signature algorithm, a server quantum resistance public key and a certificate signature value, carrying out subsequent communication after the verification is passed, and ending communication with the server if the handshake is failed. Therefore, after the conventional anti-quantum key exchange handshake is completed, anti-quantum signature verification can be supplemented pertinently, and double anti-quantum protection is realized.

Inventors

  • CHEN QIANG
  • LIU JUNHUANG

Assignees

  • 杭州弗兰科信息安全科技有限公司

Dates

Publication Date
20260505
Application Date
20260408

Claims (10)

  1. 1. The remote access handshake method based on the double quantum protection is characterized by being applied to a client and comprising the following steps of: Sending a connection request to a server, receiving a quantum authentication identifier and an anti-quantum authentication key exchange suite corresponding to the connection request sent by the server, and setting a corresponding authentication protocol based on the quantum authentication identifier and the anti-quantum authentication key exchange suite; Based on the authentication protocol and the anti-quantum authentication key exchange suite, carrying out handshake with the server, if the handshake is successful, receiving a target certificate fed back by the server, sending a certificate anti-quantum authentication protocol request to the server, and receiving anti-quantum information corresponding to the certificate anti-quantum authentication protocol request, which is sent by the server, wherein the anti-quantum information comprises a preset anti-quantum signature algorithm, a server anti-quantum public key and a certificate signature value; analyzing the anti-quantum information, carrying out anti-quantum verification on the target certificate through the preset anti-quantum signature algorithm, the server anti-quantum public key and the certificate signature value obtained through analysis, and carrying out subsequent communication after verification is passed; and if the handshake fails, ending the communication with the server.
  2. 2. The method for remote access handshake based on dual anti-quantum protection according to claim 1, wherein the sending a connection request to a server and receiving a quantum authentication identifier and an anti-quantum authentication key exchange set corresponding to the connection request sent by the server, and then setting a corresponding authentication protocol based on the quantum authentication identifier and the anti-quantum authentication key exchange set, includes: Sending a connection request to a server, so that the server receives the connection request, generates a corresponding quantum authentication identifier, and feeds back the quantum authentication identifier and an anti-quantum authentication key exchange suite corresponding to the quantum authentication identifier to the client; And receiving the quantum authentication identification corresponding to the connection request and the quantum authentication key exchange resisting suite sent by the server, and setting a corresponding authentication protocol according to the quantum authentication key exchange resisting suite.
  3. 3. The remote access handshake method based on double quantum protection according to claim 2, wherein the performing handshake with the server based on the authentication protocol and the quantum-resistant authentication key exchange suite, if the handshake is successful, receiving a target certificate fed back by the server, sending a certificate quantum-resistant authentication protocol request to the server, and receiving quantum-resistant information corresponding to the certificate quantum-resistant authentication protocol request sent by the server, includes: Determining an anti-quantum key exchange algorithm corresponding to the anti-quantum authentication key exchange suite, and handshaking with the server according to the anti-quantum key exchange algorithm and the authentication protocol; If the handshake is successful, receiving a target certificate fed back by the server, and sending a certificate anti-quantum authentication protocol request to the server, so that the server receives the certificate anti-quantum authentication protocol request, generates anti-quantum information corresponding to the certificate anti-quantum authentication protocol request, and feeds back the anti-quantum information to the client; and receiving anti-quantum information corresponding to the certificate anti-quantum authentication protocol request and fed back by the server.
  4. 4. The dual quantum protection based remote access handshake method of claim 3, wherein the generating quantum resistant information corresponding to the credential quantum resistant authentication protocol request and feeding back the quantum resistant information to the client comprises: Generating a server anti-quantum key pair based on a preset anti-quantum signature algorithm, carrying out hash calculation on a target certificate through a preset hash algorithm, and then signing a certificate hash value obtained through the hash calculation through a server anti-quantum private key in the key pair to obtain a certificate signature value; And sending the preset anti-quantum signature algorithm, the certificate signature value and the server anti-quantum public key in the server anti-quantum key pair to the client as anti-quantum information.
  5. 5. The remote access handshake method based on double quantum protection according to claim 1, wherein the analyzing the quantum resistant information, performing quantum resistant verification on the target certificate by using the preset quantum resistant signature algorithm, the server quantum resistant public key and the certificate signature value obtained by analysis, and before performing subsequent communication after verification, further comprises: if the quantum resistance information returned by the server is not received within a preset waiting time threshold, judging that the handshake fails and disconnecting the current communication connection with the server; And recording error information of the handshake failure and feeding back the error information to a preset information processing node.
  6. 6. The remote access handshake method based on double quantum protection according to claim 4, wherein the parsing the quantum resistant information and performing quantum resistant verification on the target certificate through the preset quantum resistant signature algorithm, the server quantum resistant public key and the certificate signature value obtained by parsing includes: analyzing the anti-quantum information to obtain the preset anti-quantum signature algorithm, the server anti-quantum public key and the certificate signature value; Carrying out hash calculation on the target certificate through the preset hash algorithm to obtain a hash value to be compared, and restoring the certificate signature value through the preset anti-quantum signature algorithm and the server anti-quantum public key to obtain the certificate hash value; Consistency comparison is carried out on the certificate hash value and the hash value to be compared, and if the certificate hash value is consistent with the hash value to be compared, verification is passed; if the certificate hash value is inconsistent with the hash value to be compared, verification fails.
  7. 7. The dual anti-quantum protection based remote access handshake method according to any of claims 1 to 6, further comprising: if a request of the target certificate anti-quantum authentication protocol of the server is received, generating a client anti-quantum key pair based on the preset anti-quantum signature algorithm; Carrying out hash calculation on a local certificate through a preset hash algorithm to obtain a local certificate hash value corresponding to the local certificate, and carrying out quantum signing resistance on the local certificate hash value through a client quantum private key of a client quantum private key pair to obtain a local certificate signature value; And sending the preset anti-quantum signature algorithm, the local certificate signature value and the client anti-quantum public key in the client anti-quantum key pair to the server so that the server can perform anti-quantum authentication.
  8. 8. A remote access handshake device based on dual anti-quantum protection, applied to a client, comprising: The protocol setting module is used for sending a connection request to the server, receiving a quantum authentication identifier and an anti-quantum authentication key exchange suite which are sent by the server and correspond to the connection request, and setting a corresponding authentication protocol based on the quantum authentication identifier and the anti-quantum authentication key exchange suite; The information receiving module is used for carrying out handshake with the server based on the authentication protocol and the anti-quantum authentication key exchange suite, if the handshake is successful, receiving a target certificate fed back by the server, sending a certificate anti-quantum authentication protocol request to the server, and receiving anti-quantum information corresponding to the certificate anti-quantum authentication protocol request, which is sent by the server, wherein the anti-quantum information comprises a preset anti-quantum signature algorithm, a server anti-quantum public key and a certificate signature value; the quantum verification module is used for analyzing the anti-quantum information, carrying out anti-quantum verification on the target certificate through the preset anti-quantum signature algorithm, the server anti-quantum public key and the certificate signature value obtained through analysis, and carrying out subsequent communication after verification is passed; and the communication ending module is used for ending the communication with the server if the handshake fails.
  9. 9. An electronic device, comprising: A memory for storing a computer program; A processor for executing the computer program to implement the dual anti-quantum protection based remote access handshake method according to any of claims 1 to 7.
  10. 10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements a dual anti-quantum protection based remote access handshake method according to any of claims 1 to 7.

Description

Remote access handshake method, device, equipment and medium based on double quantum protection Technical Field The invention relates to the field of encrypted communication, in particular to a remote access handshake method, device, equipment and medium based on double quantum protection. Background VPN (Virtual Private Network ) is a widely used remote access technology that allows users to securely access enterprise internal network resources via the internet. In the data transmission process of VPN, data encryption and decryption are key links for guaranteeing data safety. The VPN generally adopts a traditional public key infrastructure (Public Key Infrastructure, PKI) to complete identity authentication and key negotiation in a handshake stage, is a main stream technical scheme in a commercial scene, and can realize handshake through a Pre-shared key (Pre-SHARED KEY, PSK) or a certificate-free encryption technology in a partial light or private deployment scene without depending on the traditional PKI. However, in either of the above schemes, the serious threat caused by the transformation of the post quantum algorithm cannot be resisted. The prior VPN anti-quantum scheme mainly adopts a mixed anti-quantum key exchange and anti-quantum certificate mode. Both schemes have some defects that the mode of the mixed anti-quantum key exchange suite only protects the anti-quantum property of key exchange, does not carry out anti-quantum protection on the certificate, and cannot realize the anti-quantum property of the certificate. And the existing PKI system needs to be modified in the quantum certificate resisting mode, including updating certificate format standards and related protocols to support new post-quantum cryptographic algorithm identification, key negotiation mechanism and digital signature scheme, and has high modification cost and difficult deployment. Disclosure of Invention In view of the above, the present invention aims to provide a remote access handshake method, device, equipment and medium based on dual anti-quantum protection, which can pertinently supplement anti-quantum signature verification after the completion of conventional anti-quantum key exchange handshake, so as to realize dual anti-quantum protection. The specific scheme is as follows: in a first aspect, the application discloses a remote access handshake method based on double quantum protection, which is applied to a client and comprises the following steps: Sending a connection request to a server, receiving a quantum authentication identifier and an anti-quantum authentication key exchange suite corresponding to the connection request sent by the server, and setting a corresponding authentication protocol based on the quantum authentication identifier and the anti-quantum authentication key exchange suite; Based on the authentication protocol and the anti-quantum authentication key exchange suite, carrying out handshake with the server, if the handshake is successful, receiving a target certificate fed back by the server, sending a certificate anti-quantum authentication protocol request to the server, and receiving anti-quantum information corresponding to the certificate anti-quantum authentication protocol request, which is sent by the server, wherein the anti-quantum information comprises a preset anti-quantum signature algorithm, a server anti-quantum public key and a certificate signature value; analyzing the anti-quantum information, carrying out anti-quantum verification on the target certificate through the preset anti-quantum signature algorithm, the server anti-quantum public key and the certificate signature value obtained through analysis, and carrying out subsequent communication after verification is passed; and if the handshake fails, ending the communication with the server. Optionally, the sending a connection request to a server, receiving a quantum authentication identifier and an anti-quantum authentication key exchange suite corresponding to the connection request sent by the server, and setting a corresponding authentication protocol based on the quantum authentication identifier and the anti-quantum authentication key exchange suite, where the method includes: Sending a connection request to a server, so that the server receives the connection request, generates a corresponding quantum authentication identifier, and feeds back the quantum authentication identifier and an anti-quantum authentication key exchange suite corresponding to the quantum authentication identifier to the client; And receiving the quantum authentication identification corresponding to the connection request and the quantum authentication key exchange resisting suite sent by the server, and setting a corresponding authentication protocol according to the quantum authentication key exchange resisting suite. Optionally, the handshake is performed with the server based on the authentication protocol and the anti-quantum authentic