File segmentation and encryption processing method based on quantum key distribution

By using a file segmentation encryption method based on quantum key distribution, the original data is encrypted in segments. By utilizing random keys generated by quantum relay networks and target key identifiers, the problems of low encryption strength, low security, and low efficiency in existing technologies are solved, achieving high-security and high-efficiency data transmission.

WO2026138503A1PCT designated stage Publication Date: 2026-07-02CHINA TELECOM QUANTUM INFORMATION TECH GRP CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
CHINA TELECOM QUANTUM INFORMATION TECH GRP CO LTD
Filing Date
2025-12-10
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

In existing technologies, the use of a fixed key for overall file encryption results in low encryption strength, low security, and low efficiency, while determining decryption permissions through file attributes is complex.

Method used

A file segmentation encryption method based on quantum key distribution is adopted. Multiple sets of random keys are generated through a quantum relay network to encrypt the original data in segments. The encryption is further enhanced by using the identifiers of the target injection key and the target random key. The sending device then sends the encrypted data to the receiving device.

Benefits of technology

It improves encryption strength and security, simplifies the decryption process, ensures that only the receiving device can decrypt the data, and improves transmission efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025141408_02072026_PF_FP_ABST
    Figure CN2025141408_02072026_PF_FP_ABST
Patent Text Reader

Abstract

Provided in the present application is a file segmentation and encryption processing method based on quantum key distribution, which method is applied to a transmitter device of a file segmentation and processing system. The method comprises: acquiring filled keys of a plurality of receiver devices and identifiers of the filled keys, and acquiring a plurality of groups of random key information; segmenting original data to obtain a plurality of pieces of data to be encrypted; for any piece of data to be encrypted, encrypting same on the basis of a target random key, so as to obtain encrypted data; on the basis of a target filled key, encrypting an identifier of the target random key and a position identifier, so as to obtain identifier encryption data; and adding the identifier encryption data and an identifier of the target filled key to the encrypted data, so as to obtain target data, and sending the target data to the receiver devices. In the present application, original data is segmented and is then encrypted, and an identifier of a random key used for encryption is encrypted by using a filled key of a receiver device, thereby improving the data security.
Need to check novelty before this filing date? Find Prior Art

Description

A File Segmentation Encryption Method Based on Quantum Key Distribution

[0001] Cross-reference to related applications

[0002] This application claims priority to Chinese Patent Application No. 2024119546590, filed on December 27, 2024, entitled “Method for File Segmentation Encryption Processing Based on Quantum Key Distribution”, the entire contents of which are incorporated herein by reference. Technical Field

[0003] This application relates to the field of data encryption technology, and more specifically, to a file segmentation encryption method based on quantum key distribution. Background Technology

[0004] In the context of the internet, encrypting transmitted files can ensure that personal information is not intercepted by third parties during transmission. Therefore, how to encrypt transmitted files has become an urgent technical problem to be solved.

[0005] In existing technologies, the entire file to be transmitted is usually encrypted using a fixed key, and decryption permissions are determined by file attributes.

[0006] However, encrypting the entire transmitted file offers relatively low encryption strength, and transmitting it over a classic network with a fixed key results in low security. Determining decryption permissions based on file attributes is complex and inefficient. Summary of the Invention

[0007] The purpose of this application is to provide a file segmentation encryption method based on quantum key distribution to address the shortcomings of the prior art, thereby solving the problems of low encryption strength, low security, and low efficiency in the prior art.

[0008] To achieve the above objectives, the technical solution adopted in this application is as follows:

[0009] In a first aspect, this application provides a file segmentation encryption method based on quantum key distribution, applied to the sending end device of a file segmentation processing system; the method includes:

[0010] Multiple charging keys and their identifiers are obtained from the receiving device through a quantum relay network, and multiple sets of random key information are obtained through the quantum relay network. Each set of random key information includes a random key and its identifier.

[0011] The original data is segmented to obtain multiple data to be encrypted, and a target injection key and a target random key are assigned to each data to be encrypted.

[0012] For any one of the plurality of data to be encrypted, the data to be encrypted is encrypted according to the target random key corresponding to the data to be encrypted, so as to obtain the encrypted data corresponding to the data to be encrypted.

[0013] Based on the target injection key corresponding to the data to be encrypted, the identifier and location identifier of the target random key are encrypted to obtain the identifier encrypted data, wherein the location identifier is used to identify the position of the data to be encrypted in the original data;

[0014] The identifier encrypted data and the identifier of the target charging key are added to the encrypted data to obtain the target data corresponding to the data to be encrypted, and the target data is sent to the receiving device.

[0015] Optionally, adding the identifier encrypted data and the identifier of the target injection key to the encrypted data to obtain the target data corresponding to the data to be encrypted includes:

[0016] Add preset separator data to the end of the encrypted data;

[0017] The encrypted identifier data is appended to the end of the delimiter data to obtain the target data.

[0018] Optionally, before obtaining multiple charging keys and the identifiers of each charging key from the receiving device via the quantum relay network, the method further includes:

[0019] Determine the charging key that the quantum key charging module charges into the quantum-safe chip of the transmitting device;

[0020] Obtain user login information;

[0021] The quantum-safe chip in the transmitting device performs encryption calculations on the user login information based on the charging key to obtain authentication information;

[0022] The authentication information is sent to the quantum cryptography management service system, so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

[0023] Optionally, obtaining multiple charging keys and the identifier of each charging key from the receiving device via the quantum relay network includes:

[0024] The quantum cryptography management service system obtains the identifier of the quantum key distribution module of the receiving end from the cryptography management service platform of the quantum relay network, and receives multiple charging keys and the identifier of each charging key sent by the receiving end device.

[0025] Optionally, obtaining multiple sets of random key information through the quantum relay network includes:

[0026] The identifiers of the quantum key distribution modules at the transmitting end and the receiving end are sent to the quantum key distribution network controller of the quantum relay network, so that the quantum key distribution network controller can determine the multiple sets of random key information based on the identifiers of the quantum key distribution modules at the transmitting end, the receiving end, and the key manager topology link in the quantum relay network.

[0027] Secondly, this application provides a file segmentation encryption method based on quantum key distribution, applied to the receiving end device of a file segmentation encryption system, the method comprising:

[0028] Multiple charging keys and their identifiers are sent to the transmitting device via a quantum relay network, and multiple sets of random key information are obtained through the quantum relay network.

[0029] Receive multiple target data from the sending device. Each target data includes: encrypted data, identifier encrypted data, and identifier of the target injection key. The identifier encrypted data includes: the encryption result of the identifier of the target random key corresponding to the encrypted data, and the encryption result of the location identifier. The location identifier is used to identify the position of the data to be encrypted corresponding to the encrypted data in the original data.

[0030] Based on the identifier of each target filling key, obtain each target filling key;

[0031] Based on each of the target injection keys and each of the identifier encryption data, the encrypted data is decrypted to obtain the data to be encrypted and the location identifier of the data to be encrypted corresponding to the encrypted data.

[0032] The original data is obtained by splicing together the data to be encrypted and the location identifier corresponding to each encrypted data.

[0033] Optionally, the step of decrypting the encrypted data according to each of the target injection keys and each of the identifier encryption data to obtain the data to be encrypted corresponding to the encrypted data and the location identifier of the data to be encrypted includes:

[0034] Based on the target injection key, the encrypted identifier data is decrypted to obtain the identifier of the target random key and the location identifier;

[0035] Obtain the target random key based on the identifier of the target random key;

[0036] The encrypted data is decrypted using the target random key to obtain the data to be encrypted.

[0037] Optionally, before sending multiple charging keys and identifiers of each charging key to the transmitting device via the quantum relay network, the method further includes:

[0038] Determine the charging key that the quantum key charging module charges into the quantum-safe chip of the receiving device;

[0039] Obtain user login information;

[0040] The quantum security chip in the receiving device performs encryption calculations on the user login information based on the charging key to obtain authentication information;

[0041] The authentication information is sent to the quantum cryptography management service system, so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

[0042] Optionally, the step of concatenating the original data based on the data to be encrypted corresponding to each of the encrypted data and the location identifier includes:

[0043] The concatenation order of each piece of data to be encrypted is determined based on the position data of each piece of data to be encrypted;

[0044] The original data is obtained by merging the data to be encrypted according to the splicing order.

[0045] Thirdly, this application provides a file segmentation processing system, the system including a sending end device, a receiving end device, and a quantum relay network;

[0046] The transmitting device is configured to perform the steps of the file segmentation encryption processing method based on quantum key distribution as described in the first aspect, and the receiving device is configured to perform the steps of the file segmentation decryption processing method based on quantum key distribution as described in the second aspect.

[0047] Fourthly, this application provides an electronic device, including: a processor, a storage medium, and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, and when the electronic device is running, the processor communicates with the storage medium via the bus, and the processor executes the machine-readable instructions to perform the steps of the method of the first aspect or the method of the second aspect described above.

[0048] Fourthly, this application provides a computer-readable storage medium storing a computer program, which, when executed by a processor, performs the steps of the method described in the first aspect or the method described in the second aspect.

[0049] The beneficial effects of this application are as follows: The transmitting device obtains multiple charging keys from the receiving device, and then obtains multiple sets of random key information through a quantum relay network. Since multiple sets of random key information are generated in the quantum relay network, and classical network transmission keys are not used, security is higher. Then, the original data is segmented into multiple data to be encrypted. Based on the target random key in the multiple random key information, each data to be encrypted is encrypted, and the identifier of each target random key is encrypted using each target charging key. Because this embodiment segments the entire original data and encrypts each data to be encrypted using different random keys, the encryption strength is high, security is strong, and the loss of keys prevents the entire data from being leaked. The identifier of the encrypted target random key and the identifier of the target charging key are added to the encrypted data to obtain the target data, and the target data is sent to the receiving device. During this process, since the identifier of the random key is encrypted using the charging key of the receiving device, after receiving the target data, the receiving device decrypts the identifier of the encrypted random key according to its own charging key, thereby obtaining the identifier of the random key corresponding to the encrypted data. The encrypted data is then decrypted according to the identifier of the random key, achieving secure data transmission. As can be seen, if the encrypted data is not received by the recipient, the identifier of the random key cannot be obtained, thus making it impossible to obtain a definite random key and decrypt the encrypted data. Therefore, this embodiment simplifies the process and improves transmission efficiency while ensuring data security. Attached Figure Description

[0050] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0051] Figure 1 is a schematic diagram of a file segmentation processing system provided in an embodiment of this application;

[0052] Figure 2 is a flowchart illustrating a file segmentation encryption method based on quantum key distribution provided in an embodiment of this application;

[0053] Figure 3 is a flowchart illustrating an identity authentication method provided in an embodiment of this application;

[0054] Figure 4 is a schematic diagram of the structure of a key manager relay link in a quantum relay network provided in an embodiment of this application;

[0055] Figure 5 is a flowchart illustrating a file segmentation and decryption method based on quantum key distribution provided in an embodiment of this application;

[0056] Figure 6 is a schematic diagram of a process for determining the data to be encrypted and the location identifier of the data to be encrypted according to an embodiment of this application;

[0057] Figure 7 is a flowchart illustrating another authentication method provided in an embodiment of this application;

[0058] Figure 8 is a flowchart illustrating a file segmentation method based on quantum key distribution provided in an embodiment of this application;

[0059] Figure 9 is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0060] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the accompanying drawings in this application are for illustrative and descriptive purposes only and are not intended to limit the scope of protection of this application. Furthermore, it should be understood that the schematic drawings are not drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of this application. It should be understood that the operations in the flowcharts may not be implemented in sequence, and steps without logical contextual relationships may be reversed or implemented simultaneously. In addition, those skilled in the art, guided by the content of this application, may add one or more other operations to the flowcharts, or remove one or more operations from the flowcharts.

[0061] Furthermore, the described embodiments are merely some, not all, of the embodiments of this application. The components of the embodiments of this application described and illustrated herein can typically be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely to illustrate selected embodiments of the application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.

[0062] It should be noted that the term "comprising" will be used in the embodiments of this application to indicate the presence of the features declared thereafter, but does not exclude the addition of other features.

[0063] In existing technologies, the entire file to be transmitted is typically encrypted using a fixed key, and decryption permissions are determined based on file attributes. However, encrypting the entire file provides relatively weak encryption, and transmitting it over a traditional network with a fixed key results in low security. Determining decryption permissions based on file attributes is also complex and inefficient.

[0064] Based on this, this application proposes a file segmentation encryption method based on quantum key distribution. This method segments the original data sent by the transmitting device and encrypts each segment using a different key, thereby improving data security. Furthermore, the key used for each data segment is a random key generated by a quantum repeater network, which further enhances security compared to transmitting a fixed key through a classical network. After receiving the encrypted data, the receiving device decrypts it using its own injected key, ensuring that only the receiving device can decrypt the encrypted data. The method is simple and the process is further simplified.

[0065] Before introducing the file segmentation encryption and decryption methods based on quantum key distribution, we will first explain the structure of the file segmentation system to which these methods are applied.

[0066] Figure 1 is a schematic diagram of a file segmentation processing system provided in an embodiment of this application. As shown in Figure 1, the file segmentation processing system includes a sending end device, a quantum relay network, and a receiving end device.

[0067] The transmitting device includes a transmitting terminal, a quantum-safe chip, a quantum key injection module, a quantum cryptography management service system, a key manager, and a quantum key distribution module. The transmitting terminal and the quantum cryptography management service system are connected via a network. The quantum-safe chip in the transmitting device is connected to the quantum key injection module, which in turn is connected to the quantum key management service system. The quantum cryptography management service system is connected to the key manager, and the key manager is connected to the quantum key distribution module.

[0068] The receiving-end equipment includes a receiving-end terminal, a quantum-safe chip, a quantum key injection module, a quantum cryptography management service system, a key manager, and a quantum key distribution module. The receiving-end terminal and the quantum cryptography management service system are connected via a network. The quantum-safe chip in the receiving-end equipment is connected to the quantum key injection module, the quantum key injection module is connected to the quantum key management service system, the quantum cryptography management service system is connected to the key manager, and the key manager is connected to the quantum key distribution module.

[0069] The quantum relay network comprises a cryptographic management service platform, a quantum key distribution network controller, multiple key managers, and multiple quantum key distribution modules. The cryptographic management service platform is connected to both the transmitting and receiving quantum cryptographic management service systems. The quantum key distribution network controller is connected to the key managers at the transmitting and receiving ends, as well as to each key manager within the quantum relay network. Each key manager in the quantum relay network is connected to one quantum key distribution module. The key managers in the quantum relay network are topologically connected, with two key managers connected to the key managers at the transmitting and receiving ends, respectively. The quantum key distribution modules in the quantum relay network are topologically connected, with two quantum key distribution modules connected to the quantum key distribution modules at the transmitting and receiving ends, respectively.

[0070] The quantum key distribution module is used to distribute quantum keys among connected quantum key distribution modules. The quantum key distribution network controller, based on the key manager topology in the quantum relay network, enables the quantum key distribution modules to negotiate and generate random keys, ensuring the secure, stable, efficient, and robust operation of the quantum key distribution modules. The key manager receives and manages the random keys generated by the quantum key distribution modules and relays them to devices requiring keys. The cryptographic management service platform performs routing control and resource scheduling for the quantum cryptographic management service system. The quantum cryptographic management service system interacts with device terminals and the quantum-safe chip. The quantum key filling module fills the quantum key from the quantum key distribution modules into the quantum-safe chip. The quantum-safe chip stores the filled keys.

[0071] Based on the file segmentation processing system, the file segmentation encryption processing method based on quantum key distribution will be described next with reference to Figure 2. Figure 2 is a schematic flowchart of a file segmentation encryption processing method based on quantum key distribution provided in an embodiment of this application.

[0072] S201. Obtain multiple charging keys and the identifier of each charging key from the receiving device through the quantum relay network, and obtain multiple sets of random key information through the quantum relay network. Each set of random key information includes a random key and the identifier of the random key.

[0073] Specifically, the quantum cryptography management service system at the transmitting end and the cryptography management service platform in the quantum relay network send key-filling request information to the receiving end device. This allows the cryptography management service platform to forward multiple key-filling requests received from the receiving end device to the transmitting end device via the quantum cryptography management service system at the transmitting end. The key-filling key is generated by the quantum key filling module, which fills the quantum key into the quantum-safe chip. Each device has multiple key-filling keys. When the number of keys in the quantum-safe chip is less than a preset value, the quantum key distribution module generates a quantum key and sends it to the quantum cryptography management service system. The quantum cryptography management service system then sends the quantum key to the quantum key filling module, which fills the quantum-safe chip with the received quantum key, thus replenishing the key supply.

[0074] It is worth noting that after sending the charging key to the sending device, the receiving device marks the sent charging key as used to prevent other devices from using the same charging key, which could compromise information security.

[0075] Specifically, the random key information is generated randomly in real time by the quantum relay network. As an optional implementation, the transmitting device can store multiple sets of random key information sent by the quantum relay network for use in encrypting multiple data streams separately.

[0076] It is worth mentioning that the quantum relay network can generate multiple random keys and send them to the quantum cryptography management service system at the sending end and the quantum cryptography management service system at the receiving end, respectively, so that the sending and receiving devices can receive the same random key for encryption and decryption.

[0077] S202. The original data is segmented to obtain multiple data to be encrypted, and a target injection key and a target random key are assigned to each data to be encrypted.

[0078] As an optional implementation, the sending device can divide the original data according to the length of the original data and the preset number of segments, so that the number of data to be encrypted is the same as the preset number of segments.

[0079] As another optional implementation, the sending device can divide the original data according to a preset segment length so that the length of the data to be encrypted is the same as the preset segment length.

[0080] Optionally, after the sending device segments the original data, it randomly assigns a target injection key and a target random key to each piece of data to be encrypted. The target injection key is one of multiple injection keys obtained from the receiving device, and the target random key is one of multiple sets of random key information obtained from the quantum relay network.

[0081] S203. For any one of the multiple data to be encrypted, encrypt the data to be encrypted according to the target random key corresponding to the data to be encrypted, and obtain the encrypted data corresponding to the data to be encrypted.

[0082] Specifically, the sending device encrypts each piece of data to be encrypted using the corresponding target random key, resulting in multiple encrypted data.

[0083] S204. Based on the target injection key corresponding to the data to be encrypted, encrypt the identifier of the target random key and the location identifier to obtain the identifier encrypted data, wherein the location identifier is used to identify the position of the data to be encrypted in the original data.

[0084] Specifically, the sending device uses the target injection key corresponding to each piece of data to be encrypted to encrypt the identifier of the target random key and the location identifier, respectively, to obtain multiple identifier encrypted data. The identifier encrypted data can be a string composed of the encrypted identifier of the target random key and the encrypted location identifier.

[0085] Optionally, the location identifier is the relative position of each piece of data to be encrypted within the original data.

[0086] S205. Add the identifier of the encrypted data and the identifier of the target charging key to the encrypted data to obtain the target data corresponding to the data to be encrypted, and send the target data to the receiving device.

[0087] Specifically, after obtaining multiple target data, the quantum cryptography management service system at the sending end sends the target data to the receiving end device through the key manager link. The key manager link is determined by the quantum key distribution network controller based on the identifiers of the quantum key distribution modules at both the sending and receiving ends.

[0088] As an optional implementation, the sending device appends the identifier of the encrypted data and the identifier of the target sufficient key to the encrypted data to obtain the target data corresponding to the data to be encrypted. The data to be encrypted are then concatenated into complete target data, which is then sent to the receiving device.

[0089] As another optional implementation, the sending device adds the identifier of the encrypted data and the identifier of the target sufficient key to the encrypted data to obtain the target data corresponding to the data to be encrypted, and then directly sends the target data corresponding to each data to be encrypted to the receiving device.

[0090] In this embodiment, the transmitting device obtains multiple charging keys from the receiving device and then acquires multiple sets of random key information through a quantum relay network. Since multiple sets of random key information are generated in the quantum relay network, and classical network transmission keys are not used, security is higher. The original data is then segmented into multiple data to be encrypted. Based on the target random key from the multiple random key information, each data to be encrypted is encrypted, and the identifier of each target random key is encrypted using the target charging key. Because this embodiment segments the entire original data and encrypts each data to be encrypted using a different random key, the encryption strength is high, security is strong, and the loss of keys prevents the entire data from being leaked. The identifier of the encrypted target random key and the identifier of the target charging key are added to the encrypted data to obtain the target data, which is then sent to the receiving device. During this process, since the identifier of the random key is encrypted using the receiving device's charging key, the receiving device, upon receiving the target data, decrypts the identifier of the encrypted random key using its own charging key to obtain the identifier of the random key corresponding to the encrypted data. The receiving device then decrypts the encrypted data based on the identifier of the random key, achieving secure data transmission. As can be seen, if the encrypted data is not received by the recipient, the identifier of the random key cannot be obtained, thus making it impossible to obtain a definite random key and decrypt the encrypted data. Therefore, this embodiment simplifies the process while ensuring data security.

[0091] As an optional implementation, the process of adding the identifier of the encrypted data and the identifier of the target injection key to the encrypted data in step S205 to obtain the target data corresponding to the data to be encrypted specifically includes the following steps:

[0092] Optionally, preset delimiter data can be added to the end of the encrypted data.

[0093] Optionally, the preset separator data can be an encrypted identifier used to separate the encrypted data from the identifier encrypted data. Specifically, when the receiving device decrypts the target data, the sending device can determine the encrypted data and the identifier encrypted data based on the preset separator data.

[0094] Optionally, the identifier encrypted data can be appended to the end of the delimiter data to obtain the target data.

[0095] As an optional implementation, the sending device can add preset delimiter data before the header of the encrypted data and add the identifier encrypted data to the header of the delimiter data to obtain the target data.

[0096] In this embodiment, by adding preset separator data to the end of the encrypted data and adding the identifier encrypted data to the end of the separator data, the target data is obtained, which makes it easier to distinguish between the encrypted data and the identifier encrypted data based on the separator data when decrypting the data.

[0097] As an optional implementation, as shown in Figure 3, before step S201 above, i.e., before obtaining multiple charging keys and the identifiers of each charging key from the receiving device through the quantum relay network, the following method steps may also be included. Figure 3 is a flowchart illustrating an authentication method provided in an embodiment of this application.

[0098] S301. Determine the charging key that the quantum key charging module charges into the quantum secure chip of the transmitting device.

[0099] Specifically, the quantum key injection module at the transmitting end injects the quantum key sent by the quantum key distribution module into both the quantum security chip in the transmitting end device and the quantum cryptography management service system at the transmitting end, so that the injection key in the quantum security chip and the injection key in the quantum cryptography management service system are the same, in order to complete identity authentication.

[0100] S302. Obtain user login information.

[0101] It is worth noting that before obtaining user login information, the sending terminal obtains the user information entered by the user when registering or activating the account, and sends the user information to the quantum cryptography management service system for storage. At the same time, the quantum cryptography management service system binds the user information and the quantum security chip.

[0102] For example, user login information may include the user account name and user login password.

[0103] As an optional implementation, the user login information is stored in a quantum-safe chip after it is obtained.

[0104] S303. The quantum-safe chip in the transmitting device performs encrypted calculations on the user login information based on the charging key to obtain authentication information.

[0105] Specifically, the quantum-safe chip in the transmitting device first encrypts the user login information based on the charging key, and then uses the standard hash algorithm of the cryptographic hash function to convert the encrypted information to obtain the encrypted hash value, which is used as the authentication information.

[0106] S304. Send the authentication information to the quantum cryptography management service system so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

[0107] Specifically, the quantum cryptography management service system at the sending end first encrypts the pre-stored user information using the injection key, and then uses a standard hash algorithm to convert the encrypted information to obtain identity comparison information. The received authentication information is then compared with the identity comparison information. If the comparison results match, the authentication result is considered successful; if the comparison results do not match, the authentication result is considered unsuccessful. It is worth noting that if the authentication result is unsuccessful, an authentication failure warning is output, and the execution of steps S201-S205 above is stopped.

[0108] In this embodiment, a charging key and user login information are received. The user login information is encrypted and calculated using the charging key to obtain authentication information, which is then sent to the quantum cryptography management service system. The quantum cryptography management service system then determines identity verification information based on the user information and the pre-charged charging key, and matches the authentication information with the identity verification information to determine the authentication result. This embodiment ensures data security by authenticating the user to guarantee that the data is sent and received correctly.

[0109] Furthermore, the specific process of obtaining multiple charging keys and the identifier of each charging key from the receiving device through the quantum relay network in step S201 above is as follows.

[0110] Optionally, the quantum key distribution module identifier of the receiving end can be obtained from the cryptographic management service platform of the quantum relay network through the quantum cryptographic management service system, and multiple charging keys and the identifiers of each charging key sent by the receiving end device can be received.

[0111] In this quantum relay network, the cryptographic management service platform pre-stores the identifiers of the quantum key distribution modules in each device. Specifically, the transmitting device sends a node identifier request to the cryptographic management service platform through its quantum cryptographic management service system. The cryptographic management service platform then retrieves the identifier of the receiving device's quantum key distribution module from its database based on the node identifier request and sends the identifier to the transmitting device.

[0112] In this embodiment, the quantum key distribution module identifier, multiple charging keys, and the identifier of each charging key are obtained from the cryptographic management service platform of the quantum relay network through the quantum cryptographic management service system, thereby uniformly processing the identifier of the quantum key distribution module, the charging keys, and the identifier of each charging key.

[0113] Furthermore, based on the above-described step of obtaining the identifier of the quantum key distribution module at the receiving end, the specific steps in step S201 of obtaining multiple sets of random key information through the quantum repeater network are as follows:

[0114] Optionally, the identifiers of the quantum key distribution module at the transmitting end and the quantum key distribution module at the receiving end are sent to the quantum key distribution network controller of the quantum relay network, so that the quantum key distribution network controller can determine multiple sets of random key information based on the identifiers of the quantum key distribution module at the transmitting end, the identifiers of the quantum key distribution module at the receiving end, and the key manager topology link in the quantum relay network.

[0115] Specifically, the transmitting device sends the identifiers of its quantum key distribution module and the receiving device's quantum key distribution module to the quantum key distribution network controller of the quantum relay network. The quantum key distribution network controller first determines the key manager relay link based on the identifiers of the transmitting and receiving quantum key distribution modules, and then negotiates and determines multiple sets of random key information based on the key manager relay link.

[0116] Among them, the key manager relay link is a link from the sending end to the receiving end, determined based on the key manager topology link.

[0117] For example, Figure 4 is a schematic diagram of the structure of a key manager relay link in a quantum relay network provided in an embodiment of this application. As shown in Figure 4, the quantum relay network includes five key managers and five corresponding quantum key distribution modules. Key manager 1 is connected to key managers 2, 3, 4, and 5, key manager 2 is connected to key manager 5, key manager 4 is connected to key manager 5, key manager 3 is connected to the key manager at the transmitting end, and key manager 5 is connected to the key manager at the receiving end. The key manager relay link can be: key manager at the transmitting end - key manager 3 - key manager 1 - key manager 4 - key manager 5 - key manager at the receiving end. Random key information is determined based on the key manager relay link and the quantum key distribution module corresponding to the key manager in the link. In this embodiment, the transmitting device sends the identifiers of the quantum key distribution module at the transmitting end and the quantum key distribution module at the receiving end to the quantum key distribution network controller of the quantum relay network, so that the quantum key distribution network controller can determine multiple random key information, thereby obtaining multiple random keys to encrypt the data to be encrypted. Because the random key is determined based on the key manager's topology link, it is highly secure and cannot be copied.

[0118] After introducing how the transmitting device performs file segment encryption based on quantum key distribution, the following describes how the receiving device performs file segment decryption based on quantum key distribution, with reference to Figure 5. Figure 5 is a flowchart illustrating a file segment decryption method based on quantum key distribution provided in an embodiment of this application. Optionally, the file segment decryption method based on quantum key distribution can be applied to the receiving device.

[0119] S501. Send multiple charging keys and the identifiers of each charging key to the transmitter through the quantum relay network, and obtain multiple sets of random key information through the quantum relay network.

[0120] Specifically, the receiving device receives the key recharge request information sent by the sending device through the password management service platform, and sends multiple recharge keys and recharge key identifiers to the password management service platform, so that the password management service platform sends multiple recharge keys and the identifiers of each recharge key to the sending device.

[0121] Optionally, after obtaining the identifier of the quantum key distribution module at the receiving end from the cryptographic management service platform, the transmitting device determines multiple sets of random key information based on the identifiers of the transmitting and receiving quantum key distribution modules and the key manager topology links in the quantum relay network through the quantum key distribution network controller. The quantum key distribution network controller then sends the multiple sets of random key information to the key managers at both the transmitting and receiving ends. Upon receiving the multiple sets of random key information, the receiving key manager sends the random key information to the receiving device through the quantum cryptographic management service system.

[0122] S502. Receive multiple target data from the sending device. Each target data includes: encrypted data, identifier encrypted data, and identifier of the target injection key. The identifier encrypted data includes: the encryption result of the identifier of the target random key corresponding to the encrypted data, and the encryption result of the location identifier. The location identifier is used to identify the position of the data to be encrypted corresponding to the encrypted data in the original data.

[0123] Optionally, the receiving device receives multiple target data from the receiving key manager.

[0124] S503. Obtain the charging key for each target based on the identifier of each target charging key.

[0125] Optionally, the receiving terminal retrieves the target charging key from a pre-stored quantum-safe chip based on the identifier of each target charging key.

[0126] S504. Based on the charging key for each target and the encrypted data for each identifier, decrypt the encrypted data to obtain the data to be encrypted and the location identifier of the data to be encrypted.

[0127] Specifically, the receiving terminal decrypts the encrypted data based on the target charging key to obtain the identifier of the target random key and the location identifier. Then, it decrypts the encrypted data based on the identifier of the target random key to obtain the data to be encrypted corresponding to the encrypted data.

[0128] S505. Based on the data to be encrypted and the location identifier corresponding to each encrypted data, the original data is obtained by splicing them together.

[0129] Optionally, the receiving terminal concatenates the data to be encrypted according to the data to be encrypted corresponding to each encrypted data and the location identifier to obtain the original data.

[0130] Optionally, after receiving the raw data, the receiving device deletes multiple refill keys marked with a used identifier.

[0131] In this embodiment, multiple charging keys and their identifiers are sent to the transmitting end via a quantum relay network, and multiple sets of random key information are obtained through the quantum relay network. Since multiple sets of random key information are generated within the quantum relay network, classical network transmission keys are not used, thus enhancing security. Multiple target data are received, and each target charging key is obtained based on its identifier. If a non-receiving device receives the target data, it cannot obtain the target charging key from its representation, thereby improving data security. The encrypted data is decrypted based on the target charging keys and the encrypted data of each identifier, yielding the data to be encrypted and its location identifier. The data to be encrypted is then concatenated based on the location identifier to obtain the original data. In this embodiment, by segmenting the original data, encrypting it, and then decrypting and concatenating the encrypted segments, data security is improved.

[0132] Further, referring to Figure 6, the specific steps in step S504 above, which involve decrypting the encrypted data based on the target injection key and the encrypted data of each identifier to obtain the data to be encrypted and the location identifier of the data to be encrypted, will be described. Figure 6 is a flowchart illustrating a process for determining the data to be encrypted and its location identifier according to an embodiment of this application.

[0133] S601. Based on the target filling key, decrypt the identifier encrypted data to obtain the identifier of the target random key and the location identifier.

[0134] As an optional implementation, the encrypted target random key identifier and the encrypted position identifier can have different formats, allowing them to be decrypted using the target injection key. The format difference can be that the encrypted target random key identifier consists entirely of numbers, while the encrypted position identifier consists entirely of letters. Alternatively, the encrypted target random key identifier can end with a preset separator.

[0135] S602. Obtain the target random key based on the identifier of the target random key.

[0136] Optionally, since the quantum cryptography management service system pre-stores multiple sets of random key information, the receiving terminal can determine the target random key by the identifier of the target random key and the multiple sets of pre-stored random key information.

[0137] S603. Decrypt the encrypted data according to the target random key to obtain the data to be encrypted.

[0138] Specifically, the encrypted data can be followed by preset delimited data. The data before the preset delimited data is decrypted according to the target random key to obtain the data to be encrypted.

[0139] In this embodiment, the identifier encrypted data is parsed according to the target injection key to obtain the identifier of the target random key and the location identifier. The encrypted data is then decrypted using the target random key corresponding to the identifier of the target random key to obtain the data to be encrypted. In this process, using the injection key of the receiving end to encrypt the identifier of the target random key ensures that only the receiving end device can decrypt it to obtain the identifier of the target random key, thereby obtaining the original data. This improves data security and simplifies the encryption and decryption process.

[0140] As an optional implementation, as shown in Figure 7, before step S501 above, i.e., before sending multiple charging keys and the identifiers of each charging key to the transmitting device through the quantum relay network, the following method steps may also be included. Figure 7 is a flowchart illustrating another authentication method provided in an embodiment of this application.

[0141] S701. Determine the charging key that the quantum key charging module charges into the quantum secure chip of the receiving device.

[0142] Specifically, the quantum key injection module at the receiving end injects the quantum key sent by the quantum key distribution module into both the quantum security chip in the receiving device and the quantum cryptography management service system at the receiving end, so that the injection key in the quantum security chip and the injection key in the quantum cryptography management service system are the same, in order to complete the identity authentication.

[0143] S702, Obtain user login information.

[0144] It is worth noting that before obtaining user login information, the receiving terminal obtains the user information entered by the user when registering or activating the account, and stores the user information in the quantum cryptography management service system. At the same time, the quantum cryptography management service system binds the user information and the quantum security chip.

[0145] For example, user login information may include the user account name and user login password.

[0146] As an optional implementation, the user login information is stored in a quantum-safe chip after it is obtained.

[0147] The S703 receiver device's quantum-safe chip performs encryption calculations on the user login information based on the charging key to obtain authentication information.

[0148] Specifically, the quantum-safe chip in the receiving device first encrypts the user login information based on the charging key, and then uses the standard hash algorithm of the cryptographic hash function to convert the encrypted information to obtain the encrypted hash value, which is used as the authentication information.

[0149] S704. Send the authentication information to the quantum cryptography management service system so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

[0150] Specifically, the quantum cryptography management service system at the receiving end first encrypts the pre-stored user information using the charging key, and then uses a standard hash algorithm to convert the encrypted information to obtain identity comparison information. The received authentication information is then compared with the identity comparison information. If the comparison results match, the authentication result is considered successful; if the comparison results do not match, the authentication result is considered unsuccessful. It is worth noting that if the authentication result is unsuccessful, an authentication failure warning is output, and the execution of steps S501-S505 above is stopped.

[0151] In this embodiment, a charging key and user login information are received. The user login information is encrypted and calculated using the charging key to obtain authentication information, which is then sent to the quantum cryptography management service system. The quantum cryptography management service system then determines identity verification information based on the user information and the pre-charged charging key, and matches the authentication information with the identity verification information to determine the authentication result. This embodiment ensures data security by authenticating the user to guarantee that the data is sent and received correctly.

[0152] As an optional implementation, the specific process of concatenating the original data according to the data to be encrypted and the position identifier corresponding to each encrypted data in step S505 above includes:

[0153] Optionally, the concatenation order of each piece of data to be encrypted can be determined based on the position data of each piece of data to be encrypted;

[0154] Optionally, the data to be encrypted can be merged according to the splicing order to obtain the original data.

[0155] The order in which the data to be encrypted is concatenated can be the order in which the data to be encrypted is arranged in the original data.

[0156] In this embodiment, the splicing order of each piece of data to be encrypted is determined based on the position data of each piece of data to be encrypted, and the original data is obtained by merging each piece of data to be encrypted according to the splicing order, thereby obtaining the complete data sent by the sending device to complete the data transmission.

[0157] As an optional implementation, Figure 8 is a schematic flowchart of a file segmentation processing method based on quantum key distribution provided in an embodiment of this application. As shown in Figure 8, the file segmentation processing method will be described in general below.

[0158] Both the transmitting and receiving devices undergo pre-authentication to ensure the integrity and confidentiality of user identities. Upon successful authentication, the transmitting device obtains the identifier of the receiving device's quantum key distribution module from the cryptographic management service platform within the quantum relay network via its quantum cryptographic management service system. It then sends a key-adding request to the receiving device through the cryptographic management service platform. The receiving device, based on this request, sends multiple key-adding requests and their identifiers back to the transmitting device through the cryptographic management service platform, marking these keys as already used. The transmitting device, using the identifiers of both its own and the receiving device's quantum key distribution modules, obtains multiple random key information from the quantum key distribution network controller within the quantum relay network. The receiving device obtains the same multiple random key information from its quantum cryptographic management service system and its key manager.

[0159] The sending device segments the original data to obtain multiple data segments to be encrypted. It assigns a target annotation key and a target random key to each segment. For any segment of the data to be encrypted, the sending device encrypts it using the target random key, resulting in encrypted data. Then, based on the target injection key, it encrypts the identifier and location identifier of the target random key to obtain identifier encrypted data. This identifier encrypted data and the identifier of the target injection key are added to the encrypted data to obtain the target data corresponding to the data to be encrypted, which is then sent to the receiving device.

[0160] The receiving device receives multiple target data from the sending end, obtains each target charging key based on the identifier of each target charging key, decrypts the identifier encrypted data based on each target charging key to obtain multiple random key identifiers and location identifiers, determines multiple target random keys based on the identifiers of the multiple random keys, decrypts the encrypted data using the target random keys to obtain the data to be encrypted corresponding to the encrypted data, and concatenates the data to be encrypted and the location identifiers to obtain the original data.

[0161] This application also provides a file segmentation processing system, which includes a sending device, a receiving device, and a quantum relay network.

[0162] The sending device is configured to perform the steps of the file segment encryption processing method based on quantum key distribution, and the receiving device is configured to perform the steps of the file segment decryption processing method based on quantum key distribution.

[0163] This application also provides an electronic device, as shown in FIG9, which is a schematic diagram of the structure of an electronic device provided in this application embodiment, including: a processor 901, a memory 902, and a bus. The memory 902 stores machine-readable instructions executable by the processor 901. When the computer device is running, the processor 901 and the memory 902 communicate via the bus. The machine-readable instructions are executed by the processor 901 to perform steps of a file segmentation encryption processing method based on quantum key distribution, and the receiving device is used to execute steps of a file segmentation decryption processing method based on quantum key distribution.

[0164] This application also provides a computer-readable storage medium storing a computer program that is executed by a processor to perform steps of a file segmentation encryption method based on quantum key distribution. A receiving device is used to perform steps of a file segmentation decryption method based on quantum key distribution.

[0165] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems and devices described above can be referred to the corresponding processes in the method embodiments, and will not be repeated here. In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. Furthermore, multiple modules or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the displayed or discussed mutual coupling or direct coupling or communication connection can be through some communication interfaces; the indirect coupling or communication connection of devices or modules can be electrical, mechanical, or other forms.

[0166] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. If the functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0167] The above are merely specific embodiments of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Industrial applicability

[0168] The file segmentation encryption method based on quantum key distribution described above obtains multiple charging keys from the receiving device through the sending device, and then acquires multiple sets of random key information through a quantum relay network. Since multiple sets of random key information are generated in the quantum relay network, and classical network transmission keys are not used, security is higher. The original data is then segmented into multiple data to be encrypted. Each data to be encrypted is encrypted based on a target random key from the multiple random key information, and the identifier of each target random key is encrypted using the target charging key. Because this embodiment segments the entire original data and encrypts each data to be encrypted using a different random key, the encryption strength is high, security is strong, and the loss of keys prevents the entire data from being leaked. The identifier of the encrypted target random key and the identifier of the target charging key are added to the encrypted data to obtain the target data, which is then sent to the receiving device. In this process, the identifier of the random key is encrypted using the charging key of the receiving device. After receiving the target data, the receiving device decrypts the identifier of the encrypted random key using its own charging key, thereby obtaining the identifier of the random key corresponding to the encrypted data. It then decrypts the encrypted data based on the identifier of the random key, achieving secure data transmission. It is evident that if the receiving party is not the one receiving the encrypted data, the identifier of the random key cannot be obtained, thus preventing the determination of the specific random key and the decryption of the encrypted data. Therefore, this embodiment simplifies the process and improves transmission efficiency while ensuring data security.

Claims

1. A file segmentation encryption method based on quantum key distribution, characterized in that, A sending device applied to a file segmentation processing system; the method includes: Multiple charging keys and their identifiers are obtained from the receiving device through a quantum relay network, and multiple sets of random key information are obtained through the quantum relay network. Each set of random key information includes a random key and its identifier. The original data is segmented to obtain multiple data to be encrypted, and a target injection key and a target random key are assigned to each data to be encrypted. For any one of the plurality of data to be encrypted, the data to be encrypted is encrypted according to the target random key corresponding to the data to be encrypted, so as to obtain the encrypted data corresponding to the data to be encrypted. Based on the target injection key corresponding to the data to be encrypted, the identifier and location identifier of the target random key are encrypted to obtain the identifier encrypted data, wherein the location identifier is used to identify the position of the data to be encrypted in the original data; The identifier encrypted data and the identifier of the target charging key are added to the encrypted data to obtain the target data corresponding to the data to be encrypted, and the target data is sent to the receiving device.

2. The file segmentation encryption method based on quantum key distribution according to claim 1, characterized in that, The step of adding the identifier encrypted data and the identifier of the target injection key to the encrypted data to obtain the target data corresponding to the data to be encrypted includes: Add preset separator data to the end of the encrypted data; The encrypted identifier data is appended to the end of the delimiter data to obtain the target data.

3. The file segmentation encryption method based on quantum key distribution according to claim 1, characterized in that, Before obtaining multiple charging keys and the identifiers of each charging key from the receiving device via a quantum relay network, the method further includes: Determine the charging key that the quantum key charging module charges into the quantum-safe chip of the transmitting device; Obtain user login information; The quantum-safe chip in the transmitting device performs encryption calculations on the user login information based on the charging key to obtain authentication information; The authentication information is sent to the quantum cryptography management service system, so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

4. The file segmentation encryption method based on quantum key distribution according to claim 1, characterized in that, The process of obtaining multiple charging keys and the identifier of each charging key from the receiving device via a quantum relay network includes: The quantum cryptography management service system obtains the identifier of the quantum key distribution module of the receiving end from the cryptography management service platform of the quantum relay network, and receives multiple charging keys and the identifier of each charging key sent by the receiving end device.

5. The file segmentation encryption method based on quantum key distribution according to claim 4, characterized in that, The process of obtaining multiple sets of random key information through the quantum relay network includes: The identifiers of the quantum key distribution modules at the transmitting end and the receiving end are sent to the quantum key distribution network controller of the quantum relay network, so that the quantum key distribution network controller can determine the multiple sets of random key information based on the identifiers of the quantum key distribution modules at the transmitting end, the receiving end, and the key manager topology link in the quantum relay network.

6. A file segmentation encryption method based on quantum key distribution, characterized in that, A receiving device applied to a file segmentation encryption system, the method comprising: Multiple charging keys and their identifiers are sent to the transmitting device via a quantum relay network, and multiple sets of random key information are obtained through the quantum relay network. Receive multiple target data from the sending device. Each target data includes: encrypted data, identifier encrypted data, and identifier of the target injection key. The identifier encrypted data includes: the encryption result of the identifier of the target random key corresponding to the encrypted data, and the encryption result of the location identifier. The location identifier is used to identify the position of the data to be encrypted corresponding to the encrypted data in the original data. Based on the identifier of each target injection key, obtain each target injection key; Based on each of the target injection keys and each of the identifier encryption data, the encrypted data is decrypted to obtain the data to be encrypted and the location identifier of the data to be encrypted corresponding to the encrypted data. The original data is obtained by splicing together the data to be encrypted and the location identifier corresponding to each encrypted data.

7. The file segmentation and decryption processing method based on quantum key distribution according to claim 6, characterized in that, The step of decrypting the encrypted data according to each of the target injection keys and each of the identifier encryption data to obtain the data to be encrypted and the location identifier of the data to be encrypted corresponding to the encrypted data includes: Based on the target injection key, the encrypted identifier data is decrypted to obtain the identifier of the target random key and the location identifier; Obtain the target random key based on the identifier of the target random key; The encrypted data is decrypted using the target random key to obtain the data to be encrypted.

8. The file segmentation and decryption method based on quantum key distribution according to claim 6, characterized in that, Before transmitting multiple charging keys and identifiers of each charging key to the transmitting device via the quantum relay network, the method further includes: Determine the charging key that the quantum key charging module charges into the quantum-safe chip of the receiving device; Obtain user login information; The quantum security chip in the receiving device performs encryption calculations on the user login information based on the charging key to obtain authentication information; The authentication information is sent to the quantum cryptography management service system, so that the quantum cryptography management service system can determine the identity comparison information based on the pre-stored user information and the pre-filled filling key, and match the authentication information based on the identity comparison information to determine the identity authentication result.

9. The file segmentation and decryption method based on quantum key distribution according to claim 6, characterized in that, The step of concatenating the original data based on the data to be encrypted corresponding to each of the encrypted data and the location identifier includes: The concatenation order of each piece of data to be encrypted is determined based on the position data of each piece of data to be encrypted; The original data is obtained by merging the data to be encrypted according to the splicing order.

10. A file segmentation processing system, characterized in that, The system includes transmitting devices, receiving devices, and a quantum relay network; The transmitting device is configured to perform the steps of the file segment encryption processing method based on quantum key distribution as described in any one of claims 1-5, and the receiving device is configured to perform the steps of the file segment decryption processing method based on quantum key distribution as described in any one of claims 6-9.

11. An electronic device, characterized in that, include: The electronic device includes a processor and a memory, the memory storing machine-readable instructions executable by the processor. When the electronic device is in operation, the processor executes the machine-readable instructions to perform the steps of the file segmentation encryption method based on quantum key distribution as described in any one of claims 1 to 5, or to perform the steps of the file segmentation decryption method based on quantum key distribution as described in any one of claims 6 to 9.

12. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, performs the steps of the file segmentation encryption method based on quantum key distribution as described in any one of claims 1 to 5, or the steps of the file segmentation decryption method based on quantum key distribution as described in any one of claims 6 to 9.