AU2020102953A4 - Method and device of secret-key provisioning - Google Patents

Method and device of secret-key provisioning Download PDF

Info

Publication number
AU2020102953A4
AU2020102953A4 AU2020102953A AU2020102953A AU2020102953A4 AU 2020102953 A4 AU2020102953 A4 AU 2020102953A4 AU 2020102953 A AU2020102953 A AU 2020102953A AU 2020102953 A AU2020102953 A AU 2020102953A AU 2020102953 A4 AU2020102953 A4 AU 2020102953A4
Authority
AU
Australia
Prior art keywords
key request
key
secret
skp
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2020102953A
Inventor
Xinyi He
Yajie LI
Hua Wang
Xiaosong YU
Jie Zhang
Yongli Zhao
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to AU2020102953A priority Critical patent/AU2020102953A4/en
Application granted granted Critical
Publication of AU2020102953A4 publication Critical patent/AU2020102953A4/en
Ceased legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0227Operation, administration, maintenance or provisioning [OAMP] of WDM networks, e.g. media access, routing or wavelength allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/62Wavelength based
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Optics & Photonics (AREA)
  • Small-Scale Networks (AREA)

Abstract

Disclosed is a secret-key provisioning(SKP) method and device based on an optical line terminal (OLT), which can generate an SKP queue according to key requests received, generate at least one secret-key according to the SKP queue; and store the at least one 5 secret-key in key pools (KPs) of corresponding ONUs. A non-transitory computer-readable storage medium is also disclosed. 1/5 F-1-1ONU1l OLT ONU2 1|2 |3 |4 |2 ONU3 FIG. 1 ONU1 thO~gnraescrtkesO rdntohTqee 3082 ONU3 FTraGsmitter FIG. 2 when an ONU receives a user request, it checks the status of -302 KP to determine whether to send a key request the ONU sends a key request to the OLT when it determines 304 to send a key request the OLT generates an SKP queue based on key requests __306 received from ONUs the OLT generates secret-keys according to the SKP queue, 30 and store the secret-keys in KPs of ONUs FIG. 3

Description

1/5 F-1-1ONU1l OLT ONU2 1|2 |3 |4 |2
ONU3
FIG. 1
ONU1
ONU3 FTraGsmit er
FIG. 2
thO~gnraescrtkesO rdntohTqee 3082 when an ONU receives a user request, it checks the status of -302 KP to determine whether to send a key request
the ONU sends a key request to the OLT when it determines 304 to send a key request
the OLT generates an SKP queue based on key requests __306 received from ONUs
the OLT generates secret-keys according to the SKP queue, 30 and store the secret-keys in KPs of ONUs
FIG. 3
METHOD AND DEVICE OF SECRET-KEY PROVISIONING TECHNICAL FIELD
[0001] The disclosure relates to communication technology, in particular to a method and a
device of secret-key provisioning (SKP) among a plurality of users.
BACKGROUND
[0002] Data traffic in access networks may be provided through metro networks and core
networks to the other access networks in practical area. However, with the development of
network technologies, communication data between final users becomes more and more
sensitive, thus the security requirements become much higher. Quantum Key Distribution
(QKD) can provide theoretical-secure keys for final users or customers. Motivated by this,
various schemes were developed to integrate QKD in traditional access networks to guarantee
the secure communication of multiple final users. Referred by existing studies, the integration
of QKD in traditional access networks can be called QKD-secured access network (QAN).
[0003] Traditional access network always manages and controls final user requests through
local optical line terminal (OLT). While great pressure on communication security will
strongly challenge the process of application aggregation and data broadcasting in traditional
access networks. The integration of QKD in traditional access networks (also called QAN)
can generate and provide secret-keys for the data transmission between OLT and Optical
Network Units (ONUs). However, the volume of secret-keys generated by real-time QKD
cannot fully serve the requirements of final user. Therefore, an efficient and flexible way to
provide secret-keys is important for multi-users in QAN.
SUMMARY
[0004] Examples of the present disclosure provide a method and a device of SKP for users,
to provide secret-keys for multiple users in an efficient and flexible way.
[0005] According to some examples of the present disclosure, the method of SKP for users may include: generating an SKP queue according to at least one key request received; generating at least one secret-key according to the SKP queue; and storing the at least one secret-key in key pools (KPs) in the side of corresponding ONUs.
[0006] According to some examples of the present disclosure, a key request may include the
source node of the key request, the destination node of the key request, the quantity of
secret-keys required, and the level of a corresponding user request.
[0007] According to some examples of the present disclosure, generating an SKP queue
according to at least one key request received may further include: determining the level of
each key request according to the level of the corresponding user request and whether the key
request can be paired with another key request; generating the SKP queue according to the
level of each key request; and obtaining the quantity of secret-keys to be provisioned for each
key request.
[0008] According to some examples of the present disclosure, obtaining the quantity of
secret-keys to be provisioned for each key request may include: for each key request,
determining the quantity of keys in the KP in the ONU which sends the key request, and
determining the quantity of secret-keys to be provisioned according to the difference between
the quantity of secret-keys required and the quantity of secret-keys in the KP.
[0009] According to some examples of the present disclosure, generating at least one
secret-key according to the SKP queue may include: generating a key request period for each
key request according to the quantity of secret-keys to be provisioned; configuring an SKP
period according to the SKP queue and the key request period of each key request; and
generating at least one secret-key according to the SKP queue in the SKP period.
[00010] According to some examples of the present disclosure, generating a key request
period for each key request according to the quantity of secret-keys to be provisioned may
include: generating a key request pair when any two key requests with a high level can be
paired, adding the quantity of keys required by the two key requests of each key request pair
and taking the summation as the quantity of secret-keys required by the key request pair;
determining the quantity of secret-keys that can be generated in one time slot; calculating the
quantity of time slots required by each key request according to the ratio of the quantity of
secret-keys to be provisioned for each key request and the quantity of secret-keys that can be generated in one time slot; and generating a key request period for each key request according to the quantity of time slots required by the key request.
[00011] According to some examples of the present disclosure, configuring an SKP period
according to the SKP queue and the key request period of each key request may include:
determining the quantity of time slots required by all the key requests; extracting time slots
according to the quantity determined; dividing the time slots exacted according to the order of
the key requests in the key request queue and the key request period of each key request; and
allocating the time slots divided to each key request.
[00012] According to some examples of the present disclosure, generating at least one
secret-key according to the SKP queue in the SKP period may include: generating secret-keys
for each key requestin the time slots allocated to the key request.
[00013] According to some examples of the present disclosure, the method may further
include: when a secured communication between a source node and a destination node starts,
taking, by the source node, a secret-key from the KP configured in the source node to encrypt
the data; and taking, by the destination node, the secret-key from the KP configured in the
destination node to decrypt the data encrypted.
[00014] According to some examples of the present disclosure, the method may further
include: inquiring whether any key request needs to be updated; when a key request needs to
be updated, receiving an updated key request; and when there is no key request needs to be
updated, deleting the allocation of the time slots in the next SKP period.
[00015] According to some examples of the present disclosure, the key request is received
from an ONU when the ONU detects that the quantity of secret-keys in the KP is less than the
SKP threshold of the KP.
[00016] According to some examples of the present disclosure, the method of SKP for final
users may include: sending, by each of multiple ONUs, a key request to an OLT when the
ONU receives a user request; generating, by the OLT, an SKP queue according to key
requests received from the multiple ONUs; generating, by the OLT, secret-keys according to
the SKP queue; and storing, by the OLT, the secret-keys in key pools KPs in the side of
corresponding ONUs.
[00017] According to some examples of the present disclosure, the method of SKP may
'I further include: inquiring, by the OLT, whether any key request needs to be updated; when a key request needs to be updated, sending, by the ONU, an updated key request to the OLT; and when there is no key request needs to be updated, deleting, by the OLT, the allocation of the time slots in the next SKP period.
[00018] According to some examples of the present disclosure, the method of SKP may
further include: checking, by the ONU, the quantity of secret-keys in the KP after receiving a
user request; determining, by the ONU, to send the key request to the OLT when the quantity
of secret-keys in the KP is less than an SKP threshold of the KP.
[00019] According to some examples of the present disclosure, the device of SKP may
include: one or more processors, one or more memories, and a communication bus
configured to couple the one or more processors and the one or more memories; wherein the
one or more memories store one or more instructions, and when executed by the one or more
processors, the instructions cause the one or more processors to perform the above method.
[00020] According to the method and device of SKP of the present disclosure, after receiving
a plurality of key requests, an SKP queue may be generated according to the level of each key
request received. Then, secret-keys may be generated according to the SKP queue, and stored
in KPs in the side of corresponding ONUs. Finally, data may be encrypted/decrypted using
the secret-key generated. Since the SKP queue is generated according to the level of each key
request and secret-keys are generated according to the key request queue, not only a real-time
SKP can be realized, but also the requirements on security of ONUs can be served. Moreover,
a flexible SKP in the QAN can be realized by matching the time slots in the QAN and the
requirements on secret-keys of the ONUs.
[00021] Furthermore, according to the present disclosure, the SKP queue is obtained by
sorting the key requests according to the level of each key request. Therefore, a key request
with a higher level will have a higher priority of getting the secret-keys, thus the efficiency of
secret-key resources distribution can be improved.
BRIEF DESCRIPTION OF THE DRAWINGS
[00022] FIG. 1 is a schematic diagram illustrating the connections between OLT and ONUs
A in traditional access networks.
[00023] FIG. 2 is a schematic diagram illustrating the deployment of QKD devices in the QAN according to examples of the present disclosure.
[00024] FIG. 3 is a flowchart illustrating the process of the SKP method according to examples of the present disclosure.
[00025] FIG. 4 is a flowchart illustrating the process of step 302 in the SKP method according to examples of the present disclosure.
[00026] FIG. 5 is a flowchart illustrating the process of step 306 in the SKP method according to examples of the present disclosure.
[00027] FIG. 6 is a flowchart illustrating the process of step 308 in the SKP method according to examples of the present disclosure.
[00028] FIG. 7 is a flowchart illustrating the process of the SKP method according to some other examples of the present disclosure.
[00029] FIG. 8 is a schematic diagram illustrating the SKP period used in the SKP method in a QAN according examples of the present disclosure.
[00030] FIG. 9 is a schematic diagram illustrating the structure of an SKP device according to examples of the present disclosure.
DETAILED DESCRIPTION
[00031] More particular description of the disclosure will be rendered by reference to specific examples which are illustrated in the appended drawings.
[00032] FIG. 1 is a schematic diagram illustrating the connections between OLT and ONUs in traditional access networks. As shown in FIG. 1, OLT is the crucial component of a traditional access network, which has the functions of service convergence, service security management, network configuration management and so on. As the types of services required by final users are exploring, the OLT needs to control and manage multiple ONUs. The OLT needs to collect user requests from the ONUs, forward the user requests to a superior network, and broadcast data obtained to all the ONUs, thereby data management and data control between the OLT and the ONUs can be realized.
[00033] FIG. 2 is a schematic diagram illustrating the deployment of QKD devices in the QAN according to examples of the present disclosure. According to FIG.2, to serve the security requirements of data transmissions between the OLT and the ONUs, a QKD receiver may be arranged at the OLT, and a QKD transmitter may be arranged at each of the ONUs. In order to provide a secret-key to an ONU quickly, a KP need to be arranged at each QKD transmitter and each QKD receiver. A KP is used for storing the secret-keys generated. Meanwhile, in order to facilitate the generation of secret-keys among ONUs and save the cost at the same time, a trusted/quantum relay may be placed together with the QKD device at the OLT. As shown in FIG. 2, the QKD transmitter arranged at ONU1 and the QKD receiver arranged at the OLT may perform a QKD process through an optical fiber using technologies such as wavelength division multiplexing (WDM) or Time Division Multiplexing (TDM) to generate a secret-key between ONU1 and the OLT, and then the trusted/quantum relay located at the OLT may generate secret-keys between the ONUs. And these secret-keys generated may be stored in the KPs in both sides of the QKD transmitter and the QKD receiver.
[00034] It should be noted that FIG. 2 shows only one possible deployment of QKD devices. According to some other examples of the present disclosure, it is also possible to arrange a QKD transmitter at the OLT and arrange a QKD receiver at each of the ONUs. Alternatively, it is also possible to arrange both a QKD transmitter and a QKD receiver at the OLT and arrange both a QKD receiver and a QKD transmitter at each of the ONUs. It should be noted, in all these different deployments of the QKD devices, secret-keys can be generated between the OLT and each of the ONUs. The differences among the above deployments of the QKD devices would make no influence on the SKP method and the SKP device provided by the present disclosure. In addition, either WDM or TDM may be adopted by the QKD process implemented between the OLT and each of the ONUs.
[00035] FIG. 3 is a flowchart illustrating the process of the SKP method according to examples of the present disclosure. The method may be implemented by the OLT and the ONUs. To achieve an on-demand SKP, a KP is set at each of the ONUs for caching the secret-keys generated. According to examples of the present disclosure, an ONU may also be referred to as a final user end or a final user. The KP corresponding to an ONU can be called as a final user end KP.
[00036] As shown in FIG. 3, the method may include:
[00037] In step 302, when an ONU receives a user request, it may check the status of the KP
to determine whether to send a key request.
[00038] According to examples of the present disclosure, after receiving a user request, the
ONU may further record the level of the user request. Wherein, the level of the user request
may be a high level ora low level.
[00039] According to examples of the present disclosure, the step of the ONU determining
whether to send a key request may include the following steps.
[00040] First, the ONU checks the quantity of secret-keys in the KP. Then, the ONU
determines whether the quantity of secret-keys in the KP is less than an SKP threshold of the
KP. Finally, if the quantity of secret-keys in the KP is less than the SKP threshold of the KP,
the ONU determines to send a key request; or otherwise, the ONU determines not to send a
key request. Then the ONU may continue to receive other user requests.
[00041] In step 304, the ONU may send a key request to the OLT when it determines to send
a key request.
[00042] According to examples of the present disclosure, the key request may include the
source node (the source ONU) of the key request, the destination node (the destination ONU)
of the key request, the quantity of secret-keys required, and the level of a user request
corresponding to the key request.
[00043] According to examples of the present disclosure, before sending a key request to the
OLT, the ONU may further obtain the status of the QKD device deployed. If the QKD device
is idle, the ONU may mark the QKD device as in an occupied state and then send the key
request; or otherwise, the ONU may wait until the QKD device is idle and then send the key
request.
[00044] In step 306, the OLT may generate an SKP queue based on one or more key requests
received from the ONUs.
[00045] According to examples of the present disclosure, in the above step 306, the OLT may
first obtain the source node and the destination node of each key request, the quantity of
secret-keys required by each key request, and the level of user request corresponding to each
'7 key request. Then, the OLT may determine the level of each key request according to the level of its corresponding user request and whether the key request can be paired with another key request. Further, the OLT may generate an SKP queue according to the level of each key request. At last, the OLT may obtain the quantity of secret-keys to be provisioned for each key request according to the quantity of secret-keys required by each key request.
[00046] According to examples of the present disclosure, in the above step 306, the OLT may
further generate a key request period for each key request according to the quantity of
secret-keys to be provisioned for each key request; and then configure an SKP period
according to the SKP queue and the key request period of each key request.
[00047] In step 308, the OLT may generate secret-keys according to the SKP queue, and
store the secret-keys in KPs of ONUs corresponding to each key request.
[00048] According to examples of the present disclosure, in the above step 308, the OLT may
trigger the QKD device at its side to generate secret-keys with corresponding QKD devices at
ONUs according to the SKP queue.
[00049] After performing the above step 308, the process of SKP is completed.
[00050] After the process of SKP is completed, when a communication between any two of
the ONUs starts, the source node (the source ONU) may take a secret-key from its KP to
encrypt the data and the destination node (the destination ONU) may take the same secret-key
from its KP to decrypt the data encrypted by the source node.
[00051] Further, according to examples of the present disclosure, the OLT may further
broadcast to the ONUs to inquire whether an SKP is still needed. When an ONU determined
that the secret-keys in its KP is still not enough, the ONU may send a new key request to the
OLT. Then OLT may receive at least one new key request and return to the above step 306 to
allocate secret-keys according to the at least one new key request received. When there is no
key request received, the OLT may delete the allocation of time slots in the next SKP period.
[00052] FIG. 4 is a flowchart illustrating the process of the above step 302 in the SKP
method according to examples of the present disclosure.
[00053] As shown in FIG.4, the process of the above step 302 may include:
[00054] In step 402, after receiving a user request, the ONU may detect the quantity of
secret-keys in the KP and the SKP threshold of the KP. The ONU may also record the level of
Q the user request received.
[00055] According to examples of the present disclosure, the ONU may also detect the capacity of the KP.
[00056] According to examples of the present disclosure, the SKP threshold of the KP may be used for an early warning on SKP. That is, when the quantity of secret-keys in the KP is less than the SKP threshold of the KP, it means that an SKP is needed. Wherein, the level of a user request may be a high level or a low level.
[00057] In step 404, the ONU may determine whether the quantity of secret-keys in the KP is less than the SKP threshold of the KP.
[00058] When the quantity of secret-keys in the KP is less than the SKP threshold of the KP, proceed to step 406. When the quantity of secret-keys in the KP is not less than the SKP threshold of the KP, return to step 404.
[00059] In step 406, the ONU may determine to send a key request to the OLT when the quantity of secret-keys in the KP is less than the SKP threshold of the KP.
[00060] According to examples of the present disclosure, the key request may include the source node of the key request, the destination node of the key request, the quantity of secret-keys required and the level of the user request corresponding to the key request.
[00061] FIG. 5 is a flowchart illustrating the process instep 306 in SKP method according to examples of the present disclosure. As shown in FIG. 5, the process of the above step 306 may include:
[00062] In step 502, the OLT may determine the level of each key request according to the level of its corresponding user request and whether the key request can be paired with another key request.
[00063] Wherein, according to examples of the present disclosure, the level of a user request is indicated in the key request received.
[00064] Whether the key request can be paired with another key request may be determined by determining whether there is another key request whose source node is the destination node of the key request and whose destination node is the source node of the key request. That is, if a key request can be paired with another key request, it means these two key requests can form a bidirectional key request. If a key request cannot be paired with another key request, it means this key request is a unidirectional key request.
[00065] Considering the level of the corresponding user request and whether the key request
can be paired with another key request, the level of a key request may include the following
four types (from the highest level to the lowest level):
[00066] Level 1, the level of the corresponding user request is high and the key request and
another key request can form a bidirectional key request (the key request can be paired with
another key request).
[00067] Level 2, the level of the corresponding user request is high and the key request is a
unidirectional key request (the key request cannot be paired with another key request).
[00068] Level 3, the level of the corresponding user request is low and the key request and
another key request can form a bidirectional key request (the key request can be paired with
another key request).
[00069] Level 4, the level of the corresponding user request is low and the key request is a
unidirectional key request (the key request cannot be paired with another key request).
[00070] In step 504, the OLT may obtain the quantity of secret-keys to be provisioned for
each key request according to the quantity of secret-keys required by each key request.
[00071] According to examples of the present disclosure, services with security requirements
in QANs are mostly randomly requested, therefore, secret-keys in different KPs are also
randomly consumed. According to examples of the present disclosure, a KP of an ONU may
trigger a key request while the quantity of secret-keys in the KP is less than the SKP
threshold. According to examples of the present disclosure, the OLT may obtain the quantity
of secret-keys in each of the KP by broadcasting an inquiry to the ONUs which send a key
request. The OLT may determine the quantity of secret-keys to be provisioned for each key
request according to the difference between the quantity of secret-keys required and the
quantity of secret-keys in each KP.
[00072] In step 506, the OLT may generate a key request queue by sorting the key requests
according to the level of each key request.
[00073] According to examples of the present disclosure, the OLT may generate a key
request queue to store the key requests received from the ONUs and the quantity of
secret-keys to be provisioned for each of the key request.
1n
[00074] According to examples of the present disclosure, the key requests in the key request
queue may be sorted according to the level of each key request from high to low. Moreover, if
a key request from an ONU changes, the key request queue then needs to be updated.
[00075] Before the above step 502, the following steps may also be performed.
[00076] After receiving at least one key request from the ONUs, the OLT may first check
whether the QKD device deployed is idle, when the QKD device is idle, the OLT may mark
the status of the QKD device as occupied and then proceed to step 502; and when the QKD
device is not idle, informing the ONUs to wait until the QKD device is idle and then proceed
to step 502.
[00077] FIG. 6 is a flowchart illustrating the process of step 308 in the SKP method
according to examples of the present disclosure. As shown in FIG.6, the process of step
308may include:
[00078] In step 602, the OLT may check time slot resources which are idle, extract and
divide the idle time slot resources according to the quantity of secret-keys to be provisioned,
and generate a key request period for each key request.
[00079] According to examples of the present disclosure, in the above step, the OLT may
check the quantity of secret-keys required by all the key requests from the ONUs. For two
key requests with the high level that can form a bidirectional key request, the OLT may add
the quantity of secret-keys required by the source node with the quantity of secret-keys
required by the destination node and take the summation as the quantity of secret-keys
required by these two key requests. Then the OLT may check the quantity of secret-keys that
can be generated in one time slot and calculate the number of time slots required for each key
request. The number of time slots required for each key request may be the ratio of the
quantity of secret-keys required and the quantity of secret-keys that can be generated in one
time slot. The OLT may then allocate time slots according to the number of time slots
calculated for each key request. These time slots allocated may form a key request period of
each key request.
[00080] In step 604, the OLT may configure an SKP period according to the key request
queue and the key request period of each key request.
[00081] According to examples of the present disclosure, the order to allocate the time slots in the SKP period is the order of the key requests sorted by the OLT. Wherein, the key request period represents the number of time slots allocated to the corresponding key request in the
SKP period. Then the OLT may send the allocation result of the time slots to all the ONUs
respectively.
[00082] In step 606, the OLT may generate secret-keys for each key request within the SKP
period, and storing the secret-keys generated in the KPs of the ONUs corresponding to each
key request.
[00083] According to examples of the present disclosure, in each of the key request period in
the SKP period, the OLT may first generate secret-keys between the OLT and the two ONUs
according to the quantity of secret-keys required by the two ONUs. Then, a trusted/quantum
relay at the OLT may perform an exclusive OR operation on the secret-keys generated
between the OLT and the two ONUs to generate secret-keys between the two ONUs. Finally
the OLT may store the generated secret-keys in KPs deployed at the two ONUs. According to
examples of the present disclosure, the operation of secret-key generation may occupy both
quantum channels and classical optical channels between the OLT and the ONUs.
[00084] After performing the above step 606, the SKP method is completed. According to
examples of the present disclosure, after the above step 606, the following operations can be
further performed:
[00085] In step 608, when a secure communication between two ONUs starts, each of the
two ONUs may extract a secret-key from its corresponding KP to encrypt/decrypt data.
[00086] According to other examples of the present disclosure, the method of FIG. 6 may
further include the following steps:
[00087] In step 610, the OLT may inquiry the ONUs whether the key requests need to be
updated, when akey request need to be updated, proceed to step 612, and when there is no
key request needs to be updated, proceed to step 614.
[00088] In step 612, an updated key request may be re-transmitted, and then proceed to step
401.
[00089] In step 614, the OLT may delete the allocation of the time slots in the next SKP
period.
[00090] FIG. 7 is a flowchart illustrating the process of a SKP method according to some
1) other examples of the present disclosure.
[00091] In step 702, the OLT obtains information of KPs deployed at the ONUs.
[00092] According to examples of the present disclosure, a KP is used for storing and
managing secret-keys. Since different ONUs in the QAN may have different security
requirements, to utilize secret-keys efficiently, each ONU may configure a KP with a size that
matches its security requirements. Specifically, a KP may be a large-size KP, a medium-size
KP or a small-size KP. According to examples of the present disclosure, parameters of a KP
may include the capacity and the SKP threshold. Wherein, the SKP threshold may be used for
an early warning on SKP. That is, when the quantity of secret-keys in the KP is less than the
SKP threshold, it means that the quantity of secret-keys is not enough and an SKP is needed
for the KP.
[00093] In step 704, the OLT collects key requests from the ONUs.
[00094] According to examples of the present disclosure, the OLT may broadcast to the
ONUs at certain intervals to inquiry whether there is a key request. When the quantity of
secret-keys in the KP of an ONU is less than the SKP threshold of the KP, the ONU may send
a key request to the OLT to increase the quantity of secret-keys in its KP.
[00095] According to examples of the present disclosure, a key request may include the
source node, the destination node, the quantity of secret-keys required, and the level of a user
request corresponding to the key request. Wherein, the level of a user request may be a high
level or a low level.
[00096] In step 706, the OLT checks the status of the QKD device that it connects.
[00097] According to examples of the present disclosure, the OLT may check whether the
QKD device (a QKD transmitter or a QKD receiver) to which it connects is in an idle state.
When the QKD device is in an idle state, the OLT may mark the status of the QKD device as
occupied; and when the QKD device is not in an idle state, the OLT may notify all ONUs to
wait until the QKD device is idle.
[00098] In step 708, the OLT determines the level of each key request.
[00099] According to examples of the present disclosure, in this step, the OLT may sort the
key requests received from the ONUs. The OLT can obtain two types of information, i.e. the
level of the user request corresponding to the key request and whether the user request can be paired with another user request. According to examples of the present disclosure, the level of a user request is indicated in the key request received. Whether the key request can be paired with another key request may be determined by determining whether there is another key request whose source node is the destination node of the key request and whose destination node is the source node of the key request. That is, if a key request can be paired with another key request, it means these two key requests form a bidirectional key request. If a key request cannot be paired with another key request, it means that this key request is a unidirectional key request.
[000100] According to examples of the present disclosure, the level of a key request may
be one of the following: Level 1 (high level of user request, bidirectional), Level 2 (high level
of user request, unidirectional), Level 3 (low level of user request, bidirectional), and Level 4
(low level of user request, unidirectional).
[000101] In step 710, the OLT calculates the quantity of secret-keys to be provisioned.
[000102] According to examples of the present disclosure, services with security
requirements in QANs are mostly randomly requested, therefore, secret-keys in different KPs
are also randomly consumed. According to examples of the present disclosure, a KP of an
ONU may trigger a key request while the quantity of secret-keys in the KP is less than the
SKP threshold. According to examples of the present disclosure, the OLT may obtain the
quantity of secret-keys in each the KP by broadcasting an inquiry to the ONUs. The OLT may
determine the quantity of secret-keys to be provisioned according to the difference between
the quantity of secret-keys required by each KP and the quantity of secret-keys in each KP.
[000103] In step 712, the OLT generates a key request queue.
[000104] According to examples of the present disclosure, the OLT may first sort the key
requests received from the ONUs according to the level of each key request from high to low.
According to examples of the present disclosure, the OLT may generate a key request queue
to store the key requests from the ONUs and the quantity of secret-keys to be provisioned for
each of the key request. Moreover, if a key request from an ONU changes, the key request
queue may need to be updated.
[000105] In step 714, the OLT allocates secret-keys for ONUs.
[000106] According to examples of the present disclosure, the OLT generates secret-keys
1A by dividing time slot resources according to the key requests. According to examples of the present disclosure, in the above step, the OLT may check the quantity of secret-keys required in all the key requests from the ONUs. For two key requests with the high level that can be paired, the OLT may add the quantity of secret-keys required by the source node with the quantity of secret-keys required by the destination node and take the summation as the quantity of secret-keys required by both these two key requests. Then the OLT may check the quantity of secret-keys that can be generated in one time slot and calculates the number of time slots required for each key request. According to examples of the present disclosure, the number of time slots required for each key request may be the ratio of the quantity of secret-keys required and the quantity of secret-keys for each key request that can be generated in one time slot. The OLT may then allocate time slots according to the number of time slots calculated for each key request of each paired key requests. These time slots allocated may form a key request period of each key request.
[000107] In step 716, the OLT generates an SKP period.
[000108] According to examples of the present disclosure, the OLT sets an SKP period
according to the level of each key request and the key request period of each ONU.
According to examples of the present disclosure, the order to allocate the time slots in the
SKP period is the order of the key requests in the key request queue sorted by the OLT.
Wherein, the key request period represents the number of time slots allocated to the
corresponding key request in the SKP period. Then the OLT may send the allocation result of
the time slots to all the ONUs respectively.
[000109] In step 718, the OLT generates secret-keys in the SKP period.
[000110] According to examples of the present disclosure, in the key request period, the
OLT may first generate secret-keys between the OLT and two ONUs according to the
quantity of secret-keys required by the two ONUs. Then a trusted/quantum relay at the OLT
may perform an exclusive OR operation on the secret-keys generated between the OLT and
the two ONUs to generate secret-keys between the two ONUs. Finally, the OLT may store the
generated secret-keys in KPs at the two ONUs. According to examples of the present
disclosure, the operation of secret-key generation may occupy the quantum channels and
classical optical channels between the OLT and the ONUs.
1<
[000111] In step 720, when a communication between any two of the ONUs starts, the
ONUs use one of the secret-keys to encrypt/decrypt data.
[000112] According to examples of the present disclosure, after the process of SKP is
completed, when a communication between any two of the ONUs starts, the source node (the
source ONU) may take a secret-key from its KP to encrypt the data and the destination node
(the destination ONU) may take the same secret-key from its KP to decrypt the data
encrypted by the source node.
[000113] In step 722, the ONUs update of key request.
[000114] According to examples of the present disclosure, the OLT may broadcast a
message to the ONUs to inquiry whether the ONU needs to update the key request. When the
ONU needs to update the key request, return to 702.When the ONU needs not to update the
key request, the OLT may delete the allocation of time slots in the next SKP period.
[000115] Based on the SKP method described above, an example of QKD in a QAN is
disclosed below.
[000116] As shown in FIG. 2, a QKD receiver and a KP are configured at the OLT, and a
QKD transmitter and a KP are configured at each ONU.
[000117] In step 1: the OLT records information of the KPs of three ONUs, wherein the
size of each KP of the three ONUs is selected by the final user of the ONU.
[000118] In step 2: the OLT broadcasts to the three ONUs to inquiry whether there is a
key request.
[000119] Since the quantity of secret-keys in the KPs of the three ONUs are all less than
the SKP threshold, each of the three ONUs may send a key request to the OLT respectively.
[000120] In step 3: the OLT checks whether the QKD receiving device it connects is in an
idle state.
[000121] Assuming that the QKD receiving device is in an idle state, secret-keys between
the OLT and ONU1, ONU2, and ONU3 can be generated through the QKD receiving device
and the QKD transmitting devices deployed at ONU1, ONU2, and ONU3.
[000122] In step 4: the OLT receives three key requests, namely a first key request which
requests secret-keys for a service from ONU1 to ONU2 (the level of its corresponding user
request is high), a second key request which requests secret-keys for a service from ONU2 to
I1
ONU1 (the level of its corresponding user request is high), and a third key request which
requests secret-keys for a service from ONU3 to ONU1 (the level of its corresponding user
request is low).
[000123] It can be seen that the first key request and the second key request can be paired
with each other. Therefore, both the first key request and the second key request are of Level
1. The third key request is of Level 4.
[000124] In step 5: the OLT broadcasts to the three ONUs to collect the quantity of
secret-keys required by the three key requests.
[000125] That is, the first key request needs 3 bits; the second key request needs 1 bit; and
the third key request needs 4 bits.
[000126] In step 6: the OLT generates a key request queue to store the three key requests
and the quantity of secret-keys required by the three key requests.
[000127] The key requests in the key request queue are sorted according to the level of
each key request. That is, the order of the key requests in the in the key request queue is the
first key request, the second key request and the third key request.
[000128] In step 7: the OLT adds the quantity of secret-keys required by the first key
request and the second key request into 4 bits.
[000129] Assuming that, the secret-key generation rate is 2 bits per time slot, that is, 2 bits
can be generated in one time slot, therefore, the first key request and the second key request
need to occupy 2 time slots all together. The third key request needs to occupy 2 time slots.
The four time slots are divided into two key request periods, respectively.
[000130] In step 8: the OLT may allocate time slots according to the order in the key
request queue.
[000131] That is, the OLT may allocate the first 2 time slots to the first key request and
the second key request and allocate the last 2 time slot to the third key request, as shown in
FIG. 8.
[000132] In step 9: within the first two time slots, the QKD receiver at the OLT performs
a QKD process with the QKD transmitters at ONU1 and ONU2, and within the next two time
slots, the QKD receiver at the OLT performs a QKD process with the QKD transmitter at
ONU3.
1'7
[000133] For example, for the first key request and the second key request between
ONU1 and ONU2, within the first two time slots, a 4-bit secret-key between OLT and ONU1
may be generated, and a 4-bit secret-key between OLT and ONU2 may be generated too.
Then the trusted/quantum relay performs an exclusive OR operation on the two 4-bit
secret-keys to form a 4-bit secret-key between ONU1 and ONU2, which are stored in KPs at
ONU1 and ONU2, respectively.
[000134] In step 10: when a secure communication is to be carried out between any two
of ONU1, ONU2 and ONU3, the source node may take out a secret-key from its KP to
encrypt the data, and the destination node may take our the same secret-key from its KP to
decrypt the data encrypted by the source node.
[000135] In step 11: the OLT inquires whether any of the three ONUs needs to update the
key request. If a key request needs to be updated, repeating the above steps 1-9; if there is no
need to update any of the key request, the allocation of time slots in the next SKP period may
be deleted.
[000136] Based on the SKP method described above, examples of the present disclosure
also provide an SKP device whose structure is shown in FIG. 9. As shown in FIG.9, the
device may include:
An SKP queue generation module 91, configured to receive at least one key request and
generate an SKP queue according to the at least one key request received;
a quantum communication module 92, configured to generate at least one secret-key
according to the SKP queue; and
a secret-key storage module 93, configured to store the at least one secret-key in KPs
each of which corresponds to a final user for SKP.
[000137] According to some examples of the present disclosure, the SKP queue
generation module 91 may include:
a key request level determining unit 911, configured to determine the level of each key
request according to the level of a user request corresponding to the key request; and
a sorting unit 912, configured to generate the key request queue by sorting the at least
one key request according to the level of each key request.
[000138] According to some examples of the present disclosure, the quantum
1Q communication module 92 may include: a status determining unit 921, configured to obtain the status of a QKD device, and mark the status of the QKD device as occupied when the device is idle, and wait when the device is not idle; a QKD unit 922, configured to generate the at least one secret-key according to the SKP queue through the QKD device.
[000139] According to some examples of the present disclosure, the quantum
communication module 92 may further include: a time slot allocating unit 923, configured to
generate a key request period and configure an SKP period.
[000140] It should be noted that the secret-key storage module 93 described above stores
the secret-key in the KP of each ONU for SKP, which realizes the inquiry of the quantity of
secret-keys, the storage of secret-keys, the updating of secret-keys, the early warning on the
quantity of secret-keys and the deletion of a secret-key after the secret-key is used.
[000141] According to examples of the present disclosure, the SKP device may further
include a clock module, configured to provide accurate timing information for
synchronization. The accurate timing information may be provided for the QKD devices and
the SKP device through acquisition and calibration time information.
[000142] According to the method and device of SKP of the present disclosure, after
receiving a plurality of key requests, a SKP queue is generated according to the level of each
key request received. Then, secret-keys are generated according to the SKP queue, and stored
in KPs configured in corresponding ONUs. Finally, data are encrypted/decrypted using the
secret-key stored. Since the SKP queue is generated according to the level of each key
request and secret-keys are generated according to the key request queue, not only a real-time
secret-key generation can be realized, but also the requirements on security of ONUs can be
met. Moreover, a flexible SKP in the QAN can be realized by matching the time slots in the
QAN and the requirements on secret-keys of the ONUs.
[000143] Furthermore, according to the present disclosure, the SKP queue is obtained by
sorting the key requests according to the level of each key request. Therefore, a key request
with a higher level will have a higher priority of getting the secret-key, thus the efficiency of
secret-key resources distribution can be improved.
[000144] Examples of the present disclosure also provide a device of SKP, which may
include: one or more processors, one or more memories, and a communication bus
configured to couple the one or more processors and the one or more memories; wherein the
one or more memories store one or more instructions, and when executed by the one or more
processors, the instructions cause the one or more processors to perform the above SKP
method.
[000145] Examples of the present disclosure also provide a non-transitory
computer-readable storage medium, including one or more instructions, when executed by
one or more processors, cause the one or more processors to perform the above SKP method.
[000146] One of ordinary skill in the art will appreciate that: the discussion of any of the
above examples is merely exemplary and is not intended to imply that the scope of the
disclosure, including the claims, is limited to these examples. The above examples or
technical features in different examples may also be combined under the idea of the
disclosure, the steps may be implemented in any order, and there are many other variations of
different aspects of the disclosure as described above, which are not provided in detail for the
sake of brevity.
[000147] The present examples are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims.
Therefore, it is intended that any omissions, modifications, equivalents, improvements and
the like be included within the spirit and scope of the present invention.
[000148] Throughout the specification and the claims that follow, unless the context
requires otherwise, the words "comprise" and "include" and variations such as "comprising"
and "including" will be understood to imply the inclusion of a stated integer or group of
integers, but not the exclusion of any other integer or group of integers.
[000149] The reference to any prior art in this specification is not, and should not be taken
as, an acknowledgement of any form of suggestion that such prior art forms part of the
common general knowledge.

Claims (19)

  1. What is claimed is: 1. A method of secret-key provisioning (SKP), comprising:
    generating an SKP queue according to key requests received;
    generating at least one secret-key according to the SKP queue; and
    storing the at least one secret-key in key pools (KPs) in the side of corresponding ONUs.
  2. 2. The method of claim 1, wherein, the key request comprises: a source node of the key
    request, a destination node of the key request, quantity of secret-keys required, and level of a
    user request corresponding to the key request.
  3. 3. The method of claim 2, wherein, generating an SKP according to at least one key
    request received comprises:
    determining level of each key request according to the level of the user request
    corresponding to the key request and whether the key request can be paired with another key
    request;
    generating the SKP queue according to the level of each key request; and
    obtaining the quantity of secret-keys to be provisioned for each key request.
  4. 4. The method of claim 3, wherein, obtaining the quantity of secret-keys to be
    provisioned for each key request comprises:
    for each key request, determining the quantity of secret-keys in the KP in the side of the
    ONU which sends the key request; and determining the quantity of secret-keys to be
    provisioned for the key request according to the difference between the quantity of
    secret-keys required and the quantity of secret-keys in the KP.
  5. 5. The method of claim 3, wherein, generating at least one secret-key according to the
    SKP queue comprises:
    generating a key request period for each key request according to the quantity of
    secret-keys to be provisioned;
    configuring an SKP period according to the SKP queue and the key request period of
    each key request; and
    generating at least one secret-key according to the SKP queue in the SKP period.
  6. 6. The method of claim 5, wherein, generating a key request period for each key request
    I1 according to the quantity of secret-keys to be provisioned comprises: forming at least one key request pair when any two key requests with high level can be paired, adding the quantity of secret-keys required by the two key requests of each key request pair and taking the summation as the quantity of secret-keys required by the key request pair; determining the quantity of secret-keys that can be generated in one time slot; calculating the quantity of time slots required by each key request according to the ratio of the quantity of secret-keys to be provisioned for each key request and the quantity of secret-keys that can be generated in one time slot; and generating a key request period for each key request according to the quantity of time slots required by the key request.
  7. 7. The method of claim 5, wherein, configuring a SKP period according to the SKP
    queue and the key request period of each key request comprises:
    determining the quantity of time slots required by all the key requests;
    extracting time slots according to the quantity determined;
    dividing the time slots exacted according to the order of the key requests in the key
    request queue and the key request period of each key request; and
    allocating the time slots divided to each key request.
  8. 8. The method of claim 7,wherein,generating at least one secret-key according to the
    SKP queue in the SKP period comprises:
    generating secret-keys for each key request in the time slots allocated to the key request.
  9. 9. The method of claim 1, further comprising:
    inquiring whether any key request needs to be updated;
    when a key request needs to be updated, receiving an updated key request; and
    when there is no key request needs to be updated, deleting the allocation of the time
    slots in the next SKP period.
  10. 10. A method of secret-key provisioning SKP, comprising:
    sending, by each of multiple ONUs, a key request to an OLT when the ONU receives a
    user request;
    generating, by the OLT, an SKP queue according to key requests received from the
  11. 11) multiple ONUs; generating, by the OLT, secret-keys according to the SKP queue; and storing, by the OLT, the secret-keys in key pools KPs in the side of corresponding
    ONUs.
    11. The method of claim 10, wherein, the key request comprises: a source node of the
    key request, a destination node of the key request, quantity of secret-keys required, and level
    of a user request corresponding to the key request.
  12. 12. The method of claim 11, wherein, generating, by the OLT, an SKP queue according
    to key requests received from the multiple ONUs comprises:
    determining, by the OLT, level of each key request according to the level of the user
    request corresponding to the key request and whether the key request can be paired with
    another key request;
    generating, by the OLT, the SKP queue according to the level of each key request; and
    obtaining, by the OLT, the quantity of secret-keys to be provisioned for each key
    request.
  13. 13. The method of claim 12, wherein, generating, by the OLT, secret-keys according to
    the SKP queue comprises:
    generating, by the OLT, a key request period for each key request according to the
    quantity of secret-keys to be provisioned for each key request;
    configuring, by the OLT, an SKP period according to the SKP queue and the key request
    period of each key request; and
    generating, by the OLT, secret-keys according to the SKP queue in the SKP period.
  14. 14. The method of claim 13, wherein, generating, by the OLT, a key request period for
    each key request according to the quantity of secret-keys to be provisioned comprises:
    forming at least one key request pair when any two key requests with high level can be
    paired, adding the quantity of secret-keys required by the two key requests of each key
    request pair and taking the summation as the quantity of secret-keys required by the key
    request pair;
    determining the quantity of secret-keys that can be generated in one time slot;
    calculating the quantity of time slots required by each key request according to the ratio of the quantity of secret-keys to be provisioned for each key request and the quantity of secret-keys that can be generated in one time slot; and generating a key request period for each key request according to the quantity of time slots required by the key request.
  15. 15. The method of claim 13, wherein, configuring, by the OLT, a SKP period according
    to the SKP queue and the key request period of each key request comprises:
    determining the quantity of time slots required by all the key requests;
    extracting time slots according to the quantity determined;
    dividing the time slots exacted according to the order of the key requests in the key
    request queue and the key request period of each key request; and
    allocating the time slots divided to each key request.
  16. 16. The method of claim 10, further comprising:
    when a secure communication between a source node and a destination node starts,
    taking, by the source node, a secret-key from the KP configured in the source node to encrypt
    the data; and taking, by the destination node, the secret-key from the KP configured in the
    destination node to decrypt the data encrypted.
  17. 17. The method of claim 10, further comprising:
    inquiring, by the OLT, whether any key request needs to be updated;
    when a key request needs to be updated, sending, by the ONU, an updated key request to
    the OLT; and
    when there is no key request needs to be updated, deleting, by the OLT, the allocation of
    the time slots in the next SKP period.
  18. 18. The method of claim 10, further comprising:
    checking, by the ONU, the quantity of secret-keys in the KP after receiving a user
    request;
    determining, by the ONU, to send the key request to the OLT when the quantity of
    secret-keys in the KP is less than an SKP threshold of the KP.
  19. 19. A device of secret-key provisioning SKP, comprising:
    one or more processors, one or more memories, and a communication bus configured to
    couple the one or more processors and the one or more memories; wherein the one or more memories store one or more instructions, and when executed by the one or more processors, the instructions cause the one or more processors to perform the method according to claim 1.
AU2020102953A 2020-10-22 2020-10-22 Method and device of secret-key provisioning Ceased AU2020102953A4 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2020102953A AU2020102953A4 (en) 2020-10-22 2020-10-22 Method and device of secret-key provisioning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2020102953A AU2020102953A4 (en) 2020-10-22 2020-10-22 Method and device of secret-key provisioning

Publications (1)

Publication Number Publication Date
AU2020102953A4 true AU2020102953A4 (en) 2020-12-24

Family

ID=73838740

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2020102953A Ceased AU2020102953A4 (en) 2020-10-22 2020-10-22 Method and device of secret-key provisioning

Country Status (1)

Country Link
AU (1) AU2020102953A4 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024670A (en) * 2021-11-03 2022-02-08 中科问天量子科技(天津)有限公司 Quantum trusted relay key synchronization method and system for bidirectional key pool

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024670A (en) * 2021-11-03 2022-02-08 中科问天量子科技(天津)有限公司 Quantum trusted relay key synchronization method and system for bidirectional key pool
CN114024670B (en) * 2021-11-03 2023-08-18 中科问天量子科技(天津)有限公司 Quantum trusted relay key synchronization method and system for bidirectional key pool

Similar Documents

Publication Publication Date Title
US11936777B2 (en) Method, device of secret-key provisioning and computer-readable storage medium thereof
US11190347B2 (en) Method and device for allocating QKD network resources and computer-readable storage medium thereof
JP5068199B2 (en) Bandwidth allocation device and method
EP2045981B1 (en) Method for the management of bandwidth in a communications network, corresponding computer-readable storage medium and devices
CN101621723B (en) Wavelength allocation method of WDM-PON system
CN108075835B (en) Method and apparatus for optical network unit wavelength tuning
CN101686177B (en) Dynamic bandwidth allocation method, equipment and system of multi-service transport network
CN110213040B (en) Service quality control method and device for quantum key distribution service
WO2017177549A1 (en) Passive optical network architecture, method for passive optical network architecture to implement data transmission, and optical network device
US9331786B2 (en) Managing downstream non-broadcast transmission in an ethernet passive optical network (EPON) protocol over coax (EPoC) network
US8588608B2 (en) Method for managing the connection in an optical access network, corresponding platform, central office, and computer program product
AU2020102953A4 (en) Method and device of secret-key provisioning
US9698930B2 (en) Bandwidth map update method and device
JP4891715B2 (en) Passive optical network system
JP4969367B2 (en) Dynamic bandwidth allocation method, optical terminal device, and dynamic bandwidth allocation program
CN109905171B (en) Quantum key distribution optical fiber transmission system and method
WO2011020376A1 (en) Processing method in a passive optical network, system and network element for a passive optical network
CN112738659B (en) Communication method based on passive optical network, related equipment and system
CN112262551B (en) Subscriber line terminal station apparatus and band allocation method
CN108540286B (en) Switchable multi-type quantum terminal network communication system and key distribution method
CN104901762A (en) Dynamic wavelength and bandwidth allocation method of minimum tuning in time- and wavelength-division multiplexed passive optical network
Qin et al. A novel approach for supporting deterministic quality-of-service in WDM EPON networks
Xue et al. Deterministic QoS provisioning with network calculus based admission control in WDM EPON networks
WO2014176791A1 (en) Method and device for multicarrier division multiplexing system
CN112073181B (en) QKD network, metropolitan area node and key distribution method between access networks thereof

Legal Events

Date Code Title Description
FGI Letters patent sealed or granted (innovation patent)
MK22 Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry