Authentication method for intercom terminal and communication method based on rtos system

By integrating a national cryptographic chip into the intercom terminal and utilizing a preset chip interface and buffer, direct communication between the intercom terminal and the national cryptographic chip is achieved, solving the problems of high hardware replacement cost and poor compatibility of quantum encrypted intercom devices, and ensuring security and user experience.

CN122227233APending Publication Date: 2026-06-16中电信量子信息科技集团有限公司

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
中电信量子信息科技集团有限公司
Filing Date
2025-12-26
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Existing quantum encrypted intercom devices require the replacement of dedicated quantum SIM cards, increasing hardware replacement costs and making it difficult to meet the needs of users for device reuse. Furthermore, they pose security risks such as SIM card loss and key leakage, have poor compatibility, and affect user experience.

Method used

The intercom terminal integrates a preset national cryptographic chip, and achieves direct communication with the national cryptographic chip through the preset chip interface and buffer to perform identity authentication and key query. It uses a preset signature algorithm and asymmetric encryption public key to ensure communication security, and performs key management and interaction through a quantum cryptography service platform.

Benefits of technology

Identity authentication and key lookup can be completed without changing the SIM card, ensuring communication security, preventing key leakage, reducing hardware costs, and improving user experience and system compatibility.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122227233A_ABST
    Figure CN122227233A_ABST
Patent Text Reader

Abstract

The application discloses an authentication method of a talkback terminal, the method comprising: in response to a terminal start signal, initializing a preset chip interface and a preset buffer area of the talkback terminal; in the case that the preset chip interface and the preset buffer area are both successfully initialized, sending first authentication information to a preset national secret chip by the talkback terminal to perform first identity authentication; in the case that the first identity authentication is passed, sending a key query request to the preset national secret chip by the talkback terminal; receiving key query information associated with the key query request by the talkback terminal; in the case that a quantum key margin is greater than or equal to a preset threshold, sending a communication connection request to a quantum cryptography service platform by the talkback terminal; in the case that a communication connection is established with the quantum cryptography service platform, receiving a user token associated with user information and storing the user token sent by the quantum cryptography service platform by the talkback terminal to complete authentication. In this way, direct communication between the talkback terminal and the national secret chip is realized, and a user does not need to replace a SIM card.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of quantum encrypted communication, and more specifically, to an authentication method for a walkie-talkie terminal and a communication method based on an RTOS system. Background Technology

[0002] In related technologies, quantum-encrypted intercom devices typically rely on a quantum SIM card combined with mobile data to access the external network and interact with a quantum cryptography service platform to obtain a session key, thereby achieving end-to-end encrypted intercom functionality. However, to use the quantum-encrypted intercom function, a dedicated quantum SIM card is required, which not only increases the user's hardware replacement costs but also makes it difficult to meet the user's need for reusing existing equipment, ultimately resulting in insufficient overall ease of use and a poor user experience. Summary of the Invention

[0003] This application provides an authentication method for a walkie-talkie terminal and a communication method based on an RTOS system.

[0004] This application provides an authentication method for a walkie-talkie terminal, wherein the walkie-talkie terminal integrates a preset national cryptographic chip, a preset chip interface associated with the preset national cryptographic chip, and a preset buffer, and the method includes: In response to the terminal start signal, the intercom terminal initializes the preset chip interface and the preset buffer. The preset chip interface is used to perform read and write operations on the preset national cryptographic chip, and the preset buffer is used to communicate with the preset national cryptographic chip. If both the preset chip interface and the preset buffer are successfully initialized, the intercom terminal sends the first authentication information to the preset national cryptographic chip to perform the first identity authentication. If the first identity authentication is successful, the intercom terminal sends a key query request to the preset national cryptographic chip; The intercom terminal receives key query information associated with the key query request, the key query information including quantum key reserve and chip identifier corresponding to the preset national cryptographic chip; When the quantum key reserve is greater than or equal to a preset threshold, the intercom terminal sends a communication connection request to the quantum cryptography service platform. The communication connection request includes the chip identifier and user information. When a communication connection is established with the quantum cryptography service platform, the intercom terminal receives and stores a user token associated with the user information sent by the quantum cryptography service platform to complete the authentication.

[0005] In response to the terminal activation signal, the intercom terminal initializes a preset chip interface and a preset buffer. The preset chip interface is used for reading and writing to a preset national cryptographic chip, and the preset buffer is used for communication with the preset national cryptographic chip. Next, with both the preset chip interface and preset buffer successfully initialized, the intercom terminal sends first authentication information to the preset national cryptographic chip for initial identity authentication. Then, if the first identity authentication is successful, the intercom terminal sends a key query request to the preset national cryptographic chip. Subsequently, the intercom terminal receives key query information associated with the key query request, including quantum key reserves and a chip identifier corresponding to the preset national cryptographic chip. Next, if the quantum key reserves are greater than or equal to a preset threshold, the intercom terminal sends a communication connection request to the quantum cryptography service platform, including the chip identifier and user information. Finally, if a communication connection is established with the quantum cryptography service platform, the intercom terminal receives and stores a user token associated with the user information sent by the quantum cryptography service platform to complete authentication. In this way, a pre-set national cryptographic chip is integrated into the intercom terminal, and direct communication between the intercom terminal and the national cryptographic chip is realized through the pre-set chip interface and the pre-set buffer. Users do not need to change their SIM cards and can complete identity authentication, key query and interaction with the quantum cryptography service platform simply through the national cryptographic chip built into the terminal.

[0006] In some embodiments, the method further includes: The intercom terminal performs signature processing on its own pre-stored authentication code based on a preset signature algorithm to determine the first signature information; The intercom terminal encrypts the first random number obtained from the preset national cryptographic chip according to the first signature information and the first preset encryption algorithm to determine the first authentication information.

[0007] Thus, the intercom terminal signs its pre-stored authentication code based on a preset signature algorithm to determine the first signature information. Next, the intercom terminal encrypts a first random number obtained from a preset national cryptographic chip using the first signature information and a first preset encryption algorithm to determine the first authentication information. In this way, the preset signature algorithm ensures the integrity and immutability of the authentication code, while the first random number and the first preset encryption algorithm prevent the first authentication information from being reused.

[0008] In some embodiments, the method further includes: When the quantum key reserve is less than the preset threshold, the intercom terminal generates a key injection request based on the chip identifier and the asymmetric encryption public key built into the preset national cryptographic chip, and sends it to the quantum cryptography service platform; The quantum cryptography service platform encrypts the generated quantum key based on the asymmetric encryption public key to generate second encrypted information; The quantum cryptography service platform generates key configuration information corresponding to the charged quantum key based on the chip identifier; The quantum cryptography service platform sends the second encryption information and the key configuration information to the intercom terminal.

[0009] Thus, when the quantum key reserve is less than a preset threshold, the intercom terminal generates a key injection request based on the chip identifier and the asymmetric encryption public key built into the preset national cryptographic chip, and sends it to the quantum cryptography service platform. Next, the quantum cryptography service platform encrypts the generated injection quantum key based on the asymmetric encryption public key, generating second encrypted information. Then, the quantum cryptography service platform generates key configuration information corresponding to the injection quantum key according to the chip identifier. Finally, the quantum cryptography service platform sends the second encrypted information and the key configuration information to the intercom terminal. In this way, the asymmetric encryption public key ensures that only the intercom terminal can decrypt the injection quantum key during transmission, preventing leakage of the injection quantum key. Furthermore, by associating the chip identifier with the key configuration information, it ensures that the injection quantum key is compatible with the hardware characteristics of the terminal's national cryptographic chip, achieving accurate storage.

[0010] In some embodiments, the key configuration information includes key storage address information and write operation rule information, and the method further includes: The intercom terminal decrypts the second encrypted information based on the asymmetric encryption private key corresponding to the asymmetric encryption public key, and generates the charged quantum key; The intercom terminal erases the storage space in the preset national cryptographic chip corresponding to the key storage address information based on the key storage address information; The intercom terminal, based on the preset chip interface, cyclically writes the charging quantum key according to the writing operation rule information; When the quantum key charging is completed, the intercom terminal detects the key storage status in the preset national cryptographic chip; If the key storage status is normal, the key filling is confirmed to be complete.

[0011] In this way, the intercom terminal decrypts the second encrypted information based on the asymmetric encryption private key corresponding to the asymmetric encryption public key, generating a charged quantum key. Next, the intercom terminal erases the storage space corresponding to the key storage address in the preset national cryptographic chip based on the key storage address information. Then, the intercom terminal cyclically writes the charged quantum key according to the write operation rules based on the preset chip interface. Subsequently, after the charged quantum key is completed, the intercom terminal checks the key storage status in the preset national cryptographic chip. Finally, if the key storage status is normal, the key charging is confirmed to be complete. In this way, the uniqueness and security of the decryption process can be ensured through the asymmetric encryption private key, preventing the charged quantum key from being illegally obtained. Furthermore, the erasure process avoids interference from old data with the new key. In addition, cyclic writing based on the write operation rules adapts to the hardware limitations of the national cryptographic chip, thereby ensuring the complete storage of the charged quantum key.

[0012] In some embodiments, the method further includes: If the key storage status is abnormal, the intercom terminal interrupts key refilling, generates an anomaly reporting request, and sends it to the quantum cryptography service platform. The anomaly reporting request includes the chip identifier.

[0013] Thus, in the event of an abnormal key storage state, the intercom terminal interrupts key refilling, generates an anomaly reporting request, and sends it to the quantum cryptography service platform. The anomaly reporting request includes the chip identifier. This interruption operation prevents the abnormal key from being misused in communication, avoiding the spread of the erroneous state. Furthermore, the chip identifier allows the quantum cryptography service platform to accurately locate the problematic terminal, providing a basis for subsequent diagnosis and repair, and reducing manual troubleshooting costs.

[0014] This application also provides a communication method based on an RTOS system, wherein the RTOS system includes an intercom terminal and a quantum cryptography service platform, the intercom terminal includes a first intercom terminal and a second intercom terminal authenticated based on the above authentication method, and the method includes: In response to the session initiation operation, the first intercom terminal sends a session request to the quantum cryptography service platform; The quantum cryptography service platform generates first session key information and first key sequence number according to the session request, and sends them to the first intercom terminal; The first intercom terminal generates a session key based on the first session key information and the first key sequence number; The first intercom terminal synchronizes the session identifier to the second intercom terminal, so that the second intercom terminal can obtain the session key according to the session identifier, and then communicate according to the session key.

[0015] In response to the session initiation operation, the first intercom terminal sends a session request to the quantum cryptography service platform. Next, the quantum cryptography service platform generates first session key information and a first key sequence number based on the session request and sends them to the first intercom terminal. Then, the first intercom terminal generates a session key based on the first session key information and the first key sequence number. Finally, the first intercom terminal synchronizes the session identifier to the second intercom terminal, enabling the second intercom terminal to obtain the session key based on the session identifier and then communicate using the session key. This method of encrypting the transmission of the session key by generating the first session key information through the quantum cryptography service platform prevents leakage during transmission. Furthermore, the session identifier ensures precise matching of the session key, guaranteeing that the first and second intercom terminals use the same session key. Additionally, communication based on authenticated intercom terminals ensures the legitimacy of the participants' identities and the adequacy of the keys.

[0016] In some implementations, the session request includes a session identifier and a first chip identifier corresponding to the first intercom terminal, the session identifier being generated by the first intercom terminal based on the user token, and the step of generating first session key information and a first key sequence number according to the session request includes: The quantum cryptography service platform verifies the legality of the user token and the validity of the first chip identifier; If both the validity of the user token and the validity of the first chip identifier are verified, the quantum cryptography service platform generates the session key based on the session identifier; The quantum cryptography service platform determines the first key sequence number corresponding to the session key, and the first key sequence number corresponds to a first target charged quantum key pre-charged in the first intercom terminal; The quantum cryptography service platform, based on a second preset encryption algorithm, encrypts the session key according to its own pre-stored second target-filled quantum key to generate first session key information, wherein the second target-filled quantum key corresponds to the first target-filled quantum key.

[0017] In this way, the quantum cryptography service platform verifies the legitimacy of the user token and the validity of the first chip identifier. Next, if both the legitimacy of the user token and the validity of the first chip identifier are verified, the quantum cryptography service platform generates a session key based on the session identifier. Then, the quantum cryptography service platform determines a first key sequence number corresponding to the session key, which corresponds to a first target-filled quantum key pre-loaded in the first intercom terminal. Finally, the quantum cryptography service platform encrypts the session key based on a second preset encryption algorithm and its own pre-stored second target-filled quantum key, generating first session key information. The second target-filled quantum key corresponds to the first target-filled quantum key. Thus, using the quantum key pre-loaded in the first intercom terminal to encrypt the transmission of the session key prevents leakage during transmission. Furthermore, the correspondence between the second and first target-filled quantum keys ensures that only the first intercom terminal can decrypt and obtain the session key, preventing unauthorized access.

[0018] In some implementations, generating a session key based on the first session key information and the first key sequence number includes: The first intercom terminal sends the first key sequence number to the preset national cryptographic chip integrated within itself based on the first preset buffer and the first preset chip interface in order to obtain the first target charging quantum key; The first intercom terminal decrypts the first session key information according to the first target quantum key and the pre-configured first preset decryption algorithm to generate the session key. The first preset decryption algorithm corresponds to the second preset encryption algorithm.

[0019] Thus, the first intercom terminal, based on a preset buffer and a preset chip interface, sends a first key sequence number to its integrated preset national cryptographic chip to obtain the first target-filled quantum key. Next, the first intercom terminal decrypts the first session key information according to the first target-filled quantum key and a pre-configured first preset decryption algorithm to generate a session key. The first preset decryption algorithm corresponds to a second preset encryption algorithm. In this way, secure interaction with the preset national cryptographic chip is achieved through the preset chip interface and buffer, thereby ensuring the reliability of the first target-filled quantum key retrieval process.

[0020] In some embodiments, the method further includes: The second intercom terminal sends the session identifier to the quantum cryptography service platform; The quantum cryptography service platform determines the session key based on the session identifier; The quantum cryptography service platform determines a second key sequence number corresponding to the session key, and the second key sequence number corresponds to a third target quantum key pre-charged in the second intercom terminal; The quantum cryptography service platform, based on a third preset encryption algorithm, encrypts the session key according to its own pre-stored fourth target-filled quantum key, generates second session key information, and sends it to the second intercom terminal. The fourth target-filled quantum key corresponds to the third target-filled quantum key.

[0021] Thus, the second intercom terminal sends a session identifier to the quantum cryptography service platform. Next, the quantum cryptography service platform determines the session key based on the session identifier. Then, it determines a second key sequence number corresponding to the session key, which corresponds to a third target-filled quantum key pre-filled in the second intercom terminal. Finally, based on a third preset encryption algorithm and its own pre-stored fourth target-filled quantum key, the quantum cryptography service platform encrypts the session key, generating a second session key and sending it to the second intercom terminal. The fourth target-filled quantum key corresponds to the third target-filled quantum key. In this way, precise key matching is achieved through the session identifier, ensuring that the second intercom terminal obtains the same session key as the first intercom terminal. Furthermore, the correspondence between the fourth and third target-filled quantum keys ensures that only the second intercom terminal can decrypt and obtain the session key, preventing unauthorized access.

[0022] In some embodiments, the method further includes: The second intercom terminal sends the second key sequence number to its integrated preset national cryptographic chip based on the second preset buffer and the second preset chip interface in order to obtain the third target charging quantum key; The second intercom terminal decrypts the second session key information according to the third target quantum key and the pre-configured second preset decryption algorithm to generate the session key. The second preset decryption algorithm corresponds to the third preset encryption algorithm.

[0023] Thus, the second intercom terminal, based on a preset buffer and a preset chip interface, sends a second key sequence number to its integrated preset national cryptographic chip to obtain the third target-filled quantum key. Next, the second intercom terminal decrypts the second session key information according to the third target-filled quantum key and a pre-configured second preset decryption algorithm to generate a session key. The second preset decryption algorithm corresponds to the third preset encryption algorithm. This secure interaction with the preset national cryptographic chip is achieved through the preset chip interface and buffer, thereby ensuring the reliability of the second target-filled quantum key retrieval process.

[0024] Additional aspects and advantages of embodiments of this application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of embodiments of this application. Attached Figure Description

[0025] The above and / or additional aspects and advantages of this application will become apparent and readily understood from the description of the embodiments taken in conjunction with the following drawings, wherein: Figure 1 This is one of the flowcharts illustrating the authentication method for the intercom terminal according to an embodiment of this application; Figure 2 This is a second flowchart illustrating the authentication method for the intercom terminal according to an embodiment of this application; Figure 3 This is the third flowchart illustrating the authentication method for the intercom terminal according to the embodiments of this application; Figure 4 This is the fourth flowchart illustrating the authentication method for the intercom terminal according to the embodiments of this application; Figure 5 This is the fifth flowchart illustrating the authentication method for the intercom terminal according to the embodiments of this application; Figure 6 This is one of the flowcharts illustrating the communication method based on an RTOS system according to an embodiment of this application; Figure 7 This is a second schematic flowchart of the communication method based on an RTOS system according to an embodiment of this application; Figure 8 This is the third flowchart illustrating the communication method based on an RTOS system according to an embodiment of this application; Figure 9 This is the fourth flowchart illustrating the communication method based on an RTOS system according to an embodiment of this application; Figure 10 This is the fifth flowchart illustrating the communication method based on an RTOS system according to the embodiments of this application. Detailed Implementation

[0026] The embodiments of this application are described in detail below. Examples of the embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain the embodiments of this application, and should not be construed as limiting the embodiments of this application.

[0027] In related technologies, quantum-encrypted intercom devices typically rely on a quantum SIM card combined with mobile data to access the external network and interact with a quantum cryptography service platform to obtain a session key, thereby achieving end-to-end encrypted intercom functionality. However, to use the quantum-encrypted intercom function, a dedicated quantum SIM card is required, which not only increases the user's hardware replacement costs but also makes it difficult to meet the user's need for reusing existing equipment, ultimately resulting in insufficient overall ease of use and a poor user experience.

[0028] Specifically, the quantum SIM card is tightly bound to the terminal device. Different brands and models of walkie-talkies require specific quantum SIM cards, necessitating SIM card replacements when upgrading devices or switching brands, further increasing hardware investment costs. Furthermore, as a pluggable hardware component, the quantum SIM card poses security risks of physical loss and theft. If the SIM card is removed from terminal control, pre-stored quantum keys may be leaked, compromising the security of the encryption system. In addition, existing walkie-talkies are mostly built on RTOS systems, while the quantum SIM card's driver protocol has poor compatibility with RTOS systems. Integration requires extensive modifications to the terminal's underlying code, extending product development cycles and potentially introducing new system vulnerabilities.

[0029] Based on the above issues, please refer to Figure 1 This application provides an authentication method for a walkie-talkie terminal. The walkie-talkie terminal integrates a preset national cryptographic chip, a preset chip interface associated with the preset national cryptographic chip, and a preset buffer. The method includes: 011: In response to the terminal start signal, the intercom terminal initializes the preset chip interface and preset buffer. The preset chip interface is used to perform read and write operations on the preset national cryptographic chip, and the preset buffer is used to communicate with the preset national cryptographic chip. 012: If the preset chip interface and preset buffer are both successfully initialized, the intercom terminal sends the first authentication information to the preset national cryptographic chip to perform the first identity authentication; 013: If the first identity authentication is successful, the intercom terminal sends a key query request to the preset national cryptographic chip; 014: The intercom terminal receives key query information associated with the key query request. The key query information includes the quantum key balance and the chip identifier corresponding to the preset national cryptographic chip. 015: When the quantum key reserve is greater than or equal to a preset threshold, the intercom terminal sends a communication connection request to the quantum cryptography service platform. The communication connection request includes chip identification and user information. 016: When a communication connection is established with the quantum cryptography service platform, the intercom terminal receives and stores the user token associated with the user information sent by the quantum cryptography service platform to complete authentication.

[0030] Specifically, the preset national cryptographic chip refers to a security chip integrated inside the intercom terminal that conforms to the certification standard. It has hardware-level security functions such as quantum key secure storage, encryption operation, decryption operation and identity authentication, which can prevent key leakage and illegal tampering.

[0031] The preset chip interface refers to the hardware communication interface connecting the main controller of the intercom terminal and the preset national cryptographic chip. It is used to enable the terminal to send commands and read / write data to the national cryptographic chip, and serves as the physical channel for interaction between the two. In one example, the preset chip interface can be a Serial Peripheral Interface (SPI).

[0032] A preset buffer refers to a memory area in a walkie-talkie terminal used for temporary storage of data interacting with a preset national cryptographic chip. It caches commands such as authentication commands and key query commands that need to be sent to the national cryptographic chip, as well as received response data, such as authentication results, ensuring the orderliness of data interaction. In one example, the preset buffer can be an APDU buffer, used to store and process APDU data units.

[0033] The first authentication information refers to the data generated by the walkie-talkie terminal to prove its legitimacy to the preset national cryptographic chip. It is usually based on the authentication code pre-stored in the walkie-talkie terminal, which is processed by a signature algorithm and then encrypted with the random number generated by the national cryptographic chip to prevent identity forgery.

[0034] Quantum key reserve refers to the number of quantum keys pre-stored in the preset national cryptographic chip that can be used for subsequent encrypted communication. It is a key indicator for measuring whether a walkie-talkie terminal can carry out encrypted walkie-talkie normally.

[0035] The preset threshold refers to the critical value for judging whether the quantum key reserve is sufficient, ensuring that the intercom terminal has enough keys to support complete communication.

[0036] The chip identifier refers to the unique hardware identifier of the preset national cryptographic chip, which is used by the quantum cryptography service platform to identify the preset national cryptographic chip corresponding to the intercom terminal, associate it with its preset key and user information, and ensure the accuracy of key filling.

[0037] A quantum cryptography service platform refers to a system that can provide services such as quantum key management, user authentication, and session key generation. It serves as a support platform for intercom terminal authentication and encrypted communication.

[0038] A user token is a temporary access credential issued by the quantum cryptography service platform to an authenticated terminal. It contains user identity information and permission identifiers and is used for authentication when the intercom terminal applies for session keys from the quantum cryptography service platform.

[0039] After the intercom terminal is powered on, it triggers an initialization process, activates the preset chip interface and preset buffer, and ensures that the intercom terminal can communicate normally with its own pre-configured national cryptographic chip.

[0040] After the preset chip interface and preset buffer are successfully initialized, the intercom terminal generates the first authentication information and sends it to the preset national cryptographic chip. The preset national cryptographic chip verifies the legality of the information. If it passes the verification, the intercom terminal is allowed to access the pre-filled quantum key inside it.

[0041] Subsequently, the intercom terminal sends a key query command to the national cryptographic chip to perform a key query. The national cryptographic chip is preset to return the quantum key balance and chip identifier.

[0042] If the key balance is greater than or equal to the preset threshold, the intercom terminal will package the chip identifier and user information into a communication connection request and send it to the quantum cryptography service platform.

[0043] Finally, after verifying the validity of the chip identifier and the legality of the user information, the quantum cryptography service platform generates a user token and returns it to the intercom terminal. The intercom terminal stores the user token, completing the entire authentication process.

[0044] Understandably, the preset national cryptographic chip is the security foundation, while the preset chip interface and preset buffer are the bridges between the walkie-talkie terminal and the national cryptographic chip. Together, these three constitute the hardware foundation for secure terminal communication. The first identity authentication can be understood as an internal verification between the walkie-talkie terminal and the preset national cryptographic chip, used to ensure the walkie-talkie terminal's legitimate right to use the chip. Key query is a preliminary check of communication feasibility, determining whether the walkie-talkie terminal possesses the conditions for encrypted communication through quantum key reserves. Interaction with the quantum cryptography service platform is external authentication, binding the terminal and user identities through chip identification and user information, ultimately using a user token as the credential for successful authentication.

[0045] In summary, in the authentication method for a walkie-talkie terminal provided in this application, in response to a terminal startup signal, the walkie-talkie terminal initializes a preset chip interface and a preset buffer. The preset chip interface is used for reading and writing to a preset national cryptographic chip, and the preset buffer is used for communication with the preset national cryptographic chip. Next, if both the preset chip interface and the preset buffer are successfully initialized, the walkie-talkie terminal sends first authentication information to the preset national cryptographic chip for first identity authentication. Then, if the first identity authentication is successful, the walkie-talkie terminal sends a key query request to the preset national cryptographic chip. Subsequently, the walkie-talkie terminal receives key query information associated with the key query request, which includes a quantum key balance and a chip identifier corresponding to the preset national cryptographic chip. Next, if the quantum key balance is greater than or equal to a preset threshold, the walkie-talkie terminal sends a communication connection request to a quantum cryptography service platform, which includes a chip identifier and user information. Finally, if a communication connection is established with the quantum cryptography service platform, the walkie-talkie terminal receives and stores a user token associated with the user information sent by the quantum cryptography service platform to complete authentication. In this way, a pre-set national cryptographic chip is integrated into the intercom terminal, and direct communication between the intercom terminal and the national cryptographic chip is realized through the pre-set chip interface and the pre-set buffer. Users do not need to change their SIM cards and can complete identity authentication, key query and interaction with the quantum cryptography service platform simply through the national cryptographic chip built into the terminal.

[0046] Please see Figure 2 In some implementations, the method further includes: 017: The intercom terminal uses a preset signature algorithm to sign its own pre-stored authentication code to determine the first signature information; 018: The intercom terminal encrypts the first random number obtained from the preset national cryptographic chip according to the first signature information and the first preset encryption algorithm to determine the first authentication information.

[0047] Specifically, a preset signature algorithm refers to a hash signature algorithm that conforms to cryptographic standards. It is used to perform irreversible hash operations on data to generate a fixed-length signature value, which can verify the integrity and legitimacy of the data's origin and prevent data tampering. In one example, the preset signature algorithm could be the SM3 algorithm.

[0048] The pre-stored authentication code refers to data that is pre-loaded into the local storage of the walkie-talkie terminal before it leaves the factory. Only the walkie-talkie terminal and the pre-set national cryptographic chip know this data, and it serves as the core credential for identity authentication. In one example, the pre-stored authentication code could be the device's unique key or the user's identity credential.

[0049] The first signature information refers to a fixed-length string obtained by hashing the pre-stored authentication code using a preset signature algorithm. It is used to characterize the uniqueness and integrity of the authentication code and serves as the basis for subsequent encryption operations.

[0050] The first preset encryption algorithm refers to a symmetric encryption algorithm that conforms to cryptographic standards. It uses a fixed-length key to encrypt and decrypt data, and is characterized by high computational efficiency and strong security. It is suitable for encrypting sensitive data such as random numbers. In one example, the first preset encryption algorithm could be the SM4 algorithm.

[0051] The first random number refers to a random string (usually 16 bytes) dynamically generated by a preset national cryptographic chip. It is unique and unpredictable, and is used to prevent replay attacks, that is, to prevent attackers from repeatedly using historical authentication information to impersonate legitimate terminals. In some implementations, the first random number is usually 16 bytes.

[0052] The first authentication information refers to the final data generated by the intercom terminal to prove its legitimacy to the preset national cryptographic chip. It is obtained by encrypting the first random number with the first signature information and serves as the carrier for the intercom terminal to complete identity authentication with the national cryptographic chip.

[0053] After the intercom terminal initializes the preset chip interface and buffer, it sends a random number generation request to the preset national cryptographic chip. The national cryptographic chip generates a 16-byte first random number through its built-in random number generator and returns it to the intercom terminal through the preset buffer.

[0054] Next, the intercom terminal calls the preset signature algorithm to perform a hash operation on its own pre-stored authentication code, generating a first signature information of fixed length. This information uniquely corresponds to the pre-stored authentication code, and the original authentication code cannot be deduced from the signature information.

[0055] Subsequently, the intercom terminal uses the first signature information as a key and employs the first preset encryption algorithm to encrypt the first random number obtained from the national cryptographic chip, thereby obtaining the encrypted ciphertext, i.e., the first authentication information.

[0056] Next, the intercom terminal sends the first authentication information to the preset national cryptographic chip through the preset chip interface. The national cryptographic chip uses the same logic, that is, it generates signature information with the authentication code stored in itself, then decrypts the random number to verify the legality of the authentication information submitted by the terminal and completes the first identity authentication.

[0057] Thus, the intercom terminal signs its pre-stored authentication code based on a preset signature algorithm to determine the first signature information. Next, the intercom terminal encrypts a first random number obtained from a preset national cryptographic chip using the first signature information and a first preset encryption algorithm to determine the first authentication information. In this way, the preset signature algorithm ensures the integrity and immutability of the authentication code, while the first random number and the first preset encryption algorithm prevent the first authentication information from being reused.

[0058] Please see Figure 3In some implementations, the method further includes: 019: When the quantum key reserve is less than a preset threshold, the intercom terminal generates a key injection request based on the chip identifier and the asymmetric encryption public key built into the preset national cryptographic chip, and sends it to the quantum cryptography service platform; 020: The quantum cryptography service platform uses an asymmetric encryption public key to encrypt the generated quantum key and generate a second encrypted message; 021: The quantum cryptography service platform generates key configuration information corresponding to the quantum key being filled, based on the chip identifier; 022: The quantum cryptography service platform sends the second encryption information and key configuration information to the intercom terminal.

[0059] Specifically, the asymmetric encryption public key refers to the public key pre-installed in the national cryptographic chip at the factory, which forms a key pair with the private key stored in the chip. The public key can be publicly used for encryption, while only the private key can decrypt it, ensuring the security of key transmission. In one example, the asymmetric encryption public key can be generated using the SM2 national cryptographic algorithm.

[0060] A key replenishment request refers to a request initiated by the intercom terminal to the quantum cryptography service platform to request additional quantum keys, including chip identifiers and asymmetric encryption public keys, which are used by the platform to verify the terminal's identity and encrypt the keys.

[0061] Quantum key replenishment refers to the generation of new quantum keys for the terminal by the quantum cryptography service platform, which is used to supplement the key resources of the intercom terminal and support subsequent encrypted sessions.

[0062] The second encrypted information refers to the ciphertext obtained by encrypting the charged quantum key with the asymmetric encryption public key provided by the intercom terminal with insufficient quantum key reserve, ensuring that the key is not leaked during transmission.

[0063] Key configuration information refers to the parameters generated by the quantum cryptography service platform based on the chip identifier, used to guide the terminal in storing and charging the quantum key, including the key storage address and writing rules. In one example, the key configuration information could be: storage address 0x0001, maximum single write size 512 bytes.

[0064] After completing the initial authentication, the intercom terminal sends a key query request to the preset national cryptographic chip via the preset chip interface to obtain the quantum key reserve. If the quantum key reserve is less than a preset threshold, the key filling process is triggered. The intercom terminal reads the chip identifier and the built-in asymmetric encryption public key from the preset national cryptographic chip, packages the two together to generate a key filling request, and sends it to the quantum cryptography service platform.

[0065] After receiving a key injection request, the quantum cryptography service platform verifies the validity of the chip identifier. Once the chip identifier is verified, it generates the injection quantum key based on a quantum random number generator or a quantum key distribution device.

[0066] Subsequently, the quantum cryptography service platform uses the asymmetric encryption public key carried in the request to encrypt the charged quantum key, generating a second encrypted message. Simultaneously, the quantum cryptography service platform queries the hardware parameters of the terminal's national cryptographic chip based on the chip identifier to generate the corresponding key configuration information.

[0067] Finally, the quantum cryptography service platform packages the second encryption information and key configuration information and sends them back to the intercom terminal through the encrypted channel, completing the data preparation and transmission before refilling.

[0068] Thus, when the quantum key reserve is less than a preset threshold, the intercom terminal generates a key injection request based on the chip identifier and the asymmetric encryption public key built into the preset national cryptographic chip, and sends it to the quantum cryptography service platform. Next, the quantum cryptography service platform encrypts the generated injection quantum key based on the asymmetric encryption public key, generating second encrypted information. Then, the quantum cryptography service platform generates key configuration information corresponding to the injection quantum key according to the chip identifier. Finally, the quantum cryptography service platform sends the second encrypted information and the key configuration information to the intercom terminal. In this way, the asymmetric encryption public key ensures that only the intercom terminal can decrypt the injection quantum key during transmission, preventing leakage of the injection quantum key. Furthermore, by associating the chip identifier with the key configuration information, it ensures that the injection quantum key is compatible with the hardware characteristics of the terminal's national cryptographic chip, achieving accurate storage.

[0069] Please see Figure 4 In some implementations, the key configuration information includes key storage address information and write operation rule information, and the method further includes: 023: The intercom terminal decrypts the second encrypted information based on the asymmetric encryption private key corresponding to the asymmetric encryption public key, and generates a quantum key for filling; 024: The intercom terminal erases the storage space corresponding to the key storage address information in the preset national cryptographic chip based on the key storage address information; 025: The intercom terminal, based on a preset chip interface, cyclically writes the charged quantum key according to the writing operation rule information; 026: After the quantum key charging is completed, the intercom terminal detects the key storage status in the preset national cryptographic chip; 027: If the key storage status is normal, confirm that the key filling is complete.

[0070] Specifically, the asymmetric encryption private key refers to the private key that is paired with the asymmetric encryption public key built into the preset national cryptographic chip. It is stored inside the preset national cryptographic chip and is used to decrypt information encrypted by the corresponding asymmetric encryption public key, ensuring that only the terminal itself can decrypt the charged quantum key.

[0071] Key storage address information refers to a parameter in the key configuration information, used to specify the specific physical address in the preset national cryptographic chip used to store the charged quantum key, ensuring the accuracy of the key storage location. In one example, the key storage address information could be the starting address of the Flash storage area, 0x00020000.

[0072] Erasure processing refers to the operation of the intercom terminal to clear the data in the storage space corresponding to the key storage address information in the preset national cryptographic chip. It can clear the old keys or invalid data remaining in the storage space and avoid conflicts or contamination when storing new keys.

[0073] The write operation rule information refers to the key write specifications defined in the key configuration information, including the maximum number of bytes written in a single operation and the verification mechanism, to ensure that the key can be adapted to the hardware limitations of the national cryptographic chip and written correctly. In one example, the write operation rule information could be: the maximum number of bytes written in a single operation is 512 bytes, and the verification mechanism is CRC check.

[0074] Cyclic writing refers to the operation where, when the length of the charged quantum key exceeds the maximum single write limit of the preset national cryptographic chip, the terminal splits the key into multiple data packets that conform to the rules and writes them to the specified storage address in batches through the preset chip interface.

[0075] Key storage status refers to the status indicators such as the integrity and readability of the key stored in the preset national cryptographic chip after the quantum key is written, which is used to determine whether the quantum key can be used normally.

[0076] After receiving the second encrypted information and key configuration information sent by the quantum cryptography service platform, the intercom terminal calls the asymmetric encryption private key built into the preset national cryptographic chip to decrypt the second encrypted information and restore the original charged quantum key.

[0077] Subsequently, the intercom terminal parses the key storage address information in the key configuration information and sends an erase command to the preset national cryptographic chip through the preset chip interface to clear all data in the storage space corresponding to that address, ensuring that the storage area is empty.

[0078] Next, the intercom terminal, according to the writing operation rules, splits the charged quantum key into several data packets. These data packets are then sequentially written to the erased storage address via a preset chip interface, with verification performed after each batch of writing to ensure the accuracy of each data portion.

[0079] After all data packets are written, the intercom terminal sends a read command to the preset national cryptographic chip to read the complete charged quantum key from the target storage address and verify that its length and hash value are consistent with the original key. Simultaneously, the callability of the charged quantum key is checked.

[0080] Finally, if the key storage status verification is normal, the intercom terminal confirms that the key filling was successful and updates the quantum key balance.

[0081] In this way, the intercom terminal decrypts the second encrypted information based on the asymmetric encryption private key corresponding to the asymmetric encryption public key, generating a charged quantum key. Next, the intercom terminal erases the storage space corresponding to the key storage address in the preset national cryptographic chip based on the key storage address information. Then, the intercom terminal cyclically writes the charged quantum key according to the write operation rules based on the preset chip interface. Subsequently, after the charged quantum key is completed, the intercom terminal checks the key storage status in the preset national cryptographic chip. Finally, if the key storage status is normal, the key charging is confirmed to be complete. In this way, the uniqueness and security of the decryption process can be ensured through the asymmetric encryption private key, preventing the charged quantum key from being illegally obtained. Furthermore, the erasure process avoids interference from old data with the new key. In addition, cyclic writing based on the write operation rules adapts to the hardware limitations of the national cryptographic chip, thereby ensuring the complete storage of the charged quantum key.

[0082] Please see Figure 5 In some implementations, the method further includes: 028: In the event of an abnormal key storage status, the intercom terminal interrupts key refilling, generates an anomaly reporting request, and sends it to the quantum cryptography service platform. The anomaly reporting request includes the chip identifier.

[0083] Specifically, an abnormal key storage status refers to an unexpected state detected after the quantum key is filled and written into the preset national cryptographic chip, including but not limited to: key integrity verification failure, such as the read key not matching the original key hash value; incorrect key storage address, i.e., the writing location does not match the configuration information; and the key cannot be accessed by the national cryptographic chip.

[0084] Interrupted key refill refers to the intercom terminal immediately stopping all subsequent operations related to the key refill when it detects an abnormal key storage status, in order to prevent erroneous data from further affecting the system.

[0085] An anomaly reporting request refers to an information packet generated by the intercom terminal after an interruption recharge, used to report problems to the quantum cryptography service platform, including key information about the occurrence of the anomaly.

[0086] After completing the cyclic writing of the quantum key, the intercom terminal performs a storage status check. If the check result does not meet expectations, the key storage status is determined to be abnormal. The intercom terminal immediately stops the subsequent key writing operation and records the time of the abnormality and the initial status.

[0087] Next, the intercom terminal reads the chip identifier from the preset national cryptographic chip, packages the chip identifier with an abnormal state description, and generates a structured abnormality reporting request. This request is then sent to the quantum cryptography service platform. Upon receiving the request, the quantum cryptography service platform associates the chip identifier with the terminal information, stores the abnormality log, and may trigger subsequent actions such as pushing a refill command to the terminal and marking the device as requiring manual maintenance.

[0088] Thus, in the event of an abnormal key storage state, the intercom terminal interrupts key refilling, generates an anomaly reporting request, and sends it to the quantum cryptography service platform. The anomaly reporting request includes the chip identifier. This interruption operation prevents the abnormal key from being misused in communication, avoiding the spread of the erroneous state. Furthermore, the chip identifier allows the quantum cryptography service platform to accurately locate the problematic terminal, providing a basis for subsequent diagnosis and repair, and reducing manual troubleshooting costs.

[0089] Please see Figure 6 This application also provides a communication method based on an RTOS system. The RTOS system includes an intercom terminal and a quantum cryptography service platform. The intercom terminal includes a first intercom terminal and a second intercom terminal that have been authenticated based on the above authentication method. The method includes: 031: In response to the session initiation operation, the first intercom terminal sends a session request to the quantum cryptography service platform; 032: The quantum cryptography service platform generates the first session key information and the first key sequence number according to the session request, and sends them to the first intercom terminal; 033: The first intercom terminal generates a session key based on the first session key information and the first key serial number; 034: The first intercom terminal synchronizes the session identifier to the second intercom terminal, so that the second intercom terminal can obtain the session key based on the session identifier and then communicate based on the session key.

[0090] Specifically, RTOS refers to Real-Time Operating System, which features low latency and high reliability. It is suitable for embedded devices such as walkie-talkie terminals, ensuring the real-time nature of session establishment and data transmission.

[0091] A session initiation operation refers to the user's action of triggering the first intercom terminal to initiate encrypted communication. It is the trigger signal for starting the session process, indicating that an encrypted connection needs to be established between the intercom terminals. In one example, a session initiation operation could be pressing the intercom button or selecting a communication target.

[0092] The first intercom terminal refers to the intercom terminal that initiates the session, which has passed the above authentication process and has the authority to initiate encrypted communication.

[0093] The second intercom terminal refers to the intercom terminal that receives the session request. Like the first intercom terminal, it is authenticated and needs to obtain the session key through the session identifier to participate in encrypted communication.

[0094] A session request refers to the request information sent by the first intercom terminal to the quantum cryptography service platform to establish an encrypted session, including a session identifier, a first chip identifier, and a user token, which the quantum cryptography service platform uses to verify the terminal's permissions and generate the corresponding key.

[0095] The first session key information refers to the encrypted session key data generated by the quantum cryptography service platform. The original session key can only be obtained by decrypting it with the quantum key preset in the intercom terminal, thus ensuring the secure transmission of the session key.

[0096] The first key serial number refers to a unique number associated with the preset quantum key of the first intercom terminal. It is used by the intercom terminal to accurately retrieve the corresponding preset key from the preset national cryptographic chip in order to decrypt the first session key information.

[0097] The session key refers to the symmetric key used for encrypted communication between the first intercom terminal and the second intercom terminal. It is generated by the quantum cryptography service platform and has the characteristic of one-time pad, which is only valid in the current round of the session.

[0098] The session identifier is a unique string that identifies the current session. It is generated by the first intercom terminal and associated with the current round of the session. It is used by the second intercom terminal to query the corresponding session key from the quantum cryptography service platform.

[0099] When a user initiates a session on the first intercom terminal, the terminal generates a unique session identifier, which, combined with its own chip identifier and user token, is packaged into a session request and sent to the quantum cryptography service platform.

[0100] The quantum cryptography service platform verifies the legitimacy of the user token and the validity of the terminal identity in the session request. After successful verification, it generates a session key based on a quantum random number generator and determines the first key sequence number corresponding to the preset quantum key of the first intercom terminal. Furthermore, the quantum cryptography service platform encrypts the session key using this preset quantum key, generates first session key information, and returns the first session key information and the first key sequence number together to the first intercom terminal.

[0101] After receiving the first session key information and the first key serial number, the first intercom terminal sends the first key serial number to the national cryptographic chip through the preset chip interface and buffer to retrieve the corresponding preset quantum key. It then uses this preset key to decrypt the first session key information to obtain the original session key.

[0102] The first intercom terminal synchronizes the session identifier to the second intercom terminal. Only the session identifier is transmitted during the synchronization process.

[0103] After receiving the session identifier, the second intercom terminal sends a query request containing the session identifier and its own identity information to the quantum cryptography service platform. After verification, the quantum cryptography service platform returns the corresponding encrypted session key information and the second key sequence number. The second terminal then decrypts the session key using its own pre-set quantum key.

[0104] After both the first and second intercom terminals obtain the session key, they use the session key to encrypt voice and data, thus achieving end-to-end encrypted communication.

[0105] In response to the session initiation operation, the first intercom terminal sends a session request to the quantum cryptography service platform. Next, the quantum cryptography service platform generates first session key information and a first key sequence number based on the session request and sends them to the first intercom terminal. Then, the first intercom terminal generates a session key based on the first session key information and the first key sequence number. Finally, the first intercom terminal synchronizes the session identifier to the second intercom terminal, enabling the second intercom terminal to obtain the session key based on the session identifier and then communicate using the session key. This method of encrypting the transmission of the session key by generating the first session key information through the quantum cryptography service platform prevents leakage during transmission. Furthermore, the session identifier ensures precise matching of the session key, guaranteeing that the first and second intercom terminals use the same session key. Additionally, communication based on authenticated intercom terminals ensures the legitimacy of the participants' identities and the adequacy of the keys.

[0106] Please see Figure 7 In some implementations, the session request includes a session identifier and a first chip identifier corresponding to the first intercom terminal. The session identifier is generated by the first intercom terminal based on a user token. Step 032 (generating first session key information and a first key sequence number according to the session request) includes: 0321: The quantum cryptography service platform verifies the legality of the user token and the validity of the first chip identifier; 0322: If the user token's legitimacy and the first chip identifier's validity are both verified, the quantum cryptography service platform generates a session key based on the session identifier; 0323: The quantum cryptography service platform determines the first key sequence number corresponding to the session key, and the first key sequence number corresponds to a first target charged quantum key pre-charged in the first intercom terminal; 0324: The quantum cryptography service platform, based on the second preset encryption algorithm, encrypts the session key according to the second target quantum key pre-stored in its own storage, and generates the first session key information.

[0107] Specifically, the first chip identifier refers to the unique hardware identifier of the preset national cryptographic chip integrated in the first intercom terminal, which is used by the quantum cryptography service platform to identify the identity of the terminal that initiates the session and associate information such as the pre-charged key of the first intercom terminal.

[0108] A user token refers to a temporary access credential obtained and stored by the first intercom terminal from the quantum cryptography service platform during the aforementioned authentication process. It includes user identity information and permission identifiers and is used to prove the legitimate access rights of the first intercom terminal.

[0109] The legitimacy of a user token refers to the validity verification result of the user token, including whether the token is within its validity period, whether the signature is correct, and whether it is bound to the first chip identifier, to ensure that the token has not been forged or abused.

[0110] The validity of the first chip identifier refers to the verification result of the registration status of the first chip identifier, including whether the identifier has been registered on the platform, whether it belongs to an authorized terminal, and whether there are any abnormal records, to ensure that the session initiator is a legitimate terminal.

[0111] The first target quantum key refers to the quantum key pre-stored in the preset national cryptographic chip of the first intercom terminal through the above-mentioned charging process. It has high randomness and is used to decrypt the first session key information sent by the quantum cryptography service platform.

[0112] The second preset encryption algorithm refers to the symmetric encryption algorithm used by the quantum cryptography service platform to encrypt the session key, which corresponds to the first preset decryption algorithm in the first intercom terminal, ensuring that the encrypted session key can be correctly decrypted.

[0113] The second target-filled quantum key refers to the key pre-stored by the quantum cryptography service platform, corresponding to the first target-filled quantum key in the first intercom terminal. This key is used by the quantum cryptography service platform to encrypt the session key, ensuring that only the first intercom terminal can decrypt it. In some implementations, the first target-filled quantum key and the second target-filled quantum key are two copies of the same quantum symmetric key pair.

[0114] The first intercom terminal generates a unique session identifier based on the user token, packages the session identifier with its own first chip identifier, generates a session request, and sends it to the quantum cryptography service platform.

[0115] After receiving a session request, the quantum cryptography service platform first verifies the legitimacy of the user token and the validity of the first chip identifier.

[0116] If both the user token's validity and the first chip identifier's validity are verified, the platform generates a session key based on the session identifier and stores the session key in association with the session identifier to ensure that it can be queried through the session identifier in the future.

[0117] The quantum cryptography service platform queries the pre-charged key record of the terminal based on the first chip identifier, locates the record corresponding to the first target quantum key in the first intercom terminal, and extracts the unique number of the record as the first key sequence number.

[0118] Subsequently, the quantum cryptography service platform invokes the second preset encryption algorithm, using the second target-filled quantum key corresponding to the first key sequence number as the encryption key, to encrypt the generated session key and obtain the first session key information.

[0119] The quantum cryptography service platform packages the first session key information and the first key sequence number, and sends them to the first intercom terminal through an encrypted channel to complete the encrypted distribution of the session key.

[0120] In this way, the quantum cryptography service platform verifies the legitimacy of the user token and the validity of the first chip identifier. Next, if both the legitimacy of the user token and the validity of the first chip identifier are verified, the quantum cryptography service platform generates a session key based on the session identifier. Then, the quantum cryptography service platform determines a first key sequence number corresponding to the session key, which corresponds to a first target-filled quantum key pre-loaded in the first intercom terminal. Finally, the quantum cryptography service platform encrypts the session key based on a second preset encryption algorithm and its own pre-stored second target-filled quantum key, generating first session key information. The second target-filled quantum key corresponds to the first target-filled quantum key. Thus, using the quantum key pre-loaded in the first intercom terminal to encrypt the transmission of the session key prevents leakage during transmission. Furthermore, the correspondence between the second and first target-filled quantum keys ensures that only the first intercom terminal can decrypt and obtain the session key, preventing unauthorized access.

[0121] Please see Figure 8 In some implementations, step 033 (generating a session key based on the first session key information and the first key sequence number) includes: 0331: The first intercom terminal sends the first key sequence number to the preset national cryptographic chip integrated within itself based on the first preset buffer and the first preset chip interface in order to obtain the first target charging quantum key; 0332: The first intercom terminal decrypts the first session key information according to the first target quantum key and the pre-configured first preset decryption algorithm to generate a session key.

[0122] Specifically, the first preset buffer refers to the memory area in the first intercom terminal used to temporarily store data interacting with the preset national cryptographic chip. It can cache the sent key sequence number instruction and the received target charging quantum key to ensure the orderliness and integrity of data interaction.

[0123] The first preset chip interface refers to the hardware communication interface that connects the main controller of the first intercom terminal with the preset national cryptographic chip. It supports command transmission and data reading and writing and is the physical channel for interaction between the first intercom terminal and the national cryptographic chip.

[0124] The first preset decryption algorithm refers to the decryption algorithm pre-configured in the first intercom terminal, which can be used to decrypt the first session key information encrypted by the second preset encryption algorithm.

[0125] After receiving the first key sequence number returned by the quantum cryptography service platform, the first intercom terminal generates a key retrieval instruction including the first key sequence number and temporarily stores the key retrieval instruction in the first preset buffer to ensure that the instruction format conforms to the communication protocol of the preset national cryptographic chip.

[0126] The first intercom terminal sends a key retrieval command from the first preset buffer to the preset national cryptographic chip through the preset chip interface, requesting to obtain the charged quantum key corresponding to the first key serial number.

[0127] After verifying the legality of the national cryptographic chip, the first target charging quantum key is retrieved from the internal secure storage area and returned to the first intercom terminal through the preset chip interface. The intercom terminal temporarily stores the first target charging quantum key in the preset buffer.

[0128] The first intercom terminal reads the first target-filled quantum key and the first session key information from the preset buffer, calls the pre-configured first preset decryption algorithm, and uses the first target-filled quantum key as the decryption key to perform decryption operation on the first session key information.

[0129] After decryption, the first intercom terminal performs an integrity check on the result. Once confirmed to be correct, it obtains the original session key, which is used for subsequent encrypted communication with the second intercom terminal.

[0130] Thus, the first intercom terminal, based on a preset buffer and a preset chip interface, sends a first key sequence number to its integrated preset national cryptographic chip to obtain the first target-filled quantum key. Next, the first intercom terminal decrypts the first session key information according to the first target-filled quantum key and a pre-configured first preset decryption algorithm to generate a session key. The first preset decryption algorithm corresponds to a second preset encryption algorithm. In this way, secure interaction with the preset national cryptographic chip is achieved through the preset chip interface and buffer, thereby ensuring the reliability of the first target-filled quantum key retrieval process.

[0131] Please see Figure 9 In some implementations, the method further includes: 035: The second intercom terminal sends the session identifier to the quantum cryptography service platform; 036: The quantum cryptography service platform determines the session key based on the session identifier; 037: The quantum cryptography service platform determines the second key sequence number corresponding to the session key, and the second key sequence number corresponds to a third target quantum key pre-charged in the second intercom terminal; 038: The quantum cryptography service platform, based on the third preset encryption algorithm, encrypts the session key according to the fourth target quantum key pre-stored in its own storage, generates the second session key information, and sends it to the second intercom terminal.

[0132] Specifically, the second key serial number refers to a unique number bound to the third target quantum key pre-charged in the second intercom terminal. It is used to identify the corresponding storage location of the key in the platform and ensure that the correct key is called during encryption.

[0133] The third target of quantum key loading refers to the quantum key pre-stored in the preset national cryptographic chip of the second intercom terminal through the above-mentioned loading process. It has high security and is used to decrypt the second session key information sent by the quantum cryptography service platform.

[0134] The third preset encryption algorithm refers to the symmetric encryption algorithm used by the quantum cryptography service platform to encrypt the session key, which is matched with the corresponding decryption algorithm in the second intercom terminal to ensure that the encrypted data can be correctly decrypted.

[0135] The fourth target-filled quantum key refers to the key pre-stored by the quantum cryptography service platform, corresponding to the third target-filled quantum key in the second intercom terminal. It is used by the quantum cryptography service platform to encrypt the session key, ensuring that only the second intercom terminal can decrypt it. In some implementations, the third target-filled quantum key and the fourth target-filled quantum key are two copies of the same quantum symmetric key pair.

[0136] The second session key information refers to the ciphertext obtained by the quantum cryptography service platform after encrypting the session key with the fourth target quantum key and the third preset encryption algorithm. It is a secure transmission form of the session key to prevent leakage during transmission.

[0137] Thus, the second intercom terminal sends a session identifier to the quantum cryptography service platform. Next, the quantum cryptography service platform determines the session key based on the session identifier. Then, it determines a second key sequence number corresponding to the session key, which corresponds to a third target-filled quantum key pre-filled in the second intercom terminal. Finally, based on a third preset encryption algorithm and its own pre-stored fourth target-filled quantum key, the quantum cryptography service platform encrypts the session key, generating a second session key and sending it to the second intercom terminal. The fourth target-filled quantum key corresponds to the third target-filled quantum key. In this way, precise key matching is achieved through the session identifier, ensuring that the second intercom terminal obtains the same session key as the first intercom terminal. Furthermore, the correspondence between the fourth and third target-filled quantum keys ensures that only the second intercom terminal can decrypt and obtain the session key, preventing unauthorized access.

[0138] Please see Figure 10 In some implementations, the method further includes: 039: The second intercom terminal sends the second key sequence number to its integrated preset national cryptographic chip based on the second preset buffer and the second preset chip interface in order to obtain the third target charging quantum key; 040: The second intercom terminal decrypts the second session key information according to the quantum key charged by the third target and the pre-configured second preset decryption algorithm, and generates a session key.

[0139] Specifically, after receiving the second key sequence number and second session key information returned by the quantum cryptography service platform, the second intercom terminal generates a key retrieval instruction including the second key sequence number and temporarily stores the key retrieval instruction in a preset buffer to ensure that the instruction format is correct.

[0140] The first intercom terminal sends a key retrieval command from the preset buffer to its own integrated preset national cryptographic chip via a preset chip interface, requesting to obtain the third target charging quantum key corresponding to the second key serial number.

[0141] After verifying the legitimacy of the national cryptographic chip, the third target quantum key is retrieved from the internal secure storage area and returned to the second intercom terminal through the preset chip interface. The terminal then temporarily stores the key in the preset buffer.

[0142] The second intercom terminal reads the third target-filled quantum key and the second session key information from the preset buffer, calls the pre-configured second preset decryption algorithm, and uses the third target-filled quantum key as the decryption key to perform decryption operation on the second session key information.

[0143] After decryption, the second intercom terminal performs an integrity check on the result. Once confirmed to be correct, it obtains the original session key, which is used for subsequent encrypted communication with the first intercom terminal.

[0144] Thus, the second intercom terminal, based on a preset buffer and a preset chip interface, sends a second key sequence number to its integrated preset national cryptographic chip to obtain the third target-filled quantum key. Next, the second intercom terminal decrypts the second session key information according to the third target-filled quantum key and a pre-configured second preset decryption algorithm to generate a session key. The second preset decryption algorithm corresponds to the third preset encryption algorithm. This secure interaction with the preset national cryptographic chip is achieved through the preset chip interface and buffer, thereby ensuring the reliability of the second target-filled quantum key retrieval process.

[0145] This application also provides a computer-readable storage medium containing a computer program. When the computer program is executed by one or more processors, it causes the one or more processors to perform the method of this application.

[0146] It is understood that a computer program includes computer program code. Computer program code can be in the form of source code, object code, executable files, or some intermediate form. Computer-readable storage media can include: any entity or device capable of carrying computer program code, recording media, USB flash drives, portable hard drives, magnetic disks, optical disks, computer memory, read-only memory (ROM), random access memory (RAM), and software distribution media, etc.

[0147] In this specification, the terms "specifically," "furthermore," "particularly," "understandably," etc., refer to specific features, structures, materials, or characteristics described in connection with embodiments or examples that are included in at least one embodiment or example of this application. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.

[0148] Any process or method described in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of this application includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the function involved, as will be understood by those skilled in the art to which embodiments of this application pertain.

[0149] Although embodiments of this application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting this application. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of this application.

Claims

1. An authentication method for a walkie-talkie terminal, characterized in that, The intercom terminal integrates a preset national cryptographic chip, a preset chip interface associated with the preset national cryptographic chip, and a preset buffer. The method includes: In response to the terminal start signal, the intercom terminal initializes the preset chip interface and the preset buffer. The preset chip interface is used to perform read and write operations on the preset national cryptographic chip, and the preset buffer is used to communicate with the preset national cryptographic chip. If both the preset chip interface and the preset buffer are successfully initialized, the intercom terminal sends the first authentication information to the preset national cryptographic chip to perform the first identity authentication. If the first identity authentication is successful, the intercom terminal sends a key query request to the preset national cryptographic chip; The intercom terminal receives key query information associated with the key query request, the key query information including quantum key reserve and chip identifier corresponding to the preset national cryptographic chip; When the quantum key reserve is greater than or equal to a preset threshold, the intercom terminal sends a communication connection request to the quantum cryptography service platform. The communication connection request includes the chip identifier and user information. When a communication connection is established with the quantum cryptography service platform, the intercom terminal receives and stores a user token associated with the user information sent by the quantum cryptography service platform to complete the authentication.

2. The method according to claim 1, characterized in that, The method further includes: The intercom terminal performs signature processing on its own pre-stored authentication code based on a preset signature algorithm to determine the first signature information; The intercom terminal encrypts the first random number obtained from the preset national cryptographic chip according to the first signature information and the first preset encryption algorithm to determine the first authentication information.

3. The method according to claim 1, characterized in that, The method further includes: When the quantum key reserve is less than the preset threshold, the intercom terminal generates a key injection request based on the chip identifier and the asymmetric encryption public key built into the preset national cryptographic chip, and sends it to the quantum cryptography service platform; The quantum cryptography service platform encrypts the generated quantum key based on the asymmetric encryption public key to generate second encrypted information; The quantum cryptography service platform generates key configuration information corresponding to the charged quantum key based on the chip identifier; The quantum cryptography service platform sends the second encryption information and the key configuration information to the intercom terminal.

4. The method according to claim 3, characterized in that, The key configuration information includes key storage address information and write operation rule information, and the method further includes: The intercom terminal decrypts the second encrypted information based on the asymmetric encryption private key corresponding to the asymmetric encryption public key, and generates the charged quantum key; The intercom terminal erases the storage space in the preset national cryptographic chip corresponding to the key storage address information based on the key storage address information; The intercom terminal, based on the preset chip interface, cyclically writes the charging quantum key according to the writing operation rule information; When the quantum key charging is completed, the intercom terminal detects the key storage status in the preset national cryptographic chip; If the key storage status is normal, the key filling is confirmed to be complete.

5. The method according to claim 4, characterized in that, The method further includes: If the key storage status is abnormal, the intercom terminal interrupts key refilling, generates an anomaly reporting request, and sends it to the quantum cryptography service platform. The anomaly reporting request includes the chip identifier.

6. A communication method based on an RTOS system, characterized in that, The RTOS system includes an intercom terminal and a quantum cryptography service platform. The intercom terminal includes a first intercom terminal and a second intercom terminal that have been authenticated based on the authentication method described in any one of claims 1-5. The method includes: In response to the session initiation operation, the first intercom terminal sends a session request to the quantum cryptography service platform; The quantum cryptography service platform generates first session key information and first key sequence number according to the session request, and sends them to the first intercom terminal; The first intercom terminal generates a session key based on the first session key information and the first key sequence number; The first intercom terminal synchronizes the session identifier to the second intercom terminal, so that the second intercom terminal can obtain the session key according to the session identifier, and then communicate according to the session key.

7. The method according to claim 6, characterized in that, The session request includes a session identifier and a first chip identifier corresponding to the first intercom terminal. The session identifier is generated by the first intercom terminal based on the user token. Generating first session key information and a first key sequence number according to the session request includes: The quantum cryptography service platform verifies the legality of the user token and the validity of the first chip identifier; If both the validity of the user token and the validity of the first chip identifier are verified, the quantum cryptography service platform generates the session key based on the session identifier; The quantum cryptography service platform determines the first key sequence number corresponding to the session key, and the first key sequence number corresponds to a first target charged quantum key pre-charged in the first intercom terminal; The quantum cryptography service platform, based on a second preset encryption algorithm, encrypts the session key according to its own pre-stored second target-filled quantum key to generate first session key information, wherein the second target-filled quantum key corresponds to the first target-filled quantum key.

8. The method according to claim 7, characterized in that, The step of generating a session key based on the first session key information and the first key sequence number includes: The first intercom terminal sends the first key sequence number to the preset national cryptographic chip integrated within itself based on the first preset buffer and the first preset chip interface in order to obtain the first target charging quantum key; The first intercom terminal decrypts the first session key information according to the first target quantum key and the pre-configured first preset decryption algorithm to generate the session key. The first preset decryption algorithm corresponds to the second preset encryption algorithm.

9. The method according to claim 6, characterized in that, The method further includes: The second intercom terminal sends the session identifier to the quantum cryptography service platform; The quantum cryptography service platform determines the session key based on the session identifier; The quantum cryptography service platform determines a second key sequence number corresponding to the session key, and the second key sequence number corresponds to a third target quantum key pre-charged in the second intercom terminal; The quantum cryptography service platform, based on a third preset encryption algorithm, encrypts the session key according to its own pre-stored fourth target-filled quantum key, generates second session key information, and sends it to the second intercom terminal. The fourth target-filled quantum key corresponds to the third target-filled quantum key.

10. The method according to claim 9, characterized in that, The method further includes: The second intercom terminal sends the second key sequence number to its integrated preset national cryptographic chip based on the second preset buffer and the second preset chip interface in order to obtain the third target charging quantum key; The second intercom terminal decrypts the second session key information according to the third target quantum key and the pre-configured second preset decryption algorithm to generate the session key. The second preset decryption algorithm corresponds to the third preset encryption algorithm.