Search

CN-122027258-A - Data transmission method, electronic device and storage medium

CN122027258ACN 122027258 ACN122027258 ACN 122027258ACN-122027258-A

Abstract

The application relates to the technical field of data security, and discloses a data transmission method, electronic equipment and a storage medium. The method comprises the steps that a sender node receives a first data packet uploaded by a terminal, a check sequence is generated, the check sequence is obtained based on a quantum random number sequence, the quantum random number sequence is shared by the sender node and a receiver node through QKD, a second data packet is obtained based on the check sequence and the first data packet, and the second data packet is sent to a back-end server. In the application, the identification and the data integrity assurance with low time delay are realized by combining the quantum key distribution technology.

Inventors

  • LIU LONGSHAN
  • QI WEI
  • MIAO YAJUN
  • XIN HUA
  • LI CHENGDONG

Assignees

  • 国科量子通信网络有限公司

Dates

Publication Date
20260512
Application Date
20260129

Claims (10)

  1. 1. A data transmission method, applied to a sender node, comprising: Receiving a first data packet uploaded by a terminal; generating a check sequence, wherein the check sequence is obtained based on a quantum random number sequence, and the quantum random number sequence is shared by a sender node and a receiver node through QKD; And generating a second data packet based on the check sequence and the first data packet, and sending the second data packet to a back-end server.
  2. 2. The data transmission method according to claim 1, wherein the generating a check sequence includes: obtaining a quantum random number sequence from QKD or QKR; And intercepting a plurality of data segments with preset lengths from the quantum random number sequence according to a preset interception rule to serve as the check sequence.
  3. 3. The data transmission method according to claim 2, wherein the intercepting a plurality of data segments with preset lengths from the quantum random number sequence according to a preset interception rule as the check sequence comprises: intercepting and obtaining a plurality of data segments from the first order of the quantum random number sequence according to the first length; and marking sequence numbers on the plurality of data segments, and selecting one data segment as the check sequence according to the sequence numbers.
  4. 4. A data transmission method according to claim 3, wherein the first data packet includes an IP address field and a data payload field; the generating, based on the check sequence and the first data packet, a second data packet includes: sequentially intercepting the check sequence to obtain a first random number sequence with a second length, and taking the rest part of the intercepted check sequence as a second random number sequence; Calculating a first check value based on the IP address field, the second random number sequence, and the data payload field; And sequentially splicing the first check value to the first random number sequence to obtain a check field, and inserting the check field between the IP address field and the data load field.
  5. 5. The method of data transmission according to claim 4, wherein the calculating a first check value based on the IP address, the second random number sequence, and the data payload comprises: Generating a key according to the second random number sequence; and performing HMAC verification based on the secret key, the IP address field and the data load field to obtain the first verification value.
  6. 6. A data transmission method, applied to a receiver node, comprising: acquiring a second data packet from the sender node; And generating a check sequence to check the second data packet, wherein the check sequence is obtained based on a quantum random number sequence, and the quantum random number sequence is shared by a sender node and a receiver node through QKD.
  7. 7. The data transmission method according to claim 6, wherein the second data packet includes an IP address field, a check field, and a data payload field; The generating a check sequence to check the second data packet includes: sequentially extracting from the first bit of the check field to obtain a matching field with a second length, and taking the content of the residual field after the extraction of the check field as a first check value; Sliding window matching is conducted in the quantum random number sequence based on the matching field; if the matching is successful, sequentially extracting random number segments with a third length from the tail end position of the matching field in the quantum random number sequence; calculating and generating a second check value based on the random number segment, the IP address field and the data load field; Comparing the second check value with the first check value.
  8. 8. The data transmission method according to claim 7, characterized in that the method further comprises: if the comparison is consistent, splicing the IP address field and the load field to obtain a third data packet; And sending the third data packet to a back-end server.
  9. 9. An electronic device, comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the data transmission method of any one of claims 1 to 5 and/or the data transmission method of claims 6 to 8.
  10. 10. A computer-readable storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements the data transmission method according to any one of claims 1 to 5 and/or the data transmission method according to claims 6 to 8.

Description

Data transmission method, electronic device and storage medium Technical Field The present application relates to the field of data security technologies, and in particular, to a data transmission method, an electronic device, and a storage medium. Background Industrial control scenarios (such as petroleum pipeline scheduling) have key requirements for instruction security flow, the core of the requirements includes real identity of a data sender, non-tampered data transmission and real-time performance, and the added functions need to avoid affecting the existing network architecture (such as not adding an additional internet protocol address (Internet Protocol Address, IP address)), so confidentiality protection is not necessary. In such a scenario, IPSec (Internet Protocol Security, internet security protocol) is a common solution to this type of problem, and its transparent transmission mode can retain the original IP address information, without changing internal communication, and implement data source identity verification and data integrity protection through the authentication header protocol (Authentication Header, AH). However, the existing IPSec technology has the obvious defects that the protocol design is complex, in a star-shaped link architecture commonly used in an industrial control scene, a central side gateway needs to bear a large amount of communication processing of terminal equipment, so that the performance requirement is extremely high, when the DDOS attacks, the key and the identity of the IPSec are relatively fixed, the characteristics of high concurrency and multi-terminal connection of the industrial control scene are not considered, the real-time requirement is difficult to adapt to a packet-by-packet verification mechanism and the complex protocol architecture, and meanwhile, the fixed safety receiver node cannot cope with potential risks such as long-time eavesdropping and cracking, so that the dual requirements of the industrial control scene on safety and performance are difficult to be met. Disclosure of Invention An object of an embodiment of the present application is to provide a data transmission method, an electronic device, and a storage medium, which implement low-latency identification and data integrity assurance by combining quantum key distribution (Quantum Key Distribution, QKD) technology. In order to solve the technical problems, one or more embodiments of the present application provide a data transmission method applied to a sender node, which includes receiving a first data packet uploaded by a terminal, generating a check sequence, wherein the check sequence is obtained based on a quantum random number sequence, the quantum random number sequence is shared by the sender node and a receiver node through QKD, generating a second data packet based on the check sequence and the first data packet, and sending the second data packet to a back-end server. One or more embodiments of the present application further provide a data transmission method applied to a receiver node, including obtaining a second data packet from a sender node, and generating a check sequence to check the second data packet, where the check sequence is obtained based on a quantum random number sequence, and the quantum random number sequence is shared by the sender node and the receiver node via QKD. Compared with the related art, the data transmission method of the embodiment of the application has the advantages that the quantum random number sequence shared by the sender node and the receiver node is obtained based on the QKD technology to generate the check sequence, the problem of fixed key and identity of IPSec is solved, hacking and decoding can be avoided, the check logic is simplified based on the quantum random number, complex protocol support is not needed, the performance pressure of a central gateway under star-shaped link is relieved, the consumption of calculation resources is reduced, and finally, the identity identification with low time delay and the data integrity guarantee are realized. In addition, according to one or more embodiments of the present application, the generation of the check sequence includes obtaining a quantum random number sequence from the QKD or QKR, and intercepting a plurality of data segments with preset lengths from the quantum random number sequence according to a preset interception rule as the check sequence. In addition, according to one or more embodiments of the present application, the first data packet includes an IP address field and a data payload field, the generating to obtain a second data packet based on the check sequence and the first data packet includes sequentially intercepting a first random number sequence of a second length from the check sequence, and taking the rest of the intercepted check sequence as a second random number sequence, calculating a first check value based on the IP address field, the second random numbe