CN-122001577-A - Data key acquisition method, device and storage medium of quantum security device terminal

Abstract

The invention discloses a data key acquisition method, equipment and a storage medium of a quantum security equipment terminal, wherein the method comprises the steps that when the quantum security equipment terminal leaves a factory, the equipment ID of the quantum security equipment terminal is input into a seed key center, and the seed key center generates a corresponding initial seed key for storage; when the method is used for communication with a root key operator for the first time, an initial seed key is acquired from a seed key center and authenticated, then the initial seed key is expanded, the root key operator sends a mashup key to a quantum security device terminal and authenticates, and finally the data key is obtained by carrying out mashup in an exclusive-or mode based on the mashup key. After the quantum security equipment terminal passes the authentication, the initial seed key is expanded to obtain the expanded key, and the data key with high safety coefficient is safely and efficiently derived by utilizing the existing initial seed key resource, so that the key supplementing and updating burden of a seed key center is reduced.

Inventors

• ZHANG CHAO

Assignees

• 矩阵时光数字科技有限公司

Dates

Publication Date

20260508

Application Date

20260227

Claims (9)

1. 1. The data key acquisition method of the quantum security equipment terminal is characterized by comprising the following steps of: (1) When leaving a factory, the quantum security equipment terminal inputs the self equipment ID into a seed key center, and the seed key center generates an initial seed key corresponding to the equipment ID and stores the initial seed key; (2) When the quantum security equipment terminal is in primary communication with the root key operator, the root key operator acquires an initial seed key from the seed key center and authenticates the initial seed key, and after the authentication is passed, the quantum security equipment terminal expands the initial seed key to obtain an expanded key; (3) And the root key operator sends the mashup key to the quantum security equipment terminal for authentication, and after the authentication is passed, the quantum security equipment terminal performs mashup on the extended key in an exclusive or mode based on blend keys, so that the data key is finally obtained.
2. 2. The method for obtaining a data key of a quantum security device terminal according to claim 1, wherein before the step (2), the method further comprises the steps of: the seed key center locally generates a plurality of irreducible polynomials used by the hash function, records character strings composed of each item of coefficients except the highest item corresponding to each irreducible polynomial, marks the recorded character strings as a character string set, and numbers each character string in the character string set; The seed key center randomly extracts a plurality of character strings and numbers thereof from the character string set to form a character string subset and sends the character string subset to root key operators connected with the seed key center, so that each root key operator comprises the character string subset, and the character string subsets in each root key operator are different; And then, randomly extracting the plurality of key expansion algorithms and the numbers thereof from the expansion algorithm set to form an expansion algorithm subset, and sending the expansion algorithm subset to root key operators connected with the seed key center, so that each root key operator comprises an expansion algorithm subset, and the expansion algorithm subsets in each root key operator are different.
3. 3. The method for acquiring the data key of the quantum security device terminal according to claim 1, wherein an initial seed key correspondence table is arranged in the seed key center, and the initial seed key correspondence table is used for associating the locally stored device ID of the quantum security device terminal with the corresponding initial seed key and storing the locally stored device ID in the table.
4. 4. The method for obtaining the data key of the quantum security device terminal according to claim 2, wherein the specific process of obtaining the initial seed key from the seed key center and authenticating the initial seed key by the root key operator is as follows: 1) The quantum security equipment terminal sends a request for acquiring an initial seed key to a seed key center through a root key operator connected with the quantum security equipment terminal, wherein the request for acquiring the initial seed key comprises the equipment ID of the quantum security equipment terminal; 2) The seed key center searches whether the device ID of the quantum security device terminal in the initial seed key request exists in the locally-input device ID of the seed key center, if so, the seed key center acquires the initial seed key corresponding to the quantum security device terminal device ID, locally generates an input random number as s, randomly acquires a character string and an expansion algorithm from a character string subset and an expansion algorithm subset corresponding to the root key operator, records the corresponding character string number and the expansion algorithm number; 3) After a root key operator connected with a quantum security device terminal receives the data, acquiring corresponding character strings from character string numbers and expansion algorithm numbers to be str1 and the expansion algorithm to be m locally, generating an irreducible polynomial p with the highest term coefficient of 1 by using coefficients of each bit of the corresponding polynomial of the character strings str1 except the highest term, and generating a hash function H by using the irreducible polynomial p and the received input random number s; 4) After the quantum security equipment terminal receives the data, the coefficient of each corresponding polynomial of the character string str1 except the highest term is utilized to generate an irreducible polynomial p 'with the highest term coefficient of 1, a hash function H' is generated by utilizing the irreducible polynomial p 'and the received input random number s, a second hash value H2 is obtained by utilizing the hash function H' to calculate the hash value of the initial seed key corresponding to the received quantum security equipment terminal equipment ID, the received first hash value H1 is compared with the second hash value H2, if the received first hash value H1 is consistent with the received second hash value H2, the initial seed key authentication is passed, and the quantum security equipment terminal informs a root key operator connected with the initial seed key authentication result.
5. 5. The method for obtaining a data key of a quantum security device terminal according to claim 4, wherein the step of expanding the initial seed key by the quantum security device terminal to obtain an expanded key is: after the authentication of the quantum security equipment terminal passes, the received expansion algorithm m is utilized to expand the initial seed key corresponding to the ID of the quantum security equipment terminal equipment to obtain an expansion key; And the root key operator responds to the authentication passing result, and locally utilizes an expansion algorithm m to expand the initial seed key corresponding to the ID of the quantum security equipment terminal equipment to obtain the expansion key which is the same as the quantum security equipment terminal.
6. 6. The method for obtaining the data key of the quantum security device terminal of claim 4, wherein the specific process of sending the mashup key to the quantum security device terminal by the root key operator and authenticating is as follows: a1, a root key operator responds to a result of passing authentication to locally generate a string of a hybrid mashup key and an input random number as k, then randomly acquire a character string as str2 from a local character string subset thereof, generate an irreducible polynomial q with a highest polynomial coefficient of 1 by utilizing coefficients of each bit of the character string str2 corresponding to each item except the highest polynomial, generate a hash function M by utilizing the irreducible polynomial q and the received input random number k, calculate a hash value of the hybrid mashup key by utilizing the hash function M to obtain a third hash value h3, and forward the hybrid mashup key, the third hash value h3, the input random number k and the character string str2 to a quantum security equipment terminal; A2, after the quantum security equipment terminal receives the hash value, generating an irreducible polynomial q 'with the highest term coefficient of 1 by utilizing the coefficients of each bit corresponding polynomial of the character string str2 except the highest term, generating a hash function M' by utilizing the irreducible polynomial q 'and the received input random number k, calculating the hash value of the received hash key by utilizing the hash function M' to obtain a fourth hash value h4, comparing the received third hash value h3 with the fourth hash value h4, if the hash value h3 is consistent with the fourth hash value h4, and notifying the root key operator connected with the quantum security equipment terminal that the authentication is passed by the quantum security equipment terminal.
7. 7. The method for obtaining the data key of the quantum security device terminal of claim 6, wherein the step of performing mashup on the extended key by exclusive-or based on blend keys is: After the authentication of the hybrid mashup key is passed, the quantum security equipment terminal divides the extended key according to the length of the hybrid mashup key to obtain first to N segments, then uses the hybrid mashup key to sequentially execute exclusive-or operation on the first to N segments, and then splices the first to N segments after the exclusive-or operation to obtain the data key.
8. 8. Computer device, characterized in that it comprises at least a processor and a memory, said processor being adapted to implement a data key acquisition method of a quantum security device terminal according to any of claims 1-7 when executing a computer program stored in the memory.
9. 9. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements a data key acquisition method of a quantum security device terminal according to any one of claims 1-7.

Description

Data key acquisition method, device and storage medium of quantum security device terminal Technical Field The invention relates to the technical field of keys, in particular to a data key acquisition method, device and storage medium of a quantum security device terminal. Background With the rapid development of quantum computing technology, traditional public key cryptography based on mathematical problems faces serious security challenges. To address this threat, quantum security network technologies have evolved to become a critical infrastructure for securing future secure transmissions of information. In a typical quantum secure communication system, the seed key center plays a vital role in order to preset or distribute an initial seed key for a huge number of factory devices in the network. These initial seed keys, which act as trust anchors and root keys for the device identity, are the basis for overall communication security. When the user equipment is accessed to the quantum security network for the first time and is ready to establish a communication session, the service traffic needs to be encrypted and decrypted by using a data key with high security intensity. The existing method is that the device directly uses the initial seed key preset in the factory as the data key. However, the technical scheme has the obvious defect that if all devices frequently and directly use an initial seed key to carry out data encryption and decryption operations, the seed key center needs to continuously carry out operations such as key supplementation and updating, and the like, which causes huge key management and distribution pressure to the seed key center. Specifically, the seed key center needs to participate in the negotiation and update of the key in real time for each data communication, which not only causes the center to become a bottleneck of system performance and reduces the expandability of the network, but also greatly increases the burden of storing, synchronizing and destroying the key at the center side. More importantly, the initial seed key is directly used for encrypting and decrypting the data, so that the hierarchical protection principle of key management is violated. Once the initial seed key of a certain device is revealed due to weak security protection at the terminal side, an attacker may possibly trace back or even push out the key stored in the seed key center, thereby constituting a systematic risk for the security of the whole network. Therefore, how to safely and efficiently derive an independent data key with high security coefficient for each access or each session by using the existing initial seed key resource on the premise of ensuring that the burden of the seed key center is not increased has become a technical problem to be solved in the field of quantum security networks. Disclosure of Invention The invention aims to provide a data key acquisition method, equipment and storage medium of a quantum security equipment terminal, which solve the problems in the prior art that the original seed key preset in the factory is directly used as a data key, so that the key management and distribution pressure of a seed key center is huge. The invention reduces the key management burden of the seed key center while ensuring high security level, and improves the whole expandability and operation efficiency. The data key acquisition method of the quantum security equipment terminal comprises the following steps: (1) When leaving a factory, the quantum security equipment terminal inputs the self equipment ID into a seed key center, and the seed key center generates an initial seed key corresponding to the equipment ID and stores the initial seed key; (2) When the quantum security equipment terminal is in primary communication with the root key operator, the root key operator acquires an initial seed key from the seed key center and authenticates the initial seed key, and after the authentication is passed, the quantum security equipment terminal expands the initial seed key to obtain an expanded key; (3) And the root key operator sends the mashup key to the quantum security equipment terminal for authentication, and after the authentication is passed, the quantum security equipment terminal performs mashup on the extended key in an exclusive or mode based on blend keys, so that the data key is finally obtained. Further, before the step (2), the method further comprises the following steps: the seed key center locally generates a plurality of irreducible polynomials used by the hash function, records character strings composed of each item of coefficients except the highest item corresponding to each irreducible polynomial, marks the recorded character strings as a character string set, and numbers each character string in the character string set; The seed key center randomly extracts a plurality of character strings and numbers thereof from the character string set to form a charac