CN110690961B

CN110690961B - Quantum network function virtualization method and device

Info

Publication number: CN110690961B
Application number: CN201910820377.4A
Authority: CN
Inventors: 陈晖�
Original assignee: Chengdu Liang'an Blockchain Technology Co ltd
Current assignee: Chengdu Liang'an Blockchain Technology Co ltd
Priority date: 2019-09-01
Filing date: 2019-09-01
Publication date: 2022-04-12
Anticipated expiration: 2039-09-01
Also published as: CN110690961A

Abstract

The invention provides a quantum network function virtualization method, which comprises the following steps: each target node of the target network respectively creates a current virtual node state and respectively sends the current virtual node state to one or more target receivers, and the target receivers encapsulate the current virtual node states of all the target nodes and corresponding identifications thereof into a virtual network state or a virtual network state slice. The invention also provides a quantum network function virtualization device. The invention can solve the problems of the quantum network such as the concurrency conflict of the scale quantum link, the large delay of the quantum relay link and the like; the invention has quantum security and high efficiency, can be widely used for quantum networks, and has good application and popularization prospects.

Description

Quantum network function virtualization method and device

Technical Field

The invention relates to the technical field of quantum communication networks and application thereof, in particular to a quantum network function virtualization method and device.

Background

A Quantum node in a Quantum communication network generally consists of a classical communication unit connected to a classical communication network and a Quantum device unit connected to a Quantum Key Distribution (QKD) network. Due to the lack of practical no-landing quantum communication relay technology, quantum trusted relay technology is typically employed in QKD networks. However, the network mode has the problems of high network complexity, concurrent conflict of scale quantum links, large trusted relay delay, difficult trusted security management of relay nodes and the like. The solution of the above problems is of great practical significance to the application and popularization of quantum communication networks, and quantum network virtualization is an innovative route for solving the above problems.

Disclosure of Invention

In order to solve the technical problems in the background art, the present invention provides a quantum network function virtualization method and apparatus. The invention provides a quantum network function virtualization method, which comprises the following steps: each target node of the target network respectively creates a current virtual node state and respectively sends the current virtual node state to one or more target receivers, and the one or more target receivers create an identifier for the current virtual node state of all or a part of the target nodes (for convenience, the current virtual node state of all or a part of the target nodes and the corresponding identifier thereof are hereinafter referred to as a virtual network state); or, further, encapsulating the current virtual node state of all or a part of the target nodes and their corresponding identifications as a data file (for convenience, the data file is hereinafter referred to as a virtual network state slice); wherein the target node comprises: some or all of the relay nodes and serving nodes (or access nodes) in the target network; the virtual node state includes a part or all of a virtual node routing state of the target node, wherein one virtual node routing state includes: and the exclusive OR value of the shared key grouping between the target node and two adjacent target nodes and the corresponding virtual node routing state identification.

Optionally, the method further includes: creating a virtual mapping network of a target network, comprising: a distributed virtual mapping network, or/and a centralized virtual mapping network; the distributed virtual mapping network is characterized in that: each target node creates a virtual node; the centralized virtual mapping network is characterized in that: the third-party server creates a virtual node for each target node; wherein, the virtual mapping network comprises: network link topology information between target nodes; the virtual nodes are used for storing or outputting corresponding virtual node states.

Optionally, the method further includes: creating a virtual link state between any two serving nodes (for convenience, respectively a source node and a sink node) in some or all of the serving nodes in the target network, including: selecting a virtual network state or a virtual network state slice, selecting a key relay link between the source node and the sink node, screening out corresponding virtual node routing data in all virtual node states associated with the key relay link from the virtual network state or the virtual network state slice, calculating an exclusive-or value of all the virtual node routing data, and creating an identifier for the exclusive-or value (for convenience, the exclusive-or value is recorded as virtual link state data, the identifier is recorded as a virtual link state identifier, and the exclusive-or value and the corresponding identifier are recorded as a virtual link state between the source node and the sink node); or, further, encapsulating the virtual link state between any two service nodes in a part or all of the service nodes in the target network or a part of the virtual link state into one or more data files (for convenience, the data files are referred to as virtual link network slices); wherein the virtual node routing data comprises: an exclusive or value of a shared key packet between the target node and two associated neighboring nodes; the virtual link identifier includes: global identification, identification of source node and sink node; the method for selecting a key relay link between a source node and a sink node comprises the following steps: and selecting a key relay link connected with the least relay nodes or randomly selecting a communicable key relay link according to the virtual network routing topology information.

Optionally, the method further includes: the target node performs identity authentication with a neighboring target node or/and a network controller, wherein the identity authentication comprises: CA certificate based authentication or initial root key based authentication.

Optionally, the method further includes: the target node reports topology information of the target node to a network controller or a target receiver, wherein the topology information comprises: identification of the target node, link status between the target node and each neighboring target node.

Optionally, the method further includes: the target node receives a virtualization instruction issued by a network controller or a target receiver, wherein the virtualization instruction is used for indicating any one or more of the following contents: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver and data transmission mode. Optionally, any one or more of the following is determined according to established system policies: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, data structure of virtual network state, data structure of virtual link state, identification of target receiver and data transmission mode.

Optionally, the method further includes: the virtual node states form a virtual node state block chain according to the time sequence; the method for forming the virtual node state block chain comprises the following steps: and creating a block header for the virtual node state, wherein the virtual node state is used as a block body, the block header comprises but is not limited to a block number, a timestamp and a Hash value of the block, and the block number is the same as the global identification or has one-to-one corresponding association.

Optionally, the method further includes: the virtual network state forms a virtual network state block chain according to a time sequence, wherein the method for forming the virtual network state block chain comprises the following steps: and creating a block header for the virtual network state, wherein the virtual network state is used as a block body, and the block header comprises but is not limited to a block number, a timestamp and a Hash value of the block, wherein the block number is the same as the global identification or has one-to-one correspondence relationship.

Optionally, the method further includes: the virtual link network slice block chain is formed by the virtual link network slices according to the time sequence, wherein the step of forming the virtual link network slice block chain comprises the following steps: creating a block header for the virtual link network slice, and using the virtual link network slice as a block body, wherein the block header includes but is not limited to a block number, a timestamp, and a Hash value of the block, and the block number is the same as the global identifier or has a one-to-one correspondence relationship.

Optionally, the method further includes: a method for encapsulating virtual network states or virtual network state slices of two different target networks into a cross-domain interworking virtual network state or virtual network state slice, comprising: if the service node which is accessed into two different target networks simultaneously exists, selecting one service node to take the XOR value and the identification of two corresponding associated shared key groups as a virtual node routing state of a cross-domain intercommunication virtual network state or a virtual network state slice, and forming a cross-domain intercommunication virtual network state or a virtual network state slice together with the virtual network states or the virtual network state slices of the two different target networks; if there is no service node accessing two different target networks at the same time, the trusted third party distributes a shared key packet (for convenience, denoted as Ka and Kb, respectively) to one service node of the two target networks, respectively, and then, one of the service nodes takes the exclusive or value and the identification of the corresponding associated shared key packet and Ka as a virtual node routing state, the other service node takes the exclusive or value and the identification of the corresponding associated shared key packet and Kb as a virtual node routing state, if Ka is different from Kb, the trusted third party takes the exclusive OR value and the identification of Ka and Kb as a virtual node routing state, and the virtual node routing state and the virtual network states or virtual network state slices of the two different target networks form a cross-domain intercommunication virtual network state or virtual network state slice.

Optionally, the method further includes: setting conditions for creating a virtual network state or slice, including: the intended recipient has received the virtual node routing state required to create a virtual quantum link state between any two serving nodes, or has reached a defined time to create a current virtual network state or slice.

Optionally, the method further includes: and marking the freshness of the virtual network state (or/and the virtual link state) according to the generation time or/and the use frequency of the virtual network state (or/and the virtual link state), wherein the freshness is inversely related to the generation time and the use frequency.

Optionally, the method further includes: the intended recipient sends one or more virtual network states (or virtual link network slices) to the virtual link service broker means, or/and the virtual link service means.

Optionally, the method further includes: providing a virtual link service, comprising: sending one or more virtual link states associated with two serving nodes to the two serving nodes or/and an application device served by the two serving nodes, wherein the application device comprises: password application device, agent device of service node, virtual link service agent device.

Optionally, the method further includes: the method comprises the steps of providing a shared key negotiation service, namely, the target receiver sends a virtual link state to two associated service nodes respectively, the two service nodes negotiate to adopt an associated shared key group of one service node as a shared key, correspondingly, the other service node calculates an exclusive OR value of the corresponding associated shared key group stored by the other service node and the virtual link state data and obtains the shared key, or, further, one service node calculates an exclusive OR value of a data group and the shared key and sends the data group to the other service node, and the other service node calculates an exclusive OR value of the exclusive OR value and the shared key and obtains the data group, wherein the data group comprises a random number group or a message group.

The invention also provides a quantum network function virtualization device, which comprises but is not limited to: the node device and the virtualization server device execute any one of the methods described above, wherein the device includes a software module, a hardware module, or an integrated module of software and hardware.

Compared with the conventional QKD network adopting quantum trusted relay technology, the method has the following innovations: the invention realizes the separation of quantum relay link service and the QKD network, does not need to coordinate QKD link resources in real time to carry out quantum key trusted relay, and can effectively solve the problems of concurrent conflict and trusted relay delay of the scale relay link in the QKD network; the quantum relay node does not need to store a quantum key, so that the safety management risk of the quantum relay node is reduced. Therefore, the invention has good application and popularization prospects in the field of quantum communication network scale application.

Drawings

Fig. 1 is a schematic diagram of a quantum network function virtualization method according to an embodiment of the present invention;

fig. 2 is a schematic flow chart of a quantum network function virtualization according to an embodiment of the present invention;

fig. 3 is a schematic diagram of a method for creating a virtual node state by a quantum relay node according to an embodiment of the present invention;

fig. 4 is a schematic diagram of a method for creating a virtual node state by a quantum service node according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a method for creating a virtual link state according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a quantum network function virtualization application network according to an embodiment of the present invention;

fig. 7 is a schematic diagram illustrating a method for negotiating a shared key packet according to an embodiment of the present invention;

fig. 8 is a schematic diagram illustrating another method for negotiating a shared key packet according to an embodiment of the present invention;

fig. 9 is a schematic diagram of a data structure of a shared key packet according to an embodiment of the present invention;

fig. 10 is a schematic diagram of a virtual node routing state identifier according to an embodiment of the present invention;

fig. 11 is a schematic diagram of a virtual node state of a node according to an embodiment of the present invention;

fig. 12 is a schematic diagram illustrating a method for creating a cross-domain interworking virtual network state (or slice) according to an embodiment of the present invention;

fig. 13 is a schematic diagram of a node device for quantum network virtualization according to an embodiment of the present invention;

fig. 14 is a schematic diagram of a virtualization server device for quantum network virtualization according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention and some terms and meanings thereof will be described below.

(1) Target networks to which embodiments of the present invention are applicable include, but are not limited to, any of the following networks: quantum key distribution network, quantum communication network, quantum sensing network, quantum security internet, other networks which adopt a point-to-point single-hop landing forwarding mode for relay transmission; accordingly, target quantum nodes in embodiments of the invention include, but are not limited to: some or all quantum relay nodes in the target quantum network, some or all quantum service nodes (or quantum access nodes) in the target quantum network. The target quantum node in the embodiment of the present invention is suitable for, but not limited to, a target quantum node accessing a target quantum network through a fiber interface and a wireless interface (or a free space interface).

(2) The virtualization in the embodiment of the invention is the electronization or instantiation of the quantum network function, and the electronized or instantiated data can be used by being separated from the physical network to which the electronized or instantiated data belongs.

(3) The target relay node of the embodiment of the invention is a node used as a relay in a target network, or a node which has at least two adjacent nodes on one or more relay links and is used as a relay, wherein the relay node does not store a key which is negotiated between the relay node and the adjacent nodes and is used for virtualizing the function of the target network; serving nodes (or access nodes) refer to other nodes in the target network that are not used for relaying or are not used directly for relaying (in some possible designs, serving nodes may be used for relaying through virtual nodes); in addition, for a specific embodiment of the present invention, the corresponding target network includes the relay node and the serving node included in the above embodiment.

(4) The communication channels involved in embodiments of the present invention for quantum networks include quantum channels and conventional communication network channels, wherein conventional communication network channels are employed for other communication processes except that quantum key distribution between adjacent quantum nodes (an adjacent quantum node refers to two nodes capable of normal point-to-point QKD or quantum communication, the same below) requires occupation of a quantum channel or link, and include, but are not limited to, one or more of wired communication and wireless/mobile/satellite communication channels.

(5) The terms "virtual node routing status", "virtual node status", "virtual network status", "virtual link network status", etc. used in the embodiments of the present invention are only used to mark corresponding data or files, and are not used to limit corresponding data or files, and all schemes that are merely replacing names and have no substantive difference belong to the protection scope of the present invention.

(6) The shared key packet in the embodiment of the invention is shared data with a certain data length. Because different application systems have different requirements on the length of the shared key and the rate of the point-to-point QKD link has a certain difference, the invention does not specially limit the data length of the shared key packet; it is obvious that the data length refers to counting by the same data unit (e.g., bit, byte). In practice, the data length of the shared key packet (e.g., 2048 bits, 100 kbytes, 10 mbytes, 1 gbyte, or any other data length that meets the requirements of the system) may be determined according to the rate of encoding of the QKD system in actual use, the specific requirements of the application system, or future industry standard requirements. It should be clear that, for each virtualization process of the same embodiment, the shared key packets negotiated between all neighboring target nodes have the same data format (including but not limited to data type, data length, and data reading and writing order).

(7) The global identifier in the embodiment of the invention is a virtualized identifier that all nodes in a target network keep consistent, that is, before a virtual node routing state is created, a target quantum relay node and an adjacent target quantum node confirm a negotiated shared key group and a global identifier of the virtual node routing state used for creation, the target quantum relay node and the adjacent target quantum relay node respectively use the negotiated shared key group for creating a virtual node routing state or/and a virtual node state with the same global identifier, and the group identifier of the corresponding shared key group stored by the adjacent target quantum service node is consistent with the global identifier; the global identifier may be used to distinguish different target networks, and may also be used to distinguish different embodiments in the target network; the global identifier may adopt a global number unified in the whole network, or may adopt an identifier combining the target network identifier and the global number.

In order to make the technical solutions and advantages of the present invention clearer, the present invention is described in detail below with reference to the accompanying drawings and specific embodiments.

Fig. 1 is a schematic diagram of a quantum network function virtualization method according to an embodiment of the present invention, including the steps of:

s101: each target node of the target network respectively creates a current virtual node state and respectively sends the current virtual node state to one or more target receivers;

s102: the one or more target receivers create identifiers for the current virtual node states of all the target nodes (for convenience, the current virtual node states of all the target nodes and their corresponding identifiers are hereinafter referred to as a virtual network state); or, further, the current virtual node states of all the target nodes and their corresponding identifications are packaged as a data file (for convenience, the data file is referred to as a virtual network state slice); wherein the target node comprises: some or all of the relay nodes and serving nodes (or access nodes) in the target network; the virtual node state includes a part or all of a virtual node routing state of the target node, wherein one virtual node routing state includes: and the exclusive OR value of the shared key grouping between the target node and two adjacent target nodes and the corresponding virtual node routing state identification.

Fig. 2 is a schematic flow chart of a quantum network function virtualization process according to an embodiment of the present invention, which further illustrates the method; the method comprises the following steps:

s201: the quantum node reports topology information of the corresponding node to a network controller, wherein the topology information includes but is not limited to: the quantum node identification and the link state between the quantum node and each adjacent quantum node;

s202: the network controller issues a virtualization instruction, that is, the network controller issues the virtualization instruction to the quantum node, where the virtualization instruction is used to indicate: global identification, data format of sharing quantum key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver and data transmission mode;

s203: negotiating quantum key groups with adjacent nodes, namely, respectively negotiating a shared quantum key group with each adjacent target quantum node by the quantum nodes;

s204: each quantum node respectively creates a virtual node state;

s205: each quantum node respectively sends the corresponding virtual node state to a target receiver;

s206: the target recipient creates a virtual quantum network state.

In the above embodiments, the creating of the virtual node states by the quantum nodes respectively includes a schematic diagram of a method for creating a virtual node state by a quantum relay node provided in the embodiment of the present invention shown in fig. 3, and a schematic diagram of a method for creating a virtual node state by a quantum service node provided in the embodiment of the present invention shown in fig. 4.

The method for creating the virtual node state by the quantum relay node provided by the embodiment of the invention comprises the following steps (as shown in fig. 3): s301: respectively negotiating a shared quantum key group with each of n adjacent target nodes (wherein n is a natural number greater than 1 and not greater than the number of all nodes adjacent to the relay node);

s302: calculating the xor value of any two of the shared quantum key packets and creating a corresponding identifier (for convenience, the xor value is hereinafter referred to as virtual node routing state data, the identifier is referred to as a virtual node routing state identifier, and the xor value and the corresponding identifier are referred to as a virtual node routing state), creating C (n,2) virtual node routing states (that is, creating virtual node routing state identifiers for all the C (n,2) virtual node routing states, respectively), and deleting the n shared quantum key packets;

s303: a node identifier is created for the C (n,2) virtual node routing states (for convenience, the node identifier is hereinafter referred to as a virtual node state identifier, and the C (n,2) virtual node routing states and their corresponding node identifiers are hereinafter referred to as a virtual node state). Optionally, in another possible embodiment, the C (n,2) virtual node routing statuses and their corresponding node identifications may be further encapsulated as a data file, and the data file is taken as a virtual node status; the data file includes but is not limited to a data list file or a database file, and a certain or some virtual node routing state can be quickly acquired by accessing the data file.

The method for creating the virtual node state by the quantum service node provided by the embodiment of the invention comprises the following steps (as shown in fig. 4): s401: negotiating a shared quantum key packet with each of m adjacent destination nodes, respectively (where m is a natural number greater than 0);

s402: creating virtual relay nodes, generating a random number group, respectively calculating the exclusive or value of any two shared quantum key groups in the (m +1) shared quantum key groups, creating an identifier, and creating C (m +1,2) virtual node routing states; that is, the random number packet is used as one shared quantum key packet between the virtual relay node and the service node, m adjacent target nodes and the service node are used as (m +1) adjacent target nodes of the virtual relay node, the exclusive or value of any two shared quantum key packets in the (m +1) shared quantum key packets is calculated, and a corresponding identifier is created (for convenience, the exclusive or value is hereinafter referred to as virtual node routing state data, the identifier is referred to as virtual node routing state identifier, and the exclusive or value and the corresponding identifier are referred to as a virtual node routing state);

s403: creating node identifiers for the routing states of the C (m +1,2) virtual nodes (for convenience, the node identifiers are referred to as virtual node state identifiers hereinafter, and the node identifiers and the corresponding routing states of the C (m +1,2) virtual nodes are referred to as a virtual node state); the random number packet is stored safely, wherein the random number packet and the shared quantum key packet have the same data format; alternatively, in another possible embodiment, the C (m +1,2) virtual node routing statuses and their corresponding node identifications may be encapsulated as a data file, and the data file may be used as a virtual node status. The data file includes, but is not limited to, a data list file, or a database file, and a certain or some virtual node states can be quickly acquired by accessing the data list file.

In one possible design, the network controller may determine and issue the virtualization instruction according to a request of the target recipient.

In one possible design, in the above embodiment, a limited time for receiving the routing state of the virtual node is set, and if the routing state of the corresponding virtual node of the one or some quantum nodes is not received within the limited time, a retransmission instruction is issued to the corresponding one or some quantum nodes, or if the corresponding one or some quantum nodes are confirmed to be abnormal, the corresponding one or some quantum nodes are rejected from the target quantum node of the target quantum network.

In a possible design, in the above embodiment, a target quantum node in a target quantum network is selected according to topology information reported by a node, and if some selected target quantum node has an abnormal condition or reports topology information of the node on time or sends a virtual node routing state, the target quantum node is rejected out of the target quantum node in the target quantum network.

Fig. 5 is a schematic diagram of a method for creating a virtual quantum link state according to an embodiment of the present invention, that is, creating a virtual quantum link state between all any two quantum service nodes (for convenience, respectively denoted as a source node and a sink node) in a part of or all quantum service nodes in a target quantum network, where the method includes: s501: selecting a virtual quantum network state or a virtual network state slice; s502: selecting a quantum key relay link between a source node and a sink node, screening out corresponding virtual node routing data in all virtual quantum node routing states associated with the quantum key relay link from the virtual quantum network state or virtual network state slice, calculating an exclusive-or value of the all virtual node routing data, and creating a virtual quantum link state identifier for the exclusive-or value (for convenience, the exclusive-or value is recorded as virtual quantum link state data, and the virtual quantum link state identifier and the corresponding exclusive-or value thereof are recorded as a virtual quantum link state between the source node and the sink node); s503: encapsulating virtual quantum link states between any two quantum service nodes in a part or all of quantum service nodes in a target quantum network into one or more data files (for convenience, the data files are recorded as virtual quantum link network slices); the data file includes but is not limited to a data list file or a database file, and a certain or some virtual link states can be rapidly acquired by accessing the data file; the virtual quantum link state identifiers include, but are not limited to: global identification, identification of source node and host node, and check value of the virtual link state data; the method for selecting a quantum key relay link between a source node and a sink node includes but is not limited to: and selecting a quantum key relay link connected with the least quantum relay node according to the virtual quantum network routing topology information, and randomly selecting a communicable quantum key relay link.

The application method of the foregoing embodiment of the present invention is further described with reference to the application embodiment of the quantum network function virtualization method provided in the embodiment of the present invention shown in fig. 6. As shown in fig. 6, the target quantum nodes in the target quantum network include 5 service nodes (S1, S2, S3, S4, and S5) and 5 relay nodes (R1, R2, R3, R4, and R5) in fig. 6, assuming that the shared quantum key negotiated between S1 and R1 is grouped into Ks1R1 in the primary quantum network function virtualization flow; the shared quantum key negotiated between R1 and R2 is grouped as Kr1R2, and the shared quantum key negotiated between R1 and R5 is grouped as Kr1R 5; the shared quantum key negotiated between R2 and R3 is grouped as Kr2R 3; the shared quantum key negotiated between R3 and R4 is Kr3R4, the shared quantum key negotiated between R3 and R5 is Kr3R5, and the shared quantum key negotiated between R3 and S3 is Kr3S 3; the shared quantum key negotiated between S4 and R5 is grouped as Ks4R 5; the shared quantum key negotiated between R4 and S2 is grouped as Kr4S 2; the shared quantum key negotiated between R4 and S5 is grouped as Kr4S 5; s1, S2, S3, S4, and S5 generate random number groups RKs1, RKs2, RKs3, RKs4, and RKs5, respectively.

The corresponding virtual network states include: the virtual node routing states of R1 include (Ks1R1 ≧ Kr1R2), (Ks1R1 ≦ Kr1R5), (Kr1R2 ≦ Kr1R 5); the virtual node routing state of R2 includes (Kr1R2 ≦ Kr2R 3); the routing states of 6 virtual nodes of R3 include (Kr2R3 ≧ Kr3R4), (Kr2R3 ≧ Kr3s3), (Kr2R3 ≦ Kr5R3), (Kr5R3 ≦ Kr3R4), (Kr5R3 ≦ Kr3s3), and (Kr3s3 ≦ Kr3R 4); the virtual node routing states of R4 include (Kr3R4 ≧ Kr4s2), (Kr3R4 ≦ Ks5R4), (Kr4s2 ≦ Ks5R 4); the virtual node routing states of R5 include (Ks4R5 ≧ Kr1R5), (Ks4R5 ≦ Kr5R3), (Kr1R5 ≦ Kr5R 3); the virtual node routing state of S1 includes (RKs1 ≧ Ks1r1), the virtual node routing state of S2 includes (RKs2 ≧ Ks2r4), the virtual node routing state of S3 includes (RKs3 ^ Ks3r3), the virtual node routing state of S4 includes (RKs4 ^ Ks4r5), and the virtual node routing state of S5 includes (RKs5 ^ Ks5r 4).

In one possible design, since R2 is an optional relay node, the virtual network state may not include the virtual node routing state of R2, or R2 may not be the target relay node.

In one possible design, a respective virtual link network slice may be created that may include virtual link states between any two of S1, S2, S3, S4, and S5, e.g., between S1 and S2:

VQL_s1s2=(RKs1⊕Ks1r1)⊕(Ks1r1⊕Kr1r2)⊕(Kr1r2⊕Kr2r3)⊕(Kr2r3⊕Kr3r4)⊕

(Kr3r4⊕Kr4s2)⊕(RKs2⊕Ks2r4)=RKs1⊕RKs2；

virtual link state between S1 and S3:

VQL_s1s3=(RKs1⊕Ks1r1)⊕(Ks1r1⊕Kr1r2)⊕(Kr1r2⊕Kr2r3)⊕(Kr2r3⊕Kr3s3)⊕

(RKs3 ≦ Ks3r3) = RKs1 ≦ RKs 3; the other (C (5,2) -2) virtual link states may be calculated in a similar manner.

It should be clear that the above-mentioned identification of the shared quantum key packet has symmetry, i.e. Krirj = Krjri, and the identification of the virtual link state also has similar symmetry, e.g. VQL _ sisj = VQL _ sjsi.

In one possible design, the virtual network state may not include the virtual node routing state of S1, S2, S3, S4, and S5, and the corresponding virtual link state becomes the exclusive or value of the associated two shared quantum key packets, e.g., the virtual link state between S1 and S2:

VQL_s1s2=(Ks1r1⊕Kr1r2)⊕(Kr1r2⊕Kr2r3)⊕(Kr2r3⊕Kr3r4)⊕(Kr3r4⊕Kr4s2)

= Ks1r1 ≧ Kr4s2, and other virtual link states can be calculated in the same manner.

In one possible design, S1, S2, S3, S4, and S5 in the above embodiments may send the corresponding virtual node routing state in an encryption mode.

In one possible design, C (5,2) =10 virtual link states between 5 service nodes in the above embodiment may be encapsulated into multiple subnet slices; for example, a subnet slice may be packaged as a virtual link network slice including virtual link states between any two nodes of S1, S2, and S3, a subnet slice including a virtual link network slice including virtual link states between any two nodes of S3, S4, and S5.

In one possible design, the target quantum node may include a part of the service nodes (a combination of any number of S1, S2, S3, S4, S5) and a part or all of the relay nodes (a part or all of R1, R2, R3, R4, and R5) in fig. 6, and create corresponding virtual network states or/and virtual link network slices using the above method.

In another possible design, the target network may be planned into a plurality of target network embodiments including different target service nodes according to different service requirements, and a virtual link network slice may be created for each target network embodiment.

In one possible design, the virtualization server or third party server sends the virtual link state VQL _ S1S2 to S1 and S2, respectively, S1 and S2 may negotiate a shared key based on VQL _ S1S2, i.e., S1 may compute: rk _ a ≦ RKs1 ≦ VQL _ s1s2 ≦ rk _ a ≦ RKs1 ≦ RKs1 ≦ RKs2 ≦ rk _ a ≦ RKs 2; and sending to S2, S2 calculating: RKs2 ≦ rk _ a ≦ RKs2 ≦ rk _ a; that is, the sharing of rk _ a between S1 and S2 is achieved. Additionally, in another possible design, S1 and S2 may also negotiate to use RKs1 or RKs2 as shared key, e.g., if S1 and S2 negotiate to use RKs1 as shared key, S2 calculates VQL _ S1S2 ═ RKs2 ═ RKs 1.

In one possible design, the virtualization server or the third party server sends the virtual link network slice to any combination of S1, S2, S3, S4, and S5, respectively, such as: sending to S1, S2, and S3, S1, S2, and S3 negotiating to adopt an associated shared quantum key group (i.e., the above corresponding random number group) of one of the quantum service nodes as a group shared key, the other quantum service nodes obtaining the associated shared quantum key group based on the virtual link network slice, and S1, S2, and S3 respectively injecting the associated shared quantum key group into the associated encryption device; for example, assuming that S1 and the associated shared quantum key group RKs1 of the above virtual link network slice are selected as the group shared key, S2 calculates RKs2 ≦ VQL _ S1S2 ≦ RKs 1; s3 calculates RKs3 ≧ VQL _ S1S3= RKs 1; namely, key sharing between one quantum service node and other quantum service nodes can be realized based on one virtual link network slice, and the method can be used for periodically replacing shared keys for intercommunication among a plurality of encryption devices. Obviously, in another possible design, the above method may be used to negotiate a shared key between any two quantum service nodes.

In one possible design, a virtualization server or a third-party server sends the virtual link network slice to a combination of any more than one of S1, S2, S3, S4, and S5, respectively, where a quantum service node (denoted as a source node) selects a virtual quantum link network state or slice, encrypts target data of the source node using a shared quantum key group (i.e., the corresponding random number group) associated with the virtual quantum link network state or slice to obtain a ciphertext, creates a ciphertext identifier for the ciphertext, and discloses the ciphertext and the ciphertext identifier thereof; other quantum service nodes respectively calculate the exclusive or value of corresponding virtual quantum link state data and corresponding associated shared quantum key groups of corresponding quantum service nodes based on the virtual quantum link network state or the slice, obtain the associated shared quantum key groups of the source nodes, decrypt the ciphertext by using the associated shared quantum key groups and obtain target data sent by the source nodes; for example, the source node S1 encrypts a data R using RKs1, that is, RKs1 ≧ R is calculated and sent to S2 and S3, respectively;

s2 calculates RKs2 ≦ VQL _ S1S2 ≦ RKs1 ≦ R = RKs2 ≦ RKs1 ≦ RKs2 ≦ RKs1 ≦ R = R;

s3 calculates RKs3 ≦ VQL _ S1S3 ≦ RKs1 ≦ R = RKs3 ≦ RKs1 ≦ RKs3 ≦ RKs1 ≦ R = R;

the ciphertext identifier includes, but is not limited to: identification of virtual quantum link network state or slice, identification of source node and encryption mode; encryption methods include, but are not limited to, exclusive-or encryption using a symmetric cryptographic algorithm; the target data includes, but is not limited to, any one or more of the following: message grouping, random key data, sensing data, audio and video monitoring data, calculation data and data files.

Further, in one possible design, any one or more of the above S1, S2, S3, S4, and S5 may respectively transmit random number packets associated with one or more virtual quantum link network states or slices to other proxy devices, and the above method may be employed between proxy devices or between proxy devices and other quantum service nodes to negotiate shared keys or to share secure data.

Further, in one possible design, if a point-to-point quantum key distribution link exists between two target quantum service nodes in a certain embodiment, any one of the quantum service nodes may not have the other quantum service node as an adjacent target node.

Further, in a possible design, on the basis of any one of the above embodiments, the method may further include: creating a virtual mapping network of a target quantum network, comprising: distributed virtual mapping networks, centralized virtual mapping networks; the distributed virtual mapping network is characterized in that: each target quantum node creates a virtual quantum node; the centralized virtual mapping network is characterized in that: the third-party server creates a virtual quantum node for each target quantum node; wherein, the virtual mapping network further comprises: network link topology information between target quantum nodes; the virtual quantum nodes are used for storing or outputting corresponding virtual node states or virtual node routing states. Further, in another possible design, a quantum key relay link between two quantum service nodes (respectively referred to as a source node and a sink node) may be further selected, each virtual quantum node on the quantum key relay link transmits virtual routing data with the same global identifier to a quantum service node or a third-party server, the quantum service node or the third-party server performs an exclusive-or operation on the virtual routing status data of each target quantum node with the same global identifier, and the quantum service node and another associated quantum service node may negotiate a shared key based on the result of the exclusive-or operation and may further be used for data encryption communication between the quantum service node and the other associated quantum service node.

Further, in a possible design, on the basis of the foregoing embodiment, the method may further include: carrying out correctness verification on the virtual link state, comprising the following steps: and if the two data digests are the same, the correctness verification is passed, or the two target quantum service nodes respectively send the two data digests to a third party, and the third party compares the two data digests, and if the two data digests are the same, the correctness verification is passed.

Further, in one possible design, the C (n,2) virtual link states and their identifications may be packaged as a data file, which is recorded as a virtual link network slice; wherein the virtual link network slice identifier includes but is not limited to: a target quantum network identification, a global identification, a number of virtual link states.

Further, in one possible design, in any of the above embodiments, any one or any plurality of the following may be determined according to a given system policy: the method comprises the steps of global identification, data format of a shared quantum key grouping, data structure of a virtual node routing state, data structure of a virtual node state, data structure of a virtual network state, data structure of a virtual quantum link state, identification of a target receiving party and a data transmission mode.

Further, in a possible design, on the basis of any of the above embodiments, the freshness of the virtual network state/slice (or virtual link state/slice) may be labeled according to the generation time or/and the usage frequency of the virtual network state/slice (or virtual link state/slice), wherein the freshness is inversely related to the generation time or the usage frequency.

Further, in a possible design, on the basis of any of the above embodiments, one or more virtual network states or virtual link network slices may also be sent to the virtual link service agent apparatus, or/and the virtual link service apparatus.

Further, in a possible design, on the basis of any of the foregoing embodiments, a virtual link service may also be provided, that is, one or more virtual link statuses associated with two service nodes are sent to the two service nodes or/and application devices served by the two service nodes, where the application devices include, but are not limited to: password application device, agent device of service node, virtual link service agent device.

In any of the above embodiments, a real-time sharing method, or a pre-caching method may be used to negotiate a shared quantum key group or a shared quantum key group; the real-time sharing method comprises the following steps: the target quantum node negotiates a certain amount of shared quantum keys with adjacent target quantum nodes, takes the certain amount of shared quantum keys as a shared quantum key group and creates a group identifier; alternatively, the method for negotiating a shared quantum key packet according to the embodiment of the present invention shown in fig. 7 includes the following steps: s701: the target quantum node negotiates a certain amount of shared quantum keys with the adjacent target quantum nodes; s702: the target quantum node and the adjacent target quantum node respectively divide the shared quantum key into one or more groups by adopting the same data format, and carry out randomness test on each group by adopting the same randomness test method; s703: taking a group passing the randomness test as a shared quantum key group and creating a group identifier;

the foregoing precaching method includes (another method for negotiating a shared quantum key packet according to the embodiment of the present invention shown in fig. 8): s801: the target quantum node negotiates a certain amount of shared quantum keys with the adjacent target quantum nodes; s802: respectively dividing the shared quantum key into one or more groups by adopting the same data format, performing randomness test on each group by adopting the same randomness test method, caching each group which passes the randomness test and respectively creating a group identifier;

s803: and negotiating with the adjacent target quantum nodes to respectively select one group with the consistent or same group number from the cached groups as a shared quantum key group.

The negotiating a quantum of shared quantum keys includes, but is not limited to: sequentially negotiating with a plurality of adjacent target quantum nodes to share a quantum key, or simultaneously negotiating with the plurality of adjacent target quantum nodes to share the quantum key, or negotiating with the corresponding adjacent target quantum nodes to share the quantum key according to a virtualization instruction; the negotiation shared quantum key can occupy the whole bandwidth of the quantum key distribution channel or only occupy part of the bandwidth of the whole quantum key distribution channel.

In a possible design, the negotiating a shared quantum key packet may further include: consistency check, wherein the consistency check includes but is not limited to: respectively calculating a data abstract or a Hash value of a shared quantum key group by the target quantum node and the adjacent target quantum node, if the two data abstracts or Hash values are different, the two data abstracts or Hash values cannot pass consistency check, and renegotiating; otherwise, passing consistency check and successfully negotiating a shared quantum key packet.

Further, in a possible design, on the basis of any one of the above embodiments, the method may include: before the virtual node routing state is created, the target node and the adjacent target node confirm the negotiated shared key group and the global identification of the virtual node routing state used for creation, and the target node and the adjacent target node respectively use the negotiated shared key group for creating the virtual node routing state with the same global identification.

Further, in a possible design, on the basis of any one of the above embodiments, the method may include: and after the quantum relay node finishes C (n,2) virtual node routing states, destroying the n shared quantum key groups, or after all virtual node routing state data needing to participate in calculation of one shared quantum key group are finished, namely destroying the shared quantum key group.

It should be understood that the specific use or method of use of any one or more of the following as indicated by the virtualization instructions includes: the global identifier can be used for distinguishing different target quantum networks and different embodiments in the target quantum networks, can adopt a global number unified by the whole network, and can also adopt an identifier combining the target quantum network identifier and the global number; the data format of the shared quantum key packet includes but is not limited to data type, data length and data reading and writing sequence; the data structure of the virtual node routing state includes, but is not limited to, the content of the virtual node routing state identifier and its ordering relationship, which is adopted in one embodiment; the identification of the target receiver is used for determining the ID of the receiver; the data transmission mode is used for determining whether an encryption mode or a non-encryption mode is adopted.

It is obvious that the method steps of any of the above embodiments can be recombined to give new embodiments having the same application properties as the method of the present invention. Therefore, methods based on simple combinations of the above method steps and content adaptation fall within the scope of the present invention.

The shared quantum key packet or the shared key packet in the above embodiments includes, but is not limited to: group identification, shared quantum key data (shared quantum key with group length); the data structure of the shared quantum key grouping identifier may adopt: the grouping number, the ID of the current node and the ID of the adjacent target quantum node are equivalent, and the ID of the current node and the ID of the adjacent target quantum node can be replaced by the link identifiers of the current node and the adjacent target quantum node; wherein, the ID can also adopt other identifiers which can uniquely identify the corresponding nodes; the packet number may be a local number or a global number, in which case, when a certain shared quantum key packet is used to create a virtual node routing state, the corresponding local number is changed to the global number of the corresponding virtual node routing state.

Optionally, a new shared quantum key grouping or grouping identification embodiment may be obtained by adding any one or any plurality of the following content options: data format, check information and time stamp, wherein the check information can be data digest (or Hash value) or MAC code of the shared quantum key packet; the content of the data format includes any one or any plurality of the following: data type (e.g., using binary, 16-ary storage), data length, and data read and write order.

Further, as an example, fig. 9 shows a schematic diagram of a data structure of a shared quantum key packet according to one possible embodiment of the present invention, that is, the data structure includes: grouping number, current node ID, adjacent node ID, data length, check information and quantum key data; the data length may be the data length of the quantum key data, or the data length of the entire shared quantum key packet; the check information may be a quantum key data digest (or Hash value) or a MAC code.

The virtual node routing state in the above embodiments includes, but is not limited to: virtual node routing state identification, virtual node routing state data (i.e., the exclusive or value of the shared quantum key packet between the current node and two neighboring nodes). Fig. 10 shows a virtual node routing state identifier provided in an embodiment of the present invention, where the content of the virtual node routing state identifier includes, but is not limited to: global number, current node ID1, neighbor ID2, neighbor ID3 (or, routing identifiers of the previous neighbor and the next neighbor connecting the current node with the current node).

The content of the virtual node status identifier in the above embodiment includes but is not limited to: global number, current node ID1, virtual node routing state number; the number of routing states of the virtual nodes can be obtained by calculating the number of the adjacent nodes, so that the number of routing states of the virtual nodes can be replaced by the number of the adjacent nodes, and a new embodiment is obtained.

On the basis of the above embodiments, a plurality of new embodiments can be obtained by adding any one or more of the following options to the virtual node state identifier (or virtual network state identifier): an identifier of the target network for distinguishing different target networks; a local identifier for distinguishing routing states of a plurality of virtual nodes having the same global identifier (or for distinguishing states of a plurality of virtual nodes having the same global identifier); the verification information is used for verifying the integrity of the virtual node state (or the virtual network state), and comprises a data abstract, a Hash value or an MAC code of corresponding data; digitally signing, namely digitally signing the virtual node state (or the virtual network state) by adopting a digital signature algorithm; a timestamp for recording the creation time of the virtual node state (or virtual network state); a data digest (or Hash value) of a current virtual node state (or virtual network state), a data digest (or Hash value) of a previous virtual node state (or virtual network state), or a data digest (or Hash value) of a current and a previous virtual node state (or virtual network state), wherein the digitally signed private key for a virtual node routing state cannot be illegally accessed or derived.

Further, in one possible design, the above-described private key for digital signature cannot be illegally accessed or derived.

In a possible design, an identifier type may be further added to the various identifiers in the above embodiments, and the identifier type is used to distinguish a virtual routing state identifier, a virtual node state, a virtual network state, and a virtual link state.

Further, in a possible design, based on the embodiments shown in fig. 1 and fig. 2, the virtual node state block chain may be created in time sequence, where the method for forming the virtual node state block chain includes, but is not limited to: and creating a block header for the virtual node state, wherein the virtual node state is used as a block body, and the block header comprises but is not limited to a block number, a timestamp and a Hash value of the block, wherein the block number is the same as the global identification or has one-to-one correspondence relationship.

Further, in a possible design, based on the embodiment shown in fig. 1, fig. 2, or fig. 5, the virtual network state block chain may be formed in time sequence, where the method for forming the virtual network state block chain includes, but is not limited to: and creating a block header for the virtual network state, wherein the virtual network state is used as a block body, and the block header comprises but is not limited to a block number, a timestamp and a Hash value of the block, wherein the block number is the same as the global identification or has one-to-one correspondence relationship.

Further, in a possible design, based on the embodiment shown in fig. 1, fig. 2, or fig. 5, the virtual link state block chain may be formed in time sequence, where the forming of the virtual link state block chain includes but is not limited to: and creating a block header for the virtual link state, wherein the virtual link state is used as a block body, and the block header comprises but is not limited to a block number, a timestamp and a Hash value of the block, wherein the block number is the same as the global identification or has one-to-one correspondence relationship.

The storage in the above embodiments includes, but is not limited to, any one or more of the following options: the method comprises the following steps of local storage, cloud storage and server-side storage, wherein the local storage method comprises but is not limited to: storing the virtual node routing state or/and the virtual node state in a memory of the target node device (wherein the memory includes but is not limited to a local memory or a network storage space), and sending the virtual node routing state identification or/and the virtual node state identification to the server; cloud storage methods include, but are not limited to: storing the virtual node routing state (or virtual node routing state data) or/and the virtual node state on a cloud storage space; server-side storage includes, but is not limited to: and sending the routing state of the virtual node or/and the state of the virtual node to one or more servers for storage.

The outputting or sending in the above embodiments includes, but is not limited to, any one or both of the following options: real-time sending and passive response sending; wherein, real-time transmission includes but is not limited to: outputting the created virtual node routing state or/and the virtual node state to a memory of a target node device or/and a third party server or/and a target receiver indicated by a virtualization instruction in real time; passive response transmission includes, but is not limited to: and outputting the routing state of the virtual node with the specific number or/and the state of the virtual node to the memory of the target node device or/and a third-party server or/and a target receiver indicated by the virtualization instruction according to the virtualization instruction.

Further, in one possible design, the outputting or sending in the above embodiment may be an encrypted transmission, the encrypted transmission including any one or more of the following options: the encryption transmission is carried out by adopting a symmetric cryptographic algorithm, the encryption transmission is carried out by adopting an asymmetric cryptographic algorithm, and the encryption transmission is carried out by adopting a tunnel mode or a transmission mode of VPN.

The server in the above embodiments may include, but is not limited to, any one or any plurality of the following options: the system comprises a network management device, a network virtualization management device, a service node device, a cloud storage service device and a block chain accounting node device.

The target recipient in the above embodiments may include, but is not limited to, any one or any plurality of the following options: the system comprises a network management device, a network virtualization management device, a service node device, a cloud storage service device and a block chain accounting node device.

The method of creating a virtual node routing state provided by embodiments of the present invention is further described below for a relay node with 3 target neighboring nodes (relay node R with 3 target neighboring nodes A, B and C; if comparing the embodiments shown in fig. 6, R may correspond to R5, A, B and C may correspond to R1, R3 and S4, respectively) in fig. 6. Assuming that the relay node R and 3 neighboring nodes A, B and C respectively adopt the above method to negotiate and adopt the shared quantum key groups Kra, Krb and Krc; generating C (3,2) =3 virtual node routing states (a schematic diagram of virtual node routing states of one relay node provided by the embodiment of the present invention shown in fig. 11, including virtual node routing states VRS0, VRS1 and VRS 2) based on the above-mentioned 3 shared quantum key packets, where the node identities include an ID identity 1101 (i.e., ID _ R) of the target quantum relay node, a global number 1102 (i.e., 000123), a number 1103 (i.e., 3) of virtual node routing states, a data length 1104 (i.e., 3 × 1MB, a data length of each virtual node routing state is 1 MB), a data type 1105 (i.e., 16-ary), and the virtual node routing states (i.e., state data in fig. 11) include an ID identity 1106 of the target quantum relay node, an ID identity 1107 of the first neighboring node, an ID identity 1108 of the second neighboring node, virtual node routing state data 1109, and a data length, Data digest of virtual node routing state 1110, local number of virtual node routing state 1111.

The relay node R creates the virtual node state and comprises the following steps: the relay node R negotiates a shared quantum key packet with A, B and C respectively by using the real-time sharing method or the pre-caching method, for example: negotiating a 1MB key, and taking the key as a shared quantum key group after creating a group identifier and integrity check information; or negotiating with the adjacent node to share the quantum key, processing the quantum key into one or more quantum key groups by using a key preprocessing method, caching the quantum key groups, and negotiating with the adjacent node to select one quantum key group with the same group number from the cached quantum key groups; for example: negotiating a 10MB key at a time, dividing the key into 10 groups, respectively carrying out randomness tests, respectively creating a group identifier and integrity check information for each group passing the randomness tests, and taking the group identifier and the integrity check information as a shared quantum key group after the group identifier and the integrity check information are created; obtaining a global number of a current virtual node routing state (1102 in fig. 11), wherein R and A, B, C respectively negotiate a shared quantum key packet (Kra, Krb, and Krc), and R and A, B, C respectively confirm the global number of the Kra, Krb, and Krc and the virtual node routing state used for creation (e.g., 1102 in fig. 11); r creates 3 virtual node routing states (i.e., VRS0, VRS1, and VRS2 using Kra, Krb, and Krc, where VRS0 ═ (0, ID _ R, ID _ a, ID _ B, Kra ≦ Krb, Hash (Kra ≦ Krb)), and the like), destroys Kra, Krb, and Krc; the VRS0, the VRS1 and the VRS2 are packaged into a virtual node routing state respectively, and the 3 virtual node routing states are stored or output or stored and output.

In one possible design, the virtual node state shown in fig. 11 may be packaged as a database file, from which global number 1102 and local number 1111 may uniquely determine a virtual node routing state.

Additionally, since there is a correlation between VRS0, VRS1, and VRS2, i.e., where the exclusive-or value of any two virtual node routing state data is equal to the third virtual node routing state data, e.g., VRS0 VRS1 VRS2, in one possible design, the relay node may create (C (n,1) -1) virtual node routing states. Similar applicable features are substantially equivalent and are intended to fall within the scope of the present invention.

It should be clear that, in any of the above embodiments, for a certain quantum network function virtualization, each target quantum node uses the same data format and data structure, including but not limited to using the same shared key packet length, data type, data high-low order, the same identification content, and its ordering manner.

Although the present invention has described the data structure of the above-mentioned shared key packet and virtual node routing state (which may include content options of the target data and its identification and its ordering, data type, data length, etc.), it is contemplated that the elements or variables in the above-mentioned data structure may be randomly combined and do not significantly affect the application performance; in addition, it is obvious that if a certain element or variable (for example, a storage type, a data length) in a certain data structure is used as a global variable, the corresponding data format may not include the variable, and therefore, the present invention does not specifically limit the position ordering relationship of the element or variable in the data structure, nor does it limit the implementation manner of the certain element or variable; in addition, with similar considerations, the present invention does not specifically limit the position ordering relationship of elements or variables in the data format, nor the implementation of a certain element or variable. Methods obtained by randomly combining or adjusting the positions of the elements in the data structure also fall within the scope of the present invention. Obviously, some content options in the above virtual node routing state (or virtual node routing state) identification can be used as part of the corresponding virtual node routing state (or virtual node routing state) data in possible designs, and such similar possible designs also fall within the scope of the present invention.

Fig. 12 is a schematic diagram of a method for creating cross-domain interworking virtual network states (or slices), according to an embodiment of the present invention, where a serving node a in a first target network stores a shared key packet Kax associated with one virtual network state, and a serving node B in a second target network stores a shared key packet Kby associated with another virtual network state, and since the two virtual network states are completely isolated, cross-domain interworking cannot be performed; in order to realize cross-domain intercommunication, a trusted third party C distributes shared key groups Ka and Kb for A and B respectively, A calculates Kax ^ Ka and creates a corresponding virtual node routing state identifier; b, calculating Kby ≧ Kb and creating a corresponding virtual node routing state identifier; c calculates Ka ≦ Kb and creates a corresponding virtual node routing state identifier (obviously, if Ka is the same as Kb, Ka ≦ Kb =0, so corresponding calculation may not be performed or the virtual node routing state may not be defaulted); the three virtual node routing states are combined with the two virtual network states (or slices) to form a cross-domain interworking virtual network state (or slice).

In one possible design, if there are service nodes accessing two different target networks simultaneously, one of the service nodes is selected to use the xor value and the identifier of its corresponding two associated shared key packets as a virtual node routing state of a cross-domain interworking virtual network state or virtual network state slice, and a cross-domain interworking virtual network state or virtual network state slice is formed together with the virtual network states or virtual network state slices of the two different target networks. For example, assuming a and B in fig. 12 are the same serving node, and Kax and Kby are shared key packets associated with respective virtual network states of target network one and target network two, respectively, then a calculates Kax ≦ Kby and creates a respective virtual node routing state identifier; the virtual node routing state is formed into a cross-domain interworking virtual network state together with the corresponding two virtual network states.

In one possible design, the cross-domain interworking virtual network state may be encapsulated as a cross-domain interworking virtual network state slice. Further, in one possible design, a cross-domain interworking virtual link network slice may also be created.

Fig. 13 is a schematic diagram of a node device for virtualizing quantum network functions according to an embodiment of the present invention, where the node device includes:

a transceiver: including various interface modules, for example, a transceiver as shown in fig. 13 may include interface module 1301, interface module 1302; the interface module 1301 is configured to report topology information of the quantum node to the virtualization server 1307 and receive a virtualization instruction; and is also used to send the virtual node routing status or/and the virtual node status to the virtualization server 1307;

the data processing unit 1303: for negotiating shared key packets with the neighboring quantum nodes 1306, or/and, creating virtual node routing states, or/and, also for creating virtual node states; optionally, the quantum key distribution unit 1305 is further configured to obtain the quantum key;

node virtualization unit 1304: storage and output management for virtual node routing states or/and virtual node states; wherein, the virtual node routing state comprises: the exclusive or value and the corresponding identification of the shared key group between the target quantum node and two adjacent target quantum nodes;

the virtual node states include: routing states and corresponding identifications of a part of or all of virtual nodes of the target quantum nodes; the virtualization instructions are for indicating any one or more of the following: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver and data transmission mode; the topology information includes: identification of the node, link state between the node and each adjacent target quantum node.

Fig. 14 is a schematic diagram of a virtualization server device for virtualizing quantum network functions according to an embodiment of the present invention, where the virtualization server device includes: including a processor 1401, memory 1402, transceiver 1403, and optionally, a bus 1404 and a communication interface 1405. A memory 1402 for storing programs and instructions; a processor 1401, configured to execute, by calling the program and the instruction stored in the memory: the method is used for executing the following steps by calling programs and instructions stored in the memory: packaging the current virtual node states and corresponding identifications of all target quantum nodes into a virtual network state or slice, or/and packaging the virtual link states between any two quantum service nodes in a part of or all quantum service nodes in the target network into a virtual link network slice; the transceiver 1403 is configured to send a quantum network virtualization request to the network controller, receive a virtual node state of the target quantum node, optionally, further configured to receive topology information of the corresponding node reported by the target quantum node, further configured to obtain a virtualization request, and send a virtualization instruction corresponding to the virtualization request to each target quantum node, so that each target quantum node negotiates a shared quantum key according to the virtualization instruction and creates a virtual node state, and receives a virtual node state and sends the virtual node state to the data processing unit.

Further, in one possible design, the processor is further configured to perform: creating a virtual mapping network of a target quantum network, comprising: distributed virtual mapping network, centralized virtual mapping network, distributed virtual mapping network characterized by: each target quantum node creates a virtual node, and the centralized virtual mapping network is characterized in that: the third-party server creates a virtual node for each target quantum node; wherein, the virtual mapping network comprises: network link topology information between target quantum nodes; the virtual nodes are used for storing or outputting corresponding virtual node states.

Further, in another possible design, the processor is further configured to perform: and verifying the digital signature of all or part of the virtual node states, and if the digital signature cannot be verified, the corresponding node needs to retransmit the corresponding virtual node state.

The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 14, but this is not intended to represent only one bus or type of bus.

The memory may include volatile memory (volatile memory), such as random-access memory (RAM); the memory may also include a non-volatile memory (non-volatile memory), such as a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD); the memory may also comprise a combination of memories of the kind described above.

The communication interface may be a wired communication access, a wireless communication interface, or a combination thereof, wherein the wired communication interface may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless communication interface may be a WLAN interface.

The processor may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus (or system), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (or systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the invention has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. Accordingly, the specification and figures are merely exemplary of the invention as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A quantum network function virtualization method, comprising: each target node of the target network respectively creates a current virtual node state and respectively sends the current virtual node state to one or more target receivers, the one or more target receivers create an identifier for the current virtual node state of all or a part of the target nodes and obtain a virtual network state, or the current virtual node state of all or a part of the target nodes and the corresponding identifiers are packaged into a data file or a virtual network state slice,

wherein the target node comprises: some or all relay nodes and service nodes in the target network, and the virtual node state comprises: some or all of the virtual node routing states of the destination node, wherein a virtual node routing state comprises: the exclusive or value of the shared key grouping negotiated by the target node and two adjacent target nodes respectively and the corresponding virtual node routing state identification thereof, wherein the target network comprises any one of the following options: quantum key distribution network, quantum communication network, quantum sensing network, quantum security internet.

2. The quantum network function virtualization method of claim 1, comprising: creating a virtual mapping network of a target network, comprising: a distributed virtual mapping network, or/and a centralized virtual mapping network, the distributed virtual mapping network characterized by: each target node creates a virtual node, and the centralized virtual mapping network is characterized in that: the third-party server creates a virtual node for each target node, wherein the virtual mapping network further comprises: and network link topology information between the target nodes, wherein the virtual nodes are used for storing or outputting corresponding virtual node states.

3. A quantum network function virtualization method according to claim 1 or 2, comprising: creating a virtual link state between any two of a part or all of the service nodes in the destination network, characterized by selecting a virtual network state or virtual network state slice, selecting a key relay link between the two service nodes, screening out from the virtual network state or virtual network state slice the corresponding virtual node routing data in all virtual node states associated with the key relay link, recalculating the exclusive-or value of all virtual node routing data, creating an identification of the exclusive-or value of all virtual node routing data, or encapsulating the virtual link state or a part of the virtual link state between any two of all of the part or all of the service nodes in the destination network as one or more data files or virtual link network slices,

wherein the identification of the exclusive or value of all the virtual node routing data comprises: global identification, identification of the two service nodes, and the method for selecting a key relay link between the two service nodes comprises the following steps: selecting a key relay link connected with the least relay nodes or randomly selecting a communicable key relay link according to the virtual network routing topology information, wherein the virtual node routing data comprises: the exclusive or value of the shared key packet between the target node and the two associated neighboring nodes.

4. The quantum network function virtualization method according to claim 3, comprising: the target node performs identity authentication with a neighboring target node or/and a network controller, wherein the identity authentication comprises: CA certificate based authentication or initial root key based authentication.

5. The quantum network function virtualization method of claim 4, comprising: the target node reports topology information of the target node to a network controller or a target receiver, wherein the topology information comprises: identification of the target node, link status between the target node and each neighboring target node.

6. The quantum network function virtualization method of claim 5, comprising: the target node receives a virtualization instruction issued by a network controller or a target receiver, wherein the virtualization instruction is used for indicating any one or more of the following: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver and data transmission mode.

7. The quantum network function virtualization method of claim 6, comprising: determining, from the system policy, any one or any more of: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, data structure of virtual network state, data structure of virtual link state, identification of target receiver and data transmission mode.

8. The quantum network function virtualization method of claim 1, wherein the creating a current virtual node state comprises: the method comprises the steps that a relay node creates a current virtual node state and a service node creates the current virtual node state, wherein the relay node creates the current virtual node state and comprises the following steps: the relay node negotiates a shared key group with each of n adjacent target nodes respectively, calculates the exclusive or value of any two shared key groups in the n shared key groups, creates a corresponding identifier and marks the identifier as a virtual node routing state, creates a node identifier for the routing states of C (n,2) virtual nodes, or encapsulates the routing states of the C (n,2) virtual nodes and the corresponding node identifiers into a data file or a virtual node state; the service node creating the current virtual node state comprises: the service node negotiates a shared key packet with each of m adjacent target nodes, respectively, creates a virtual relay node, generates a random number packet and creates a corresponding packet identifier, uses the random number packet as a shared key packet between the virtual relay node and the service node, uses m adjacent target nodes and the service node as (m +1) adjacent target nodes of the virtual relay node, calculates an exclusive-or value of any two shared key packets in the (m +1) shared key packets and creates a corresponding identifier and records the corresponding identifier as a virtual node routing state, creates a node identifier for C (m +1,2) virtual node routing states, securely stores the random number packet, or encapsulates the C (m +1,2) virtual node routing states and their corresponding node identifiers as a data file or a virtual node state, the random number group and the shared key group have the same data format, n is a natural number greater than 1 and not greater than the number of all nodes adjacent to the relay node; m is a natural number greater than 0.

9. The quantum network function virtualization method of claim 8, comprising: after the creation of all the virtual node routing states is completed, the target node destroys all the shared key groups which are used and do not need to be stored, or destroys the shared key group after all the virtual node routing state data which need to participate in calculation of one shared key group are completed.

10. The method of claim 8, wherein negotiating a shared key group comprises any one or both of: the real-time sharing method comprises the following steps: the target node and the adjacent target node negotiate a shared key sequence in real time, and the shared key sequence is used as a shared key group, or the target node and the adjacent target node respectively divide the shared key sequence into one or more groups by adopting the same data format, carry out randomness test on each group by adopting the same randomness test method, and use a group which passes the randomness test as a shared key group, wherein the precaching method comprises the following steps: the target node negotiates a shared key sequence with an adjacent target node, the shared key sequence is divided into one or more groups respectively by adopting the same data format, the randomness test is carried out on each group by adopting the same randomness test method, each group passing the randomness test is cached and a group identifier is respectively created, and the target node negotiates to select a group with the same or the same group number from the cached groups as a shared key group.

11. The method of claim 10, wherein negotiating a sequence of shared keys comprises any one of the following methods: the method comprises the steps of negotiating a shared key with a plurality of adjacent target nodes in sequence, simultaneously negotiating the shared key with the plurality of adjacent target nodes, and negotiating the shared key with the corresponding adjacent target nodes according to a virtualization instruction, wherein the negotiation of the shared key comprises the occupation of the whole bandwidth of a key negotiation channel or the occupation of only part of the bandwidth of the whole key negotiation channel.

12. The method of claim 10, wherein negotiating a shared key packet further comprises: consistency check, wherein the consistency check comprises: and the target node and the adjacent target node carry out consistency check on each shared key group, if the consistency check cannot be passed, the negotiation is carried out again, otherwise, one shared key group is successfully negotiated.

13. The method of claim 1, 9, 10 or 12, wherein a group identification is created for the shared key group, the group identification comprising: the method comprises the steps that a grouping number, a link identification of a current target node and an adjacent target node or a current target node identification and an adjacent target node identification are adopted, wherein the grouping number adopts a local number or a global identification, and under the condition of adopting the local number, after a certain shared key grouping or/and a random number grouping is used for creating a virtual node routing state, the corresponding local number is changed into the global identification of the corresponding virtual node routing state.

14. The quantum network function virtualization method of claim 8, comprising any one or both of: before a virtual node state is created, global identification is obtained, wherein the method for obtaining the global identification comprises the steps of determining the current global identification according to a virtualization instruction or determining the current global identification according to the last global identification; before the virtual node routing state is created, the target node and the adjacent target node confirm the negotiated shared key group and the global identification of the virtual node routing state used for creation, and the target node and the adjacent target node respectively use the negotiated shared key group for creating the virtual node routing state with the same global identification.

15. The quantum network function virtualization method of claim 1, comprising: the method comprises the following steps of creating a virtual node routing state identifier, a virtual node routing state identifier and a virtual network state identifier, wherein the virtual node routing state identifier comprises the following steps: global identification, routing identification of the previous and next adjacent target nodes connecting the current target node and the current target node, or identification of the current serving node, identification of the first adjacent target node, identification of the second adjacent target node,

the content of the virtual node state identifier comprises: the identity of the current target node, the global identity, the number of virtual node routing states or the number of neighboring target nodes,

the virtual network state identification comprises: global identification, number of virtual node states.

16. A quantum network function virtualization method according to claim 15, wherein the content of the virtual node status identifier or virtual network status identifier further comprises any one or more of the following:

identification of the target network, for distinguishing between different target networks,

a local identification for distinguishing between multiple virtual node routing states having the same global identification or for distinguishing between multiple virtual node states having the same global identification,

checking information for checking the integrity of the virtual node routing state or the virtual node state, including a data digest or a Hash value or a MAC code of the corresponding data,

digitally signing, digitally signing the virtual node state or the virtual network state by adopting a digital signature algorithm,

a time stamp for recording a creation time of the virtual node state or the virtual network state,

the data digest or Hash value of the current virtual node state or virtual network state, the data digest or Hash value of the previous virtual node state or virtual network state, and the data digest or Hash value of the current and previous virtual node states or virtual network states, wherein the private key for the digital signature of the virtual node routing state cannot be illegally accessed or derived.

17. The quantum network function virtualization method according to claim 3, comprising: and marking the freshness of the virtual network state or/and the virtual link state according to the generation time or/and the use frequency of the virtual network state or/and the virtual link state, wherein the freshness is inversely related to the generation time and the use frequency.

18. A quantum network function virtualization method according to claim 3, comprising: providing a key service, comprising the steps of: the method comprises the following steps: selecting a virtual link network slice for m service nodes in a target network, and respectively sending the virtual link network slice to the m service nodes, wherein the second step is as follows: the m service nodes negotiate to adopt an associated shared key group of a certain service node A as a group shared key, any other service node B calculates an exclusive OR value of corresponding virtual link state data and the corresponding associated shared key group of the service node B based on the virtual link network slice, and obtains the associated shared key group of the service node A, and the m service nodes respectively inject the associated shared key group into the associated encryption devices.

19. The quantum network function virtualization method according to claim 3, comprising: the application method of the virtual link network slice is applicable to the scenes comprising the following steps: the method comprises the following steps that a plurality of nodes respectively and independently acquire or calculate data, one node encrypts the data and discloses a corresponding ciphertext after acquiring or calculating the data, and other nodes can decrypt the ciphertext in real time and acquire the data, and the method comprises the following steps: selecting one or more virtual link network slices for m service nodes in a target network, sending the virtual link network slices to the m service nodes respectively, selecting one virtual link network slice by one service node or source node, grouping and encrypting target data of the source node by adopting a shared key associated with the virtual link network slice to obtain a ciphertext, creating a ciphertext identifier for the ciphertext and disclosing the ciphertext and the ciphertext identifier thereof, the other one or more service nodes compute xor values of the respective virtual quantum link state data and the respective associated shared key packet of the respective service node based on the virtual link network slice, and obtaining an associated shared key group of the source node, decrypting the ciphertext by using the associated shared key group and obtaining target data sent by the source node, wherein the ciphertext identifier comprises: the method comprises the steps of identification of a virtual link network slice, identification of a source node and an encryption mode, wherein the encryption mode comprises exclusive-or encryption by adopting a symmetric cryptographic algorithm, and target data comprises any one or more of the following data: message grouping, random key data, sensing data, audio and video monitoring data, calculation data and data files; wherein m is an integer greater than 1.

20. The quantum network function virtualization method according to claim 3, comprising: the target recipient providing virtual link services, comprising: transmitting one or more virtual link states associated with two serving nodes to the two serving nodes or/and application devices served by the two serving nodes, wherein the application devices comprise: password application device, agent device of service node, virtual link service agent device.

21. A quantum network function virtualization method according to claim 1, 18 or 20, comprising: the method is characterized in that a target receiver sends a virtual link state to two associated service nodes respectively, the two service nodes negotiate to adopt an associated shared key packet of one service node as a shared key, correspondingly, the other service node calculates a first exclusive OR value of the corresponding associated shared key packet and virtual link state data stored by the other service node and obtains the shared key, or one service node calculates a second exclusive OR value of a data packet and the shared key and sends the second exclusive OR value to the other service node, the other service node calculates the second exclusive OR value and a third exclusive OR value of the shared key and obtains the data packet, wherein the data packet comprises a random number packet or a message packet.

22. A quantum network function virtualization method according to claim 1 or 20, wherein the target recipient comprises any one or more of the following options: the system comprises a target network management server, a network controller, a network virtualization server device, a service node device, a cloud storage service device and a accounting node device of a block chain.

23. The quantum network function virtualization method according to claim 1, comprising: the virtual node states form a virtual node state block chain according to a time sequence, wherein the method for forming the virtual node state block chain comprises the following steps: creating a block header for the virtual node state, using the virtual node state as a block body, wherein the block header comprises a block number, a timestamp and a Hash value of the block, the block number is the same as or has one-to-one correspondence with the global identifier,

or/and: the virtual network state forms a virtual network state block chain according to the time sequence, wherein the method for forming the virtual network state block chain comprises the following steps: and creating a block header for the virtual network state, wherein the virtual network state is used as a block body, the block header comprises a block number, a timestamp and a Hash value of the block, and the block number is the same as the global identification or has one-to-one corresponding correlation.

24. The quantum network function virtualization method of claim 3, wherein the virtual link network slices form a virtual link network slice block chain in time order, wherein forming a virtual link network slice block chain comprises: and creating a block header for the virtual link network slice, wherein the virtual link network slice is used as a block body, the block header comprises a block number, a timestamp and a Hash value of the block, and the block number is the same as the global identification or has one-to-one corresponding correlation.

25. A quantum network function virtualization method according to claim 2, wherein the storing comprises any one or more of the following options: local storage, cloud storage, server-side storage, wherein,

the local storage method comprises the following steps: the virtual link state is stored in local memory or network storage,

the cloud storage method comprises the following steps: storing the virtual link state on a cloud storage space,

the server-side storage comprises: and sending the virtual link state to one or more third-party servers for storage.

26. A quantum network function virtualization method according to claim 1 or 2, wherein the sending or outputting comprises any one or both of the following options: a real-time transmission method, a passive response transmission method, wherein,

the real-time sending method comprises the following steps: the method for sending the virtual node state to a local memory or a network storage space in real time, or/and a third-party server, or/and an associated service node comprises the following steps: and sending the virtual node state with the specific number to a third-party server or/and an associated service node according to the virtualization instruction.

27. The quantum network function virtualization method of claim 26, wherein the sending further comprises: an encrypted transmission, the encrypted transmission including any one of the following options: the method adopts symmetric cryptographic algorithm encryption, asymmetric cryptographic algorithm encryption and VPN tunnel mode or transmission mode.

28. The quantum network function virtualization method of claim 1, comprising: a method for encapsulating virtual network states or virtual network state slices of two different target networks into a cross-domain interworking virtual network state or virtual network state slice, characterized in that if there is a service node simultaneously accessing two different target networks, one of the service nodes is selected to use the XOR value and the identification of its corresponding two associated shared key packets as a virtual node routing state of the cross-domain interworking virtual network state or virtual network state slice, together with the virtual network states or virtual network state slices of the two different target networks to form a cross-domain interworking virtual network state or virtual network state slice, if there is no service node simultaneously accessing two different target networks, a trusted third party distributes a first shared key packet and a second shared key packet for 2 service nodes of the two target networks respectively, then, one of the service nodes takes the xor value and the identifier of the corresponding associated shared key packet and the first shared key packet as a virtual node routing state, and the other service node takes the xor value and the identifier of the corresponding associated shared key packet and the second shared key packet as a virtual node routing state, if the first shared key packet and the second shared key packet are not the same, the trusted third party takes the xor value and the identifier of the first shared key packet and the second shared key packet as a virtual node routing state, and the virtual node routing state and the virtual network state or the virtual network state slice of the two different target networks form a cross-domain interworking virtual network state or a virtual network state slice.

29. The quantum network function virtualization method according to claim 1, comprising: setting conditions for creating a virtual network state or slice, including: the target recipient has received the virtual node routing state required to create a virtual quantum link state between any two service nodes or has reached a defined time to create a current virtual network state or slice.

30. The method of claim 2, wherein providing virtual node state services comprises: and selecting a key relay link between two service nodes, wherein each virtual node on the key relay link sends the virtual routing data with the same global identification to a service node or a third-party server, and the service node or the third-party server performs exclusive-OR operation on the virtual routing state data of each target node with the same global identification.

31. A quantum network function virtualization apparatus, comprising: node device, virtualization server device for performing the method of any of claims 1 to 7, wherein said node device and said virtualization server device comprise software modules, hardware modules or integrated modules of software and hardware.

32. The quantum network function virtualization device of claim 31, wherein the node device comprises: a transceiver, configured to report topology information of the quantum node to a virtualization server device or a network controller, receive a virtualization instruction issued by the virtualization server device or the network controller, and send a routing status of the virtual node to the virtualization server device,

a data processing unit for negotiating a shared key packet with a neighboring target node, creating a virtual node routing state, or/and, further, for creating a virtual node state,

a node virtualization unit for storage and output management of virtual node routing states or/and virtual node states,

wherein, the virtual node routing state comprises: the xor value and the corresponding identifier of the shared key packet between the target relay node and two adjacent target nodes, and the virtual node state includes: some or all of the virtual node routing states of the target relay node and their corresponding identities, the virtualization instructions being for indicating any one or more of: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver, and data transmission mode, wherein the topology information includes: identification of the node, link status between the node and each neighboring target node.

33. A quantum network function virtualization device according to claim 31 or 32, wherein the virtualization server device comprises:

a memory for storing programs and instructions,

a data processing unit for executing, by calling the program and the instruction stored in the memory: encapsulating the current virtual node state and corresponding identification of all target quantum nodes as a virtual network state or slice, or/and encapsulating the virtual link state between any two quantum service nodes in a part or all of the quantum service nodes in the target network as a virtual link network slice,

the transceiver is used for sending a quantum network virtualization request to a network controller, receiving a virtual node state of a target quantum node, receiving topology information of a corresponding node reported by the target quantum node, acquiring the virtualization request, and issuing a virtualization instruction corresponding to the virtualization request to each target quantum node, so that each target quantum node negotiates a shared quantum key and creates a virtual node state according to the virtualization instruction, receives the virtual node state, and sends the virtual node state to the data processing unit, wherein the topology information includes: an identification of the node, a link state between the node and each of the neighboring target nodes, the virtualization instructions to indicate any one or more of: global identification, data format of shared key grouping, data structure of virtual node routing state, data structure of virtual node state, identification of target receiver and data transmission mode.

34. A quantum network function virtualization device according to claim 31 or 32, wherein the virtualization server device further comprises: a virtual link service unit, configured to send one or more virtual link statuses associated with two service nodes to the two service nodes or/and an application device served by the two service nodes, wherein the application device includes: password application device, agent device of service node, virtual link service agent device.

35. The quantum network function virtualization device of claim 33, wherein the data processing unit is further configured to perform: creating a virtual mapping network of a target network, comprising: a distributed virtual mapping network, or/and a centralized virtual mapping network, wherein,

the distributed virtual mapping network is characterized in that: each of the target nodes creates a virtual node,

the centralized virtual mapping network is characterized in that: the third party server creates a virtual node for each target node, wherein the virtual mapping network comprises: information of the network link topology between the target nodes,

the virtual nodes are used for storing or outputting corresponding virtual node states.

36. The quantum network function virtualization device of claim 33, wherein the data processing unit is further configured to perform: a digital signature of all or a portion of the virtual node state is verified.