CN109005034B - Multi-tenant quantum key supply method and device - Google Patents
Multi-tenant quantum key supply method and device Download PDFInfo
- Publication number
- CN109005034B CN109005034B CN201811094174.3A CN201811094174A CN109005034B CN 109005034 B CN109005034 B CN 109005034B CN 201811094174 A CN201811094174 A CN 201811094174A CN 109005034 B CN109005034 B CN 109005034B
- Authority
- CN
- China
- Prior art keywords
- quantum key
- tenant
- pair
- distribution nodes
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a multi-tenant quantum key supply method and device. The method comprises the following steps: acquiring parameter information of a quantum key distribution network; after receiving a plurality of tenant requests, recording parameter information of each tenant request and inquiring quantum key information associated with the tenant requests; and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request. The scheme provided by the invention can improve the configuration flexibility of the multi-tenant quantum key and the supply efficiency of the quantum key in the quantum key distribution network.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a multi-tenant quantum key supply method and device.
Background
Information network security and confidentiality are important in the information age. The QKD (Quantum key distribution) technique can provide a theoretically "unconditionally secure" Quantum key for a user with high security requirements, thereby ensuring secure communication between the user's secret and sensitive data. The QKD network can serve as a support network for secure communications of users, but the QKD network is currently expensive and difficult to deploy, and proprietary QKD networks are difficult to deploy for some institutions with high security requirements (e.g., financial institutions, government agencies, etc.). The QKD network can continuously generate and store quantum keys, and a plurality of tenants (one tenant corresponds to one mechanism with high security requirements) can rent the same QKD network and obtain the required quantum keys from the QKD network to guarantee secure communication. The quantum keys acquired by a plurality of tenants are different from each other, and the quantum keys are destroyed after being used once.
In the QKD network, multiple tenants dynamically arrive and leave, and each tenant is unknown before arriving, it becomes critical how to achieve efficient supply-demand matching of the quantum keys supplied by the QKD network and the quantum keys demanded by the dynamic multi-tenants. An efficient dynamic multi-tenant quantum key supply method is lacked in the existing QKD network, and quantum key supply and configuration of multiple tenants are completed one by one mainly by adopting a manual method in the related technology, so that efficient supply and demand matching of quantum keys supplied by the QKD network and quantum keys required by the dynamic multi-tenant is difficult to realize, and the problems that the configuration of the multiple tenants in the existing QKD network is inflexible and the supply efficiency of quantum key resources is low are caused.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for providing a multi-tenant quantum key, which can improve the configuration flexibility of the multi-tenant and the quantum key providing efficiency.
According to an aspect of the present invention, there is provided a multi-tenant quantum key provisioning method, including:
acquiring parameter information of a quantum key distribution network;
after receiving a plurality of tenant requests, recording parameter information of each tenant request and inquiring quantum key information associated with the tenant requests;
and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request.
Preferably, the obtaining parameter information of the quantum key distribution network includes:
acquiring topological information of a quantum key distribution network;
and acquiring the quantum key generation rate, the quantum key storage amount threshold and the quantum key reserved storage amount between each pair of distribution nodes.
Preferably, the recording the parameter information requested by each tenant includes:
recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
the querying quantum key information associated with the tenant request comprises:
and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
Preferably, the determining a quantum key supplied to each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request includes:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
Preferably, the determining, according to a comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, an amount of quantum keys available between each pair of distribution nodes includes:
when the theoretical quantum key storage amount is larger than the quantum key storage amount threshold value, determining the available quantum key amount between each pair of distribution nodes and selecting the quantum key storage amount threshold value;
and when the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold value, determining the quantum key amount available between each pair of distribution nodes and selecting the theoretical quantum key storage amount.
Preferably, the determining the quantum key provisioned for each tenant according to the comparison result between the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes includes:
and when the quantity of the quantum keys available between each pair of the distribution nodes is larger than or equal to the quantity of the required quantum keys between each pair of the distribution nodes, selecting the quantity of the required quantum keys from the corresponding distribution nodes and supplying the quantity of the required quantum keys to the nodes corresponding to the tenant request.
Preferably, the method further comprises:
and monitoring and updating the real-time residual quantum key amount between each pair of distribution nodes in the quantum key distribution network.
According to another aspect of the present invention, there is provided a multi-tenant quantum key provisioning apparatus including:
the network information acquisition module is used for acquiring parameter information of the quantum key distribution network;
the system comprises a tenant recording and querying module, a processing module and a processing module, wherein the tenant recording and querying module is used for recording parameter information of each tenant request and querying quantum key information related to the tenant request after receiving a plurality of tenant requests;
and the quantum key supply module is used for determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module, the parameter information of each tenant request recorded by the tenant recording and query module and the queried quantum key information associated with the tenant request.
Preferably, the network information obtaining module includes:
the topological information acquisition module is used for acquiring topological information of the quantum key distribution network;
the rate information acquisition module is used for acquiring the quantum key generation rate between each pair of distribution nodes;
the storage information acquisition module is used for acquiring a quantum key storage amount threshold value between each pair of distribution nodes;
and the reserved information acquisition module is used for acquiring the reserved storage capacity of the quantum key between each pair of distribution nodes.
Preferably, the tenant recording and querying module includes:
the node recording module is used for recording a node set requested by each tenant;
the time recording module is used for recording the arrival time and the duration of each tenant request;
the demand recording module is used for recording the quantum key demand between each pair of distribution nodes in the node set requested by each tenant;
and the query module is used for querying the previous tenant request information for completing quantum key supply between each pair of distribution nodes and the quantum key amount remained after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
Preferably, the quantum key provisioning module includes:
the calculation module is used for determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request; determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
the judgment module is used for judging whether the theoretical quantum key storage capacity is larger than the quantum key storage capacity threshold value or not and judging whether the quantum key quantity available between each pair of distribution nodes is larger than or equal to the required quantum key quantity between each pair of distribution nodes or not;
the decision module is used for determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module;
and the execution module is used for determining the quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module and the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the judgment module.
Preferably, the quantum key provisioning module further comprises:
and the monitoring module is used for monitoring and updating the quantum key amount remained in real time between each pair of distribution nodes in the quantum key distribution network.
In summary, according to the technical solution of the embodiment of the present invention, parameter information of a quantum key distribution network can be obtained, after receiving a plurality of tenant requests, parameter information of each tenant request is recorded and quantum key information associated with the tenant request is queried, and then a quantum key supplied to each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
FIG. 1 is a schematic diagram of a quantum key distribution network;
fig. 2 is a schematic flow diagram of a multi-tenant quantum key provisioning method in a quantum key distribution network according to one embodiment of the invention;
fig. 3 is a schematic flow chart diagram of step 201 in a method for multi-tenant quantum key provisioning in a quantum key distribution network according to an embodiment of the present invention;
fig. 4 is a schematic flow chart diagram of step 202 in a method for multi-tenant quantum key provisioning in a quantum key distribution network according to an embodiment of the present invention;
fig. 5 is a schematic flow chart diagram of step 203 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention;
FIG. 6 is a quantum key distribution network application illustration according to one embodiment of the invention;
fig. 7 is a schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to one embodiment of the present invention;
fig. 8 is another schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The invention provides a multi-tenant quantum key supply method which can improve the configuration flexibility of multi-tenant quantum keys and the supply efficiency of quantum keys in a quantum key distribution network.
The technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a quantum key distribution network.
As shown in fig. 1, the QKD network includes a node a, a node B, a node C, a node D, and a node E, where the QKD node is located at a user end node with high security requirement, and the QKD link includes a quantum channel for carrying quantum optical signals and synchronous optical signals, and a negotiation channel for carrying negotiation information such as basis vector comparison and error code check. Due to the unclonable characteristic of the quantum state, the quantum signal cannot be amplified, and a plurality of credible relay nodes can be arranged among the QKD nodes to prolong the QKD distance. The QKD node comprises a plurality of QKD transmitting ends, a plurality of QKD receiving ends, a key management server and other components. Any pair of QKD nodes in the QKD network can be communicated with the QKD transmitting end and the QKD receiving end by using a QKD link to perform quantum key distribution, so that a quantum key which is theoretically 'unconditionally safe' is generated, and the quantum key is stored in a key management server. The key management server can control the quantum key distribution sending end and the quantum key distribution receiving end to synchronously generate the quantum key, store the quantum key, supply the quantum key for a tenant with high safety requirement and destroy the quantum key after the quantum key is used once.
Fig. 2 is a schematic flow chart of a multi-tenant quantum key provisioning method in a quantum key distribution network according to one embodiment of the invention. The method can be applied to a multi-tenant quantum key provisioning device in a quantum key distribution network.
With respect to the multi-tenant of the embodiment of the present invention, a plurality of logically isolated tenants can coexist on the same underlying network to share resources in the network. The unique property of quantum key resources enables the quantum key to be continuously generated among QKD nodes and continuously consumed by multiple tenants, and the quantum key cannot be reused and can be destroyed after being used once. Each tenant request in the QKD network consists of several user end nodes with high security requirements and quantum key requirements between each corresponding pair of user end nodes. The general quantum key requirements may include both types of quantum key volume requirements and quantum key rate requirements. Multiple tenants will dynamically arrive and leave, and each tenant is not known before arriving. The invention can realize the thorough separation of QKD network infrastructure and high-security-requirement users by utilizing the idea of multi-tenancy, so that a plurality of users can obtain quantum key resources meeting the security requirements of the users in the form of renting the QKD network without paying attention to specific bottom QKD networking details (cost, difficulty and the like), thereby greatly improving the utilization rate of the quantum key resources in the QKD network.
The invention provides a dynamic multi-tenant quantum key supply method in a QKD network aiming at the defects of the prior art and the unique attributes of quantum key resources in the QKD network, and the method can realize the efficient supply and demand matching of quantum keys supplied by the QKD network and quantum keys required by dynamic multi-tenant.
Referring to fig. 2, the method includes:
The method comprises the steps of obtaining topological information of a quantum key distribution network; and acquiring the quantum key generation rate, the quantum key storage amount threshold and the quantum key reserved storage amount between each pair of distribution nodes.
Wherein the recording of the parameter information requested by each tenant comprises: recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
wherein the querying quantum key information associated with the tenant request comprises: and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
This step may include:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
According to the technical scheme of the embodiment of the invention, the parameter information of the quantum key distribution network can be obtained, after a plurality of tenant requests are received, the parameter information of each tenant request is recorded and the quantum key information associated with the tenant request is inquired, and then the quantum key supplied for each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
Fig. 3 is a schematic flow chart of step 201 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 3, this includes:
Wherein QKD nodes in the underlying QKD network topology correspond to user end nodes with high security requirements.
After each pair of quantum key distribution nodes are connected with a QKD link, quantum keys are generated continuously at a certain rate.
And the quantum key storage amount threshold value in the key management server between each pair of quantum key distribution nodes is determined by the size of the storage space.
And step 304, acquiring the quantum key reserved storage between each pair of quantum key distribution nodes.
Before the dynamic multi-tenant request arrives, a certain quantum key storage amount is reserved between each pair of quantum key distribution nodes, and multi-tenant quantum key supply failure caused by insufficient quantum key storage amount when the QKD network starts to operate can be avoided.
It should be noted that there is no necessary order relationship between the steps 301, 302, 303, and 304.
Fig. 4 is a schematic flow chart of step 202 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 4, this includes:
in step 401, a tenant end node set with high security requirements for each tenant request is recorded.
And each node with high security requirement in the node set has a corresponding relation with the quantum key distribution node in the bottom layer quantum key distribution network.
At step 402, the arrival time and duration of each tenant request is recorded.
Wherein, the arrival time and the duration of the plurality of tenant requests can be the same or different.
And step 403, recording the quantum key requirement between each pair of nodes in the node set requested by each tenant.
The quantum key requirements can include two types of quantum key quantity requirements and quantum key rate requirements.
And 405, inquiring the quantum key amount left in real time after each pair of QKD nodes finish supplying quantum keys for the previous tenant request.
It should be noted that steps 401, 402 and 403 do not necessarily have a sequential relationship.
Fig. 5 is a schematic flow chart of step 203 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 5, this includes:
Calculating each pair of QKD corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of nodes in the node set of each tenant requestRequired quantum key quantum K between nodesr(i.e., the amount of quantum key that needs to be supplied).
And 502, calculating theoretical quantum key storage Ks between each pair of quantum key distribution nodes.
And calculating theoretical quantum key storage Ks (namely theoretical quantum key storage) between each pair of quantum key distribution nodes in the quantum key distribution network when each tenant request arrives according to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage, the arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount left after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
The first hit method is that available resources are numbered in a front-to-back order, and then the resources are selected according to the order of the numbers from small to large. The first hit is a common method for allocating network resources, that is, each time network resources are allocated (such as key resources herein), the foremost (i.e., smallest-numbered) available resources are selected according to the numbering order for allocation.
And 509, monitoring and updating the quantum key amount remained in real time between each pair of quantum key distribution nodes in the quantum key distribution network.
After quantum key supply is completed, the real-time residual quantum key amount between each pair of quantum key distribution nodes in the quantum key distribution network is monitored and updated. It should be noted that, after the new tenant request arrives, steps 202 and 203 in fig. 2 are repeatedly executed in sequence.
It should be noted that steps 501 and 502 do not necessarily have a sequential relationship.
Fig. 6 is a quantum key distribution network application illustration according to an embodiment of the invention.
As shown in fig. 6, before the dynamic multi-tenant arrives, topology information of the bottom QKD network is obtained, and bottom 6 QKD nodes and QKD link information connecting the QKD nodes can be obtained; obtaining quantum key generation rate between each pair of QKD nodes, e.g. QKD nodesA quantum key generation rate ofQKD nodeA quantum key generation rate ofQKD nodeA quantum key generation rate ofObtaining quantum key memory space threshold K between each pair of QKD nodesmaxIn the embodiment of the invention, the quantum key storage amount threshold values between each pair of QKD nodes are the same; obtaining quantum key reserved storage K between each pair of QKD nodesaIn the embodiment of the invention, the reserved storage capacity of the quantum key between each pair of QKD nodes is the same.
Before the tenant 2 request arrives, the tenant 1 request has completed quantum key provisioning. When a tenant 2 request arrives, recording a node set { A, B, C } requested by the tenant 2; recording the arrival time t of tenant 2 requesta2And duration th2(ii) a Recording nodes in node set { A, B, C } requested by tenant 2The quantum key rate requirement ofNode pointThe quantum key quantity requirement ofNode pointThe quantum key rate requirement ofQuery tenant 1 request arrival time ta1(ii) a Querying QKD nodesQuantum key amount remaining in real time after completion of supplying quantum key to tenant 1 requestQKD nodeQuantum key amount remaining in real time after completion of supplying quantum key to tenant 1 requestQKD nodeQuantum key amount remaining in real time after completion of supplying quantum key to tenant 1 requestComputing tenant 2 request corresponding QKD nodeQuantum key quantity of interval demandTenant 2 requests a corresponding QKD nodeQuantum key quantity of interval demandTenant 2 requests a corresponding QKD nodeQuantum key quantity of interval demandComputing tenant 2 request corresponding QKD nodeInter-theoretical quantum key storageQKD nodeInter-theoretical quantum key storageQKD nodeInter-theoretical quantum key storageWherein, are all less than KmaxThen QKD nodeQuantum key quantum amount available in real timeQKD nodeQuantum key quantum amount available in real timeQKD nodeQuantum key quantum amount available in real timeWherein, respectively correspond to less thanSelecting quantum key quantities from corresponding QKD nodes using a first hit methodThe provisioning requests the corresponding node to tenant 2. And finally, quantum key supply requested by the tenant 2 is completed, and the real-time residual quantum key amount between each pair of QKD nodes in the bottom layer QKD network is monitored and updated.
The foregoing describes in detail a multi-tenant quantum key provisioning method in a quantum key distribution network of the present invention, and the following describes a multi-tenant quantum key provisioning apparatus in a quantum key distribution network corresponding to the present invention.
Fig. 7 is a schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to one embodiment of the present invention.
Referring to fig. 7, the multi-tenant quantum key provisioning apparatus 70 includes: a network information acquisition module 71, a tenant record and query module 72, and a quantum key provisioning module 73.
And the network information obtaining module 71 is configured to obtain parameter information of the quantum key distribution network.
The method comprises the steps of obtaining parameter information of a quantum key distribution network, wherein the step of obtaining the parameter information of the quantum key distribution network comprises the step of obtaining topological information of the quantum key distribution network; and acquiring the quantum key generation rate, the quantum key storage amount threshold value, the quantum key reserved storage amount and the like between each pair of distribution nodes.
The tenant recording and querying module 72 is configured to record parameter information of each tenant request and query quantum key information associated with the tenant request after receiving a plurality of tenant requests.
Wherein the recording of the parameter information requested by each tenant comprises: recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request; wherein the querying quantum key information associated with the tenant request comprises: and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
A quantum key supply module 73, configured to determine a quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module 71, the parameter information of each tenant request recorded by the tenant recording and querying module 72, and the queried quantum key information associated with the tenant request.
The required quantum key amount between each pair of distribution nodes corresponding to each tenant request can be determined according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
Fig. 8 is another schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to an embodiment of the present invention.
Referring to fig. 8, the multi-tenant quantum key provisioning apparatus 80 includes: a network information acquisition module 71, a tenant record and query module 72, a quantum key provisioning module 73, and a control module 74.
The control module 74 is responsible for controlling the work of the whole device, and the network information obtaining module 71, the tenant recording and querying module 72, and the quantum key providing module 73 respectively execute different operations under the control of the control module 74.
Wherein, the network information obtaining module 71 includes: a topology information obtaining module 711, a rate information obtaining module 712, a storage information obtaining module 713, and a reservation information obtaining module 714.
And the topology information obtaining module 711 is configured to obtain topology information of the quantum key distribution network.
And a rate information obtaining module 712, configured to obtain a quantum key generation rate between each pair of distribution nodes.
A storage information obtaining module 713, configured to obtain a quantum key storage amount threshold between each pair of distribution nodes.
And a reserved information obtaining module 714, configured to obtain a reserved storage amount of the quantum key between each pair of distribution nodes.
Wherein the tenant record and query module 72 comprises: a node recording module 721, a time recording module 722, a demand recording module 723, a query module 724, and an information storage module 725.
A node record module 721, configured to record a node set with high security requirements requested by each tenant.
And a time recording module 722 for recording the arrival time and duration of each tenant request.
And the requirement recording module 723 is configured to record a quantum key requirement between each pair of distribution nodes in the node set requested by each tenant.
The query module 724 is configured to query previous tenant request information for completing quantum key supply between each pair of distribution nodes, and a quantum key amount remaining after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
The information storage module 725 is configured to store detailed information and status requested by each tenant.
Wherein the quantum key provisioning module 73 comprises: a calculation module 731, a determination module 732, a decision module 733, an execution module 734, and a monitoring module 735.
A calculating module 731, configured to determine, according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request, a required quantum key amount between each pair of distribution nodes corresponding to each tenant request; and determining the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage capacity, the arrival time and the duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key quantity left after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
The determining module 732 is configured to determine whether the theoretical quantum key storage amount is greater than the quantum key storage amount threshold, and determine whether the quantum key amount available between each pair of distribution nodes is greater than or equal to the required quantum key amount between each pair of distribution nodes.
The decision module 733 is configured to determine, according to a comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold in the determination module 732, an available quantum key amount between each pair of distribution nodes, and determine whether a quantum key requirement requested by a tenant can be met.
An executing module 734, configured to determine a quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module 733, and a comparison result between the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the determining module 732; namely, the first hit method is executed to select quantum key quantity from the corresponding QKD nodes and supply the quantum key quantity to the node corresponding to the tenant request.
And the monitoring module 735 is configured to monitor and update the quantum key amount remaining in real time between each pair of distribution nodes in the quantum key distribution network.
In summary, according to the technical solution of the embodiment of the present invention, parameter information of a quantum key distribution network can be obtained, after receiving a plurality of tenant requests, parameter information of each tenant request is recorded and quantum key information associated with the tenant request is queried, and then a quantum key supplied to each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
The technical solution according to the present invention has been described in detail above with reference to the accompanying drawings.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
Those of ordinary skill in the art will understand that: the invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
Claims (8)
1. A multi-tenant quantum key provisioning method, comprising:
acquiring parameter information of a quantum key distribution network, comprising: acquiring topological information of a quantum key distribution network;
acquiring quantum key generation rate, quantum key storage quantity threshold and quantum key reserved storage quantity between each pair of distribution nodes;
after receiving a plurality of tenant requests, recording parameter information of each tenant request and querying quantum key information associated with the tenant request, wherein the recording of the parameter information of each tenant request comprises:
recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
the querying quantum key information associated with the tenant request comprises:
inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes;
and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request.
2. The method of claim 1, wherein determining the quantum key provisioned for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request comprises:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
3. The method of claim 2, wherein determining the amount of quantum key available between each pair of distribution nodes based on the comparison of the theoretical quantum key storage amount to the quantum key storage amount threshold comprises:
when the theoretical quantum key storage amount is larger than the quantum key storage amount threshold value, determining the available quantum key amount between each pair of distribution nodes and selecting the quantum key storage amount threshold value;
and when the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold value, determining the quantum key amount available between each pair of distribution nodes and selecting the theoretical quantum key storage amount.
4. The method of claim 3, wherein determining the quantum key provisioned for each tenant based on a comparison of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes comprises:
and when the quantity of the quantum keys available between each pair of the distribution nodes is larger than or equal to the quantity of the required quantum keys between each pair of the distribution nodes, selecting the quantity of the required quantum keys from the corresponding distribution nodes and supplying the quantity of the required quantum keys to the nodes corresponding to the tenant request.
5. The method of claim 4, further comprising:
and monitoring and updating the real-time residual quantum key amount between each pair of distribution nodes in the quantum key distribution network.
6. A multi-tenant quantum key provisioning apparatus, comprising:
the network information acquisition module is used for acquiring parameter information of the quantum key distribution network;
the system comprises a tenant recording and querying module, a processing module and a processing module, wherein the tenant recording and querying module is used for recording parameter information of each tenant request and querying quantum key information related to the tenant request after receiving a plurality of tenant requests;
the quantum key supply module is used for determining a quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module, the parameter information of each tenant request recorded by the tenant recording and query module, and the queried quantum key information associated with the tenant request;
the network information acquisition module comprises:
the topological information acquisition module is used for acquiring topological information of the quantum key distribution network;
the rate information acquisition module is used for acquiring the quantum key generation rate between each pair of distribution nodes;
the storage information acquisition module is used for acquiring a quantum key storage amount threshold value between each pair of distribution nodes;
the reserved information acquisition module is used for acquiring reserved storage space of the quantum key between each pair of distribution nodes;
the tenant recording and querying module comprises:
the node recording module is used for recording a node set requested by each tenant;
the time recording module is used for recording the arrival time and the duration of each tenant request;
the demand recording module is used for recording the quantum key demand between each pair of distribution nodes in the node set requested by each tenant;
and the query module is used for querying the previous tenant request information for completing quantum key supply between each pair of distribution nodes and the quantum key amount remained after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
7. The apparatus of claim 6, wherein the quantum key provisioning module comprises:
the calculation module is used for determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
the judgment module is used for judging whether the theoretical quantum key storage capacity is larger than the quantum key storage capacity threshold value or not and judging whether the quantum key quantity available between each pair of distribution nodes is larger than or equal to the required quantum key quantity between each pair of distribution nodes or not;
the decision module is used for determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module;
and the execution module is used for determining the quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module and the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the judgment module.
8. The apparatus of claim 6, wherein the quantum key provisioning module further comprises: and the monitoring module is used for monitoring and updating the quantum key amount remained in real time between each pair of distribution nodes in the quantum key distribution network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811094174.3A CN109005034B (en) | 2018-09-19 | 2018-09-19 | Multi-tenant quantum key supply method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811094174.3A CN109005034B (en) | 2018-09-19 | 2018-09-19 | Multi-tenant quantum key supply method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109005034A CN109005034A (en) | 2018-12-14 |
CN109005034B true CN109005034B (en) | 2020-10-02 |
Family
ID=64592389
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811094174.3A Active CN109005034B (en) | 2018-09-19 | 2018-09-19 | Multi-tenant quantum key supply method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109005034B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110224815B (en) * | 2019-05-08 | 2021-02-09 | 北京邮电大学 | QKD network resource distribution method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599826A (en) * | 2009-07-10 | 2009-12-09 | 陕西理工学院 | Expandable multi-user quantum key distribution network system and method for distributing key thereof |
CN106850204A (en) * | 2017-02-27 | 2017-06-13 | 北京邮电大学 | Quantum key distribution method and system |
CN106961327A (en) * | 2017-02-27 | 2017-07-18 | 北京邮电大学 | Key management system and method based on quantum key pond |
CN107302429A (en) * | 2017-06-27 | 2017-10-27 | 浙江科易理想量子信息技术有限公司 | A kind of network-building method for improving key generating rate |
CN107508671A (en) * | 2017-08-18 | 2017-12-22 | 北京邮电大学 | Service communication method and device based on quantum key distribution |
CN108462573A (en) * | 2018-02-09 | 2018-08-28 | 中国电子科技集团公司第三十研究所 | A kind of flexible quantum safety moving communication means |
-
2018
- 2018-09-19 CN CN201811094174.3A patent/CN109005034B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599826A (en) * | 2009-07-10 | 2009-12-09 | 陕西理工学院 | Expandable multi-user quantum key distribution network system and method for distributing key thereof |
CN106850204A (en) * | 2017-02-27 | 2017-06-13 | 北京邮电大学 | Quantum key distribution method and system |
CN106961327A (en) * | 2017-02-27 | 2017-07-18 | 北京邮电大学 | Key management system and method based on quantum key pond |
CN107302429A (en) * | 2017-06-27 | 2017-10-27 | 浙江科易理想量子信息技术有限公司 | A kind of network-building method for improving key generating rate |
CN107508671A (en) * | 2017-08-18 | 2017-12-22 | 北京邮电大学 | Service communication method and device based on quantum key distribution |
CN108462573A (en) * | 2018-02-09 | 2018-08-28 | 中国电子科技集团公司第三十研究所 | A kind of flexible quantum safety moving communication means |
Non-Patent Citations (2)
Title |
---|
"Resource Allocation in Optical Networks Secured by Quantum Key Distribution";Yongli Zhao等;《IEEE》;20180814;第130-137页 * |
"基于量子密钥分发的可信光网络体系架构";曹原等;《信息通信技术》;20161215;第48-54页 * |
Also Published As
Publication number | Publication date |
---|---|
CN109005034A (en) | 2018-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107193490B (en) | Distributed data storage system and method based on block chain | |
CN111598186A (en) | Decision model training method, prediction method and device based on longitudinal federal learning | |
CN104486316B (en) | A kind of quantum key graduation offer method for improving electric power data transmission security | |
CA3191453A1 (en) | Transferring cryptocurrency from a remote limited access wallet | |
CN106330573B (en) | FTTH-based method for automatically corresponding terminal and template | |
CN112769550B (en) | Load balancing quantum key resource distribution system facing data center | |
KR102376113B1 (en) | Communication and control system between control device and drone swarm based on blockchain network | |
CN106716968A (en) | Account management method, device and account management system | |
CN110224984A (en) | A kind of multi-party authorization method and device based on block chain technology | |
CN112737776A (en) | Load balancing quantum key resource distribution method facing data center | |
CN111512332A (en) | Topological construction method and system for meeting partition tolerance under alliance chain consensus | |
CN109348434A (en) | A kind of sending method of scene information, sending device and terminal device | |
CN109005034B (en) | Multi-tenant quantum key supply method and device | |
CN110113164A (en) | A kind of IOT device management method and device based on block chain | |
CN109542841A (en) | The method and terminal device of data snapshot are created in cluster | |
CN108713199A (en) | Right management method, system, mobile terminal, shared charging equipment and server | |
CN110868466B (en) | Storage method, system and equipment for distributed storage network | |
CN105281944B (en) | Method for setting network protocol address and service management system | |
CN115314558B (en) | Resource allocation method and device in computing power network, storage medium and electronic equipment | |
CN112468350B (en) | Operation parameter configuration management method and device of power Internet of things | |
CN113987475A (en) | Distributed resource management system, distributed resource management method, credential information management system, and medium | |
CN109740320A (en) | A kind of identity identifying method and terminal device based on block chain | |
CN112241888B (en) | Address management system based on public chain | |
CN116954927B (en) | Distributed heterogeneous data acquisition method, storage medium and electronic equipment | |
CN112787864B (en) | Grouping configuration method and device of power internet of things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |