CN112367160A - Virtual quantum link service method and device - Google Patents

Virtual quantum link service method and device Download PDF

Info

Publication number
CN112367160A
CN112367160A CN201910819217.8A CN201910819217A CN112367160A CN 112367160 A CN112367160 A CN 112367160A CN 201910819217 A CN201910819217 A CN 201910819217A CN 112367160 A CN112367160 A CN 112367160A
Authority
CN
China
Prior art keywords
quantum
virtual
service
application device
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910819217.8A
Other languages
Chinese (zh)
Other versions
CN112367160B (en
Inventor
陈晖�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Liang'an Blockchain Technology Co ltd
Original Assignee
Chengdu Liang'an Blockchain Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Liang'an Blockchain Technology Co ltd filed Critical Chengdu Liang'an Blockchain Technology Co ltd
Priority to CN201910819217.8A priority Critical patent/CN112367160B/en
Publication of CN112367160A publication Critical patent/CN112367160A/en
Application granted granted Critical
Publication of CN112367160B publication Critical patent/CN112367160B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a virtual quantum link service method, which comprises the following steps: the application device requests service from the server, the server searches quantum service nodes associated with the application device, selects a virtual link state, sends corresponding identifiers to the two quantum service nodes respectively, the quantum service nodes send XOR values of the two associated shared key groups to the server respectively, the server performs XOR operation on the XOR values of the two XOR values and the virtual link state data, and sends the XOR operation result and the corresponding identifiers to the two application devices respectively. The invention also provides a virtual quantum link service device. The invention can solve the problems of the quantum network such as the concurrency conflict of the scale quantum link, the large delay of the quantum relay link and the like, has quantum security, high efficiency and service flexibility, can be widely used in the field of quantum key service, and has good application and popularization prospects.

Description

Virtual quantum link service method and device
Technical Field
The invention relates to the technical field of quantum key service, in particular to a virtual quantum link service method and a virtual quantum link service device.
Background
A Quantum node in a Quantum communication network generally consists of a classical communication unit connected to a classical communication network and a Quantum device unit connected to a Quantum Key Distribution (QKD) network. Due to the lack of practical no-landing quantum communication relay technology, quantum trusted relay technology is typically employed in QKD networks. Chinese patent grant publication No. CN 104243143B and application publication No. CN 106972922A disclose a mobile secure communication method based on a quantum key distribution network, which adopts a single-hop forwarding routing addressing relay method to transmit encrypted information to a terminal device bound to a remote centralized control station, and has the problems of security diffusion, low efficiency, large relay delay and the like. The method for the low-delay quantum key mobile service disclosed by the Chinese patent authorization publication No. CN 109995513A overcomes the problems of security diffusion, low efficiency, large relay delay and the like in the method to a certain extent. But the above methods all also suffer from the problem of quantum link concurrency conflicts.
Disclosure of Invention
In order to solve the problems existing in the quantum key service technology in the background technology, the invention provides a virtual quantum link service method and a virtual quantum link service device. The invention provides a virtual quantum link service method, which is applicable to scenes including but not limited to: the application device has applied for network entry and ID identification and has applied for random key grouping and sufficient margin to one or more quantum service nodes that have sent registration information or/and a service association list for the application device to a third party server, the method comprising:
the method comprises the following steps: the first application device requests a key association parameter between the first application device and the second application device from the third-party server;
step two: the method comprises the steps that (1) if the first quantum service node and the second quantum service node are the same quantum service node, the third-party server commands the first quantum service node to calculate an exclusive or value of a random key group of the first application device and a random key group of the second application device, takes the exclusive or value and a corresponding identifier thereof as a key association parameter and sends the key association parameter to the third-party server; (2) if the first quantum service node and the second quantum service node are two different quantum service nodes, the third-party server selects or calculates a virtual link state between the first quantum service node and the second quantum service node and respectively sends corresponding virtual link state identifications to the first quantum service node and the second quantum service node, the first quantum service node sends an exclusive-or value and a corresponding identification of a shared key group associated with the virtual link state and a random key group of the first application device to the third-party server, the second quantum service node sends an exclusive-or value and a corresponding identification of an exclusive-or value of a shared key group associated with the virtual link state and a random key group of the second application device to the third-party server, and the third-party server further performs exclusive-or operation on the exclusive-or value of the exclusive-or value and the virtual link state data, taking the result of the exclusive-or operation and the corresponding identifier as a key association parameter;
step three: the third-party server respectively sends the key association parameters to the first application device and the second application device;
wherein, the identifier of the xor operation result comprises: an identification of a random key packet for the first application device and the second application device; the virtual link state data includes: an exclusive-or value of the respective shared quantum key packet of the two quantum service nodes associated with the virtual link.
Optionally, the method further includes: the first application device and the second application device negotiate a shared key based on the key association parameters.
Optionally, the method further includes: the first application device and the second application device respectively send the key association parameters to a third application device and a fourth application device, and the third application device and the fourth application device negotiate a shared key based on the key association parameters.
Optionally, the method further includes: the unregistered application device applies for registration network access to one quantum service node of a target network and obtains a unique ID, the registered application device applies for random key grouping to one or more quantum service nodes of the target network and establishes a service association list of the quantum service nodes and the application device, and the quantum service nodes send the service association list to a third-party server.
The invention also provides a quantum network virtualization device, comprising: the application device, the quantum service node device and the third-party server device execute any one of the methods, wherein the devices comprise software modules, hardware modules or integrated modules of software and hardware.
The invention has the following innovations: the invention realizes quantum key service separated from the QKD network, does not coordinate QKD link resources in real time to carry out quantum key trusted relay, and can effectively solve the problems of concurrent conflict and trusted relay delay of a scale relay link in the QKD network. Based on higher service efficiency, higher safety and higher service flexibility, the embodiment of the invention has good application and popularization prospects in the application fields of mobile secret communication, mobile office systems, VPN (finance, electric power, energy, traffic and the like) and the like.
Drawings
Fig. 1 is a schematic diagram of a virtual quantum link service method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a virtual quantum link service method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a method for creating a virtual link state according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a quantum service node device for virtual quantum link service according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a third-party server device for virtual quantum link service according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention and some terms and meanings thereof will be described below.
(1) The target quantum network to which embodiments of the present invention are applicable includes, but is not limited to, any of the following networks: quantum key distribution network, quantum communication network, quantum sensing network, quantum security internet, other networks which adopt a point-to-point single-hop landing forwarding mode for relay transmission; accordingly, target quantum nodes in embodiments of the invention include, but are not limited to: some or all quantum relay nodes in the target quantum network, some or all quantum service nodes (or quantum access nodes) in the target quantum network. The target quantum node in the embodiment of the present invention is suitable for, but not limited to, a target quantum node accessing a target quantum network through a fiber interface and a wireless interface (or a free space interface).
(2) The virtualization in the embodiment of the invention is the electronization or instantiation of the quantum network function, and the electronized or instantiated data can be used by being separated from the physical network to which the electronized or instantiated data belongs.
(3) The target quantum relay node in the embodiment of the invention is a node used as a relay in a target quantum network, or a node which has at least two adjacent nodes on one or more relay links and is used as a relay, wherein the relay node does not store a key which is negotiated between the relay node and the adjacent nodes and is used for function virtualization of the relay node; quantum service nodes (or access nodes) refer to other nodes in the target quantum network that are not used for relaying or are not used for relaying directly (in some possible designs, quantum service nodes may be used for relaying through virtual nodes); in addition, for a specific embodiment of the present invention, the corresponding target quantum network includes the relay node and the quantum service node included in the embodiment.
(4) The communication channels involved in embodiments of the invention for quantum networks include quantum channels and conventional communication network channels, wherein conventional communication network channels are employed for other communication processes except that quantum key distribution between adjacent quantum nodes (an adjacent quantum node refers to two nodes capable of normal point-to-point QKD or quantum communication) requires occupation of the quantum channel or link, and include, but are not limited to, one or more of wired communication and wireless/mobile/satellite communication channels.
(5) The terms "virtual node routing status", "virtual network status", "virtual link network status", and the like used in the embodiments of the present invention are only used for marking corresponding data or files, and are not used for limiting the corresponding data or files, and all schemes that are merely replacing names and have no substantive difference belong to the protection scope of the present invention.
(6) The shared key packet in the embodiment of the invention is shared data with a certain data length. Because different application systems have different requirements on the length of the shared key and the rate of the point-to-point QKD link has a certain difference, the invention does not specially limit the data length of the shared key packet; it is obvious that the data length refers to counting by the same data unit (e.g., bit, byte). In practice, the data length of the shared key packet (e.g., 2048 bits, 100 kbytes, 10 mbytes, 1 gbyte, or any other data length that meets the requirements of the system) may be determined according to the rate of encoding of the QKD system in actual use, the specific requirements of the application system, or future industry standard requirements. It should be clear that, for each virtualization process of the same embodiment, the shared key packets negotiated between all neighboring target nodes have the same data format (including but not limited to data type, data length, and data reading and writing order).
(7) The global identifier in the embodiment of the invention is a virtualized identifier for keeping all nodes in the target quantum network consistent, and the global identifier can be used for distinguishing different target quantum networks and also can be used for distinguishing different embodiments in the target quantum networks; the global identifier may adopt a global number unified in the whole network, or may adopt an identifier combining the target quantum network identifier and the global number.
In order to make the technical solutions and advantages of the present invention clearer, the present invention is described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a schematic diagram of a virtual quantum link service method provided in an embodiment of the present invention, where the applicable scenarios of the embodiment of the method include, but are not limited to: the application device has applied for network entry and ID identification and has applied for random key grouping and sufficient margin to one or more quantum service nodes that have sent registration information or/and a service association list for the application device to a third party server, the method comprising:
s101: receiving a service request, namely, a third party server receives a key association parameter request between a first application device and a second application device;
s102: processing the service request: that is, the third-party server searches for a first quantum service node and a second quantum service node associated with the first application device and the second application device, respectively, (1) if the first quantum service node and the second quantum service node are the same quantum service node, the third-party server instructs the first quantum service node to calculate an exclusive or value of a random key packet of the first application device and a random key packet of the second application device, and uses the exclusive or value and a corresponding identifier thereof as a key association parameter and sends the key association parameter to the third-party server (wherein the identifier includes but is not limited to IDs of the first and second application devices, an identifier of the first quantum service node, and identifiers of the two random key packets); (2) if the first quantum service node and the second quantum service node are two different quantum service nodes, the third-party server selects or calculates a virtual link state between the first quantum service node and the second quantum service node, and respectively sends corresponding virtual link state identifications to the first quantum service node and the second quantum service node, the first quantum service node sends an exclusive-or value of a shared key packet associated with the virtual link state and a random key packet of the first application device and corresponding identifications thereof to the third-party server (wherein the identifications include but are not limited to an ID of the first application device, an identification of the first quantum service node, and an identification of the random key packet), and the second quantum service node sends an exclusive-or value of a shared key packet associated with the virtual link state and a random key packet of the second application device and corresponding identifications thereof to the third-party server (wherein, the identifier includes but is not limited to an ID of the second application device, an identifier of the second quantum service node, and an identifier of the random key packet), the third-party server further performs an exclusive-or operation on the exclusive-or value of the two exclusive-or values and the virtual link state data, and uses the exclusive-or operation result and its corresponding identifier as a key association parameter (wherein, the identifier includes but is not limited to an identifier of the random key packet of the first application device or/and the second application device);
s103: providing service, namely, the third-party server respectively sends the key correlation parameters to the first application device and the second application device; the virtual link status data includes, but is not limited to: an exclusive-or value of respective shared quantum key packets of two quantum service nodes associated with a virtual link; the identification of the random key packet includes but is not limited to: ID identification of the application device, identification of the associated quantum service node, number of the random key packet.
In the above embodiment, if the first quantum service node is adjacent to the second quantum service node, a shared key between the two may be grouped as a virtual link state.
The method of the present invention is further described below with reference to a schematic flow diagram of a virtual quantum link service method provided by the embodiment of the present invention shown in fig. 2, where the method flow includes:
process 1: an application device U and an application device V respectively apply for registration and obtain ID identification to a quantum service node A and a quantum service node B (wherein, A and B both access the same quantum relay network and at least one quantum relay link exists between the A and the B), respectively apply for A and B and obtain a certain amount of random key grouping (respectively marked as Kui and Kvj, wherein i and j are natural numbers and are used for corresponding numbers); a and B respectively create a service association list of association U and V and upload the service association list to a virtual link server; the service association list is composed of a plurality of records, wherein each record represents association information of one registered application device, and the association information comprises but is not limited to ID identification of the application device, identification of an associated quantum service node and margin information of a random key group;
and (2) a process: the U requests a key correlation parameter between the U and the V from the virtual link server; the virtual link server firstly identifies U (for example, an application device is required to input a password or an associated quantum service node ID, if information is inconsistent, the password or the associated quantum service node ID needs to be input again, if the ID identification does not exist or is stopped, reapplication or activation is prompted, if the margin of a random key group is insufficient, service is refused), after identification, corresponding service association lists are searched according to the ID identifications of U and V respectively, and the associated quantum service nodes A and B are searched according to the service association lists;
and 3, process: the virtual link server selects or calculates a virtual link state (recorded as Ka ^ Kb) between A and B, and respectively sends corresponding virtual link state identifications to A and B;
and 4, process: a sends the XOR value of the shared key packet Ka associated with the virtual link state and a random key packet of U (for example, Ku2 is selected) and the corresponding identification to the virtual link server; b sending the xor value of the shared key packet Kb associated with said virtual link state and a random key packet of V (e.g. select Kv5) and its corresponding identity to the virtual link server;
and (5) a process: the virtual link server performs an exclusive-or operation on the exclusive-or value of the two exclusive-or values and the virtual link state data, that is, calculates: (Ka ^ Ku2) & gtThe & gtKb & gtKv 5 & gtThe & gtKa & ltLambda & ltKb) = Ku2 & ltKv 5, take Ku2 & ltKv 5 & gt and corresponding random key grouping identification as a key association parameter, and send the key association parameter to U and V respectively;
and 6, a process: the U and V negotiations use Ku2 or Kv5 as shared keys.
In one possible design, process 6 above is replaced by U sending a check value of Ku2 ≦ Ku2 ≦ Kv5 ≦ R = Kv5 ≦ R and R to V; v, calculation: kv5 ≧ R ≦ Kv5= R, the check value of R is calculated again, and if the two check values are the same, R distribution is successfully completed; otherwise, renegotiation; wherein, R may be plaintext data or a random key.
In one possible design, the quantum service node a and the quantum service node B respectively send (Ka ≦ Ku2) and (Kb ≦ Kv5) and their corresponding identifiers to the application device U, the virtual link server sends Ka ≦ Kb to the application device U, and the application device U calculates Ka ≦ Kb
The method includes the steps of (Ka ^ Ku2) & gt, (Kb & gt Kv5) & gt, (Ka & gt Kb) = Ku2 & gt Kv5, calculating Ku2 & gt Kv5 & gt Ku2= Kv5, and using Kv5 as a shared key for U and V.
Further, in a possible design, on the basis of the foregoing embodiment, the method may further include: the application devices U and V respectively send the key association parameters to a third application device and a fourth application device, and the third application device and the fourth application device negotiate a shared key based on the key association parameters; the U and the V are respectively used as virtual link service agent equipment of a third application device and a fourth application device, a service agent binding relation is established, and the third application device and the fourth application device respectively obtain enough random key groups in advance.
In one possible design, the virtual link server may be a quantum service node a, and accordingly, a may compute: (Ka ^ Ku2) & gtKb & gtKv 5 & gtKb & ltKb) = Ku2 & ltKv 5, and Ku2 & ltKv 5 & gt and the corresponding random key packet identification are respectively sent to U and V.
The application device can apply for the random key grouping to the quantum service node providing the registration service, also can apply for the random key grouping to one or more other quantum service nodes, and respectively creates corresponding service association list information, and also can set the corresponding priority for preferential use.
The application devices in the above embodiments include, but are not limited to, any one or more of the following devices: the system comprises a password application device, a proxy device of a quantum service node, a virtual link service proxy device and intelligent equipment with an encryption mode.
The third party server includes, but is not limited to, any one or more of the following devices: the system comprises a quantum key server, a virtual link server, a quantum service node device, a cloud service device and a network virtualization server device; any one of the above devices may acquire one or more virtual quantum network states or virtual link network states, or may acquire a required virtual link state.
The method for creating virtual link state provided by the embodiment of the present invention is further described with reference to the QKD network shown in fig. 3. As shown in fig. 3, the target quantum nodes in the target quantum network include 5 quantum service nodes (S1, S2, S3, S4, and S5) and 5 relay nodes (R1, R2, R3, R4, and R5), assuming that the shared quantum key negotiated between S1 and R1 is grouped into Ks1R 1; the shared quantum key negotiated between R1 and R2 is grouped as Kr1R2, and the shared quantum key negotiated between R1 and R5 is grouped as Kr1R 5; the shared quantum key negotiated between R2 and R3 is grouped as Kr2R 3; the shared quantum key group negotiated between R3 and R4 is Kr3R4, the shared quantum key group negotiated between R3 and R5 is Kr3R5 (Kr3R 5= Kr5R3, and the like), and the shared quantum key group negotiated between R3 and S3 is Kr3S 3; the shared quantum key negotiated between S4 and R5 is grouped as Ks4R 5; the shared quantum key negotiated between R4 and S2 is grouped as Kr4S 2; the shared quantum key negotiated between R4 and S5 is grouped as Kr4S 5.
The corresponding virtual network states include: the virtual node routing states of R (Ks1R ≧ Kr 1R), (Kr1R ≧ Kr 2R), 6 virtual node routing states of R (Kr2R ≤ Kr 3R), (Kr2R ≤ Kr3 s), (Kr2R ≤ Kr 5R), (Kr5R ≤ Kr3 s), and (Kr3s ≤ Kr 3R), the virtual node routing states of R (Kr3R ≤ Kr4 s), (Kr3R ≤ Kr 5R), (Kr4s ≤ Ks 5R), and the virtual node routing states of R (Ks4R ≤ Kr 1R), (k 4R 5R).
The corresponding virtual link network state includes a virtual link state between any two nodes of S1, S2, S3, S4, and S5, for example, a virtual link state between S1 and S2:
VQL _ s1s2= (Ks1r1 × (Kr1r 2) × (Kr1r2 × (Kr2r 3) × (Kr2r3 × (Kr3r 4) × (Kr3r4 × (Kr4s 2) = Ks1r1 × (Kr4s 2); and grouping Ks1r1 and Kr4S2 as associated shared quantum keys for nodes S1 and S2, respectively, and the like;
virtual link state between S1 and S3:
VQL_s1s3=(Ks1r1⊕Kr1r2)⊕(Kr1r2⊕Kr2r3)⊕(Kr2r3⊕Kr3s3)
=(Ks1r1⊕Kr1r5)⊕(Kr1r5⊕Kr5r3)⊕(Kr5r3⊕Kr3s3)=Ks1r1⊕Kr3s3;
the other (C (5,2) -2) virtual link states may be calculated in a similar manner.
In another possible design, based on the above virtual network states, further, S1, S2, S3, S4 and S5 may generate random number packets RKs1, RKs2, RKs3, RKs4 and RKs5 respectively, and the corresponding virtual network states further include virtual node routing states of S1, S2, S3, S4 and S5 and identifications thereof (i.e., (RKs1 & ' Ks1r1), (RKs2 & ' Ks2r4), (RKs3 & ' Ks3r3), (RKs4 & ' Ks4r5) and (RKs5 & ' Ks5r 4)); the corresponding virtual link state becomes the exclusive or value of some two of the above random number packets RKs1, RKs2, RKs3, RKs4, and RKs 5.
A virtual link-state database of the target quantum network may be created using the above-described method.
Obviously, the quantum link of the QKD network does not need to be occupied for performing virtual link service based on the virtual link state or the virtual network state, so that the problem of concurrent conflict of the scale quantum relay link in the conventional quantum key service method can be solved.
Fig. 4 is a schematic diagram of a quantum service node device for virtual quantum link service according to an embodiment of the present invention, where the quantum service node device includes, but is not limited to:
a transceiver: including various interface modules, the transceiver shown in fig. 4 includes an interface module 401, an interface module 402, an interface module 403, and an interface module 404; the interface module 401 is configured to report topology information of the quantum service node to the vector sub-network controller 406, and receive a virtualization instruction issued by the quantum network controller; the interface module 402 is configured to send a virtual node routing status or/and a virtual relay node status to the virtualization server 407; interface module 403 is configured to negotiate a shared quantum key packet with neighboring quantum nodes 408; the interface module 404 is configured to provide a key traffic service or/and a key agreement service for an application device or a server;
the data processing unit 405: for negotiating a shared quantum key packet with a neighboring quantum node 413 through interface module 403; optionally, the method is further configured to create a virtual node routing state; optionally, also for obtaining the quantum key from QKD unit 408;
a random key service unit 406, configured to generate a random number sequence, group the random number sequence according to a certain data size, perform a randomness test on each group, cache all random key groups that pass the randomness test, and output one or more random key groups and create corresponding association identifiers; wherein the association identifier is used for locating a corresponding random key packet, and the content of the association identifier includes but is not limited to: the identifier of the application device, the identifier of the associated quantum service node and the number of the random key group are determined;
a secure storage unit 407 for storing key data;
a node virtualization unit 409, configured to create a virtual relay node and a virtual node routing state and/or a virtual relay node state thereof, and store and output management of the virtual node routing state and/or the virtual relay node state;
a virtual link service unit 410, configured to provide any one or more of the following services:
direct method A: respectively sending exclusive or values of a random key group of the application terminal associated with the quantum service node and a random key group of the other application terminal to the two application terminals;
direct method B: the quantum service node calculates an exclusive or value of a shared key group associated with one virtual link state and the virtual link state data and obtains a shared key group of another quantum service node associated with the virtual link state;
indirect method C: the quantum service node generates a random number packet, calculates the exclusive OR value of the shared key packet associated with the quantum service node and a virtual link state and the virtual link state data, and sends the exclusive OR value and the exclusive OR value of the random number packet to another quantum service node or a third-party server associated with the virtual link state;
indirect method D: the quantum service node selects a random key group of the application terminal, calculates the exclusive or value of a shared key group associated with the quantum service node and a virtual link state and the random key group and sends the exclusive or value to a third-party server, wherein the virtual link state data is the exclusive or value of the corresponding shared key groups of the two associated quantum service nodes;
wherein, the virtual node routing state comprises: the exclusive or value and the corresponding identification of the shared key grouping between the target quantum service node and two adjacent nodes; the virtualization instructions are for indicating any one or more of the following: global identification, data format of shared key grouping, data structure of virtual node routing state, identification of target receiver and data transmission mode; topology information includes, but is not limited to: the identification of the quantum service node, and the link state between the quantum service node and each adjacent node; the key data includes, but is not limited to, any one or any plurality of the following: shared key grouping, random number grouping, random key grouping.
Further, in a possible design, on the basis of the foregoing embodiment, the system further includes a registration service unit, configured to provide a registration service for the application terminal, assign an ID to the application terminal, and send corresponding registration information to the third-party server.
Fig. 5 is a schematic diagram of a third-party server apparatus for virtual quantum link service according to an embodiment of the present invention, where the third-party server apparatus includes, but is not limited to: including a processor 501, memory 502, transceiver 503, and optionally, a bus 504 and a communication interface 505.
A memory 502 for storing programs and instructions;
a processor 501, configured to execute, by calling the program and the instruction stored in the memory: searching a first quantum service node and a second quantum service node which are respectively associated with a first application device and a second application device, (1) if the first quantum service node and the second quantum service node are the same quantum service node, a third party server device commands the first quantum service node to calculate an exclusive or value of a random key group of the first application device and a random key group of the second application device, and takes the exclusive or value and a corresponding identifier thereof as a key association parameter and sends the key association parameter to the third party server device; (2) if the first quantum service node and the second quantum service node are two different quantum service nodes, the third-party server device selects or calculates a virtual link state between the first quantum service node and the second quantum service node, and respectively sends corresponding virtual link state identifications to the first quantum service node and the second quantum service node, the first quantum service node sends an exclusive-or value and a corresponding identification of a shared key group associated with the virtual link state and a random key group of the first application device to the third-party server device, the second quantum service node sends an exclusive-or value and a corresponding identification of an exclusive-or value and a random key group of the second application device associated with the virtual link state to the third-party server device, and the third-party server device further performs exclusive-or operation on the exclusive-or value of the two exclusive-or values and the virtual link state data Calculating, using the result of the exclusive-or operation and the corresponding identifier as a key association parameter; the third party server device respectively sends the key association parameters to the first application device and the second application device;
a transceiver 503, configured to receive a service request of an application device or/and a quantum service node; issuing a service instruction to a related quantum service node according to the service request so that the quantum service node provides corresponding data according to the service instruction and receives the data sent by the quantum service node; and respectively sending the key association parameters to corresponding application devices.
The bus 504 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
Memory 502 may include volatile memory (volatile memory), such as random-access memory (RAM); the memory may also include a non-volatile memory (non-volatile memory), such as a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD); the memory may also comprise a combination of memories of the kind described above.
The communication interface 505 may be a wired communication access port, a wireless communication interface, or a combination thereof, wherein the wired communication interface may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless communication interface may be a WLAN interface.
The processor 501 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus (or system), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (or systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the invention has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. Accordingly, the specification and figures are merely exemplary of the invention as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A virtual quantum link service method is characterized in that an applicable scenario comprises: the application device has applied for network entry and ID identification and has applied for random key grouping and sufficient margin to one or more quantum service nodes that have sent registration information or/and a service association list for the application device to a third party server, the method comprising:
the method comprises the following steps: the first application device requests a key association parameter with the second application device from the third party server,
step two: the third-party server searches a first quantum service node and a second quantum service node respectively associated with the first application device and the second application device, (1) if the first quantum service node and the second quantum service node are the same quantum service node, the third-party server commands the first quantum service node to calculate an exclusive or value of a random key packet of the first application device and a random key packet of the second application device, and uses the exclusive or value and a corresponding identifier thereof as a key association parameter and sends the key association parameter to the third-party server, (2) if the first quantum service node and the second quantum service node are two different quantum service nodes, the third-party server selects or calculates a virtual link state between the first quantum service node and the second quantum service node, and sends the corresponding virtual link state identifiers to the first quantum service node and the second quantum service node respectively, the first quantum service node sends an exclusive-or value and a corresponding identifier of a shared key group associated with the virtual link state and a random key group of the first application device to a third-party server, the second quantum service node sends the exclusive-or value and the corresponding identifier of the shared key group associated with the virtual link state and a random key group of the second application device to the third-party server, the third-party server performs exclusive-or operation on the exclusive-or value of the two exclusive-or values and the virtual link state data, and the exclusive-or operation result and the corresponding identifier are used as a key association parameter,
step three: the third party server sends the key association parameters to the first application device and the second application device respectively,
wherein, the identification of the result of the exclusive-or operation comprises: the identification of the random key packet of the first application device and the second application device,
the virtual link state data includes: an exclusive-or value of the respective shared quantum key packet of the two quantum service nodes associated with the virtual link.
2. The virtual quantum link service method of claim 1, comprising: the first application device and the second application device negotiate a shared key based on the key association parameter.
3. The virtual quantum link service method of claim 1, comprising: the first application device and the second application device respectively send the key association parameters to a third application device and a fourth application device, and the third application device and the fourth application device negotiate a shared key based on the key association parameters.
4. A virtual quantum link service method according to claim 1, 2 or 3, comprising: the unregistered application device applies for registration network access to one quantum service node of a target network and obtains a unique ID, the registered application device applies for random key grouping to one or more quantum service nodes of the target network and establishes a service association list of the quantum service nodes and the application device, and the quantum service nodes send the service association list to a third-party server.
5. The virtual quantum link service method of claim 1, 2, 3 or 4, wherein the application device comprises any one or more of the following devices: the system comprises a password application device, a proxy device of a quantum service node, a virtual link service proxy device and intelligent equipment with an encryption mode.
6. The virtual quantum link service method according to claim 1 or 4, wherein the content of the service association list comprises: ID identification of the application device, identification of the associated quantum service node, and margin information of the random key packet.
7. The method of claim 1, wherein the third-party server selecting or computing a virtual link state between the first quantum service node and the second quantum service node comprises: selecting a virtual link state from a virtual link state database, or creating a virtual link state based on a virtual network state.
8. The method of claim 7, wherein creating a virtual link state based on a virtual network state comprises:
selecting a virtual network state, selecting a quantum key relay link between two quantum service nodes (conveniently, respectively designated as a source node and a sink node), screening all virtual node routing state data associated with the quantum key relay link from the virtual network state, computing an exclusive-or value of the all virtual node routing state data, creating an identifier for the exclusive-or value (conveniently, designating the exclusive-or value as virtual link state data, designating the identifier as a virtual link state identifier, designating the exclusive-or value and its corresponding identifier as a virtual link state between the source node and the sink node), wherein the virtual quantum network state comprises: virtual node states of all quantum relay nodes (or quantum relay nodes and virtual quantum relay nodes) in the target quantum network having the same global identity, one virtual node state comprising: some or all of the virtual node routing states of the target quantum node having the same global identity, wherein one virtual node routing state comprises: the xor value of the shared quantum key packet between the target quantum node and the two associated neighboring target quantum nodes and its identification (for convenience, the xor value is hereinafter referred to as a virtual node routing state data),
the virtual link state identification comprises: the global identification, the identification of the source node and the sink node, and the method for selecting a quantum key relay link between the source node and the sink node comprises the following steps: and selecting a quantum key relay link connected with the least quantum relay nodes or randomly selecting a communicable quantum key relay link according to the virtual network routing topological graph.
9. The virtual quantum link service method of claim 1, 4 or 7, wherein the third party server comprises any one or more of the following devices: quantum key server, virtual link server, quantum service node device, cloud service device, network virtualization server device.
10. A virtual quantum link service apparatus, comprising: an application device, a quantum service node device, a third party server device for executing the method of any one of claims 1 to 4, wherein the device comprises a software module, or a hardware module, or an integrated module of software and hardware.
CN201910819217.8A 2019-09-01 2019-09-01 Virtual quantum link service method and device Active CN112367160B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910819217.8A CN112367160B (en) 2019-09-01 2019-09-01 Virtual quantum link service method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910819217.8A CN112367160B (en) 2019-09-01 2019-09-01 Virtual quantum link service method and device

Publications (2)

Publication Number Publication Date
CN112367160A true CN112367160A (en) 2021-02-12
CN112367160B CN112367160B (en) 2023-09-26

Family

ID=74516683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910819217.8A Active CN112367160B (en) 2019-09-01 2019-09-01 Virtual quantum link service method and device

Country Status (1)

Country Link
CN (1) CN112367160B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113193958A (en) * 2021-05-10 2021-07-30 成都量安区块链科技有限公司 High-safety high-efficiency quantum key service method and system
CN113328853A (en) * 2021-05-25 2021-08-31 成都量安区块链科技有限公司 Coalition chain system for improving safety by adopting quantum key
CN114268441A (en) * 2022-03-03 2022-04-01 成都量安区块链科技有限公司 Quantum security application method, client device, server device and system

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588840A (en) * 2004-07-26 2005-03-02 中国工商银行 Communication method and system basenon vertual link customer terminal and bank network
CN101494803A (en) * 2008-01-25 2009-07-29 日本电气株式会社 Communication device, network system, path management method, and program
CN103535007A (en) * 2011-03-29 2014-01-22 希格默伊德解决方案有限公司 Managed authentication on a distributed network
US20160315768A1 (en) * 2015-04-22 2016-10-27 Alibaba Group Holding Limited Method, apparatus, and system for cloud-based encryption machine key injection
CN108270557A (en) * 2016-12-30 2018-07-10 科大国盾量子技术股份有限公司 A kind of backbone system and its trunking method based on quantum communications
CN109302288A (en) * 2018-11-12 2019-02-01 中共中央办公厅电子科技学院 It is a kind of based on the quantum secret communication network system of quantum key distribution technology and its application
CN109462547A (en) * 2018-11-13 2019-03-12 国科量子通信网络有限公司 Routing resource and device based on quantum metropolitan area communication network
CN208986952U (en) * 2018-11-12 2019-06-14 中共中央办公厅电子科技学院 The relay of quantum secret communication network system and communications network system including the device
CN109995511A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of mobile secret communication method based on quantum key distribution network
CN109995513A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of quantum key Information Mobile Service method of low latency
CN109995510A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of quantum key relay services method
CN109995514A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of safe and efficient quantum key Information Mobile Service method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588840A (en) * 2004-07-26 2005-03-02 中国工商银行 Communication method and system basenon vertual link customer terminal and bank network
CN101494803A (en) * 2008-01-25 2009-07-29 日本电气株式会社 Communication device, network system, path management method, and program
CN103535007A (en) * 2011-03-29 2014-01-22 希格默伊德解决方案有限公司 Managed authentication on a distributed network
US20160315768A1 (en) * 2015-04-22 2016-10-27 Alibaba Group Holding Limited Method, apparatus, and system for cloud-based encryption machine key injection
CN108270557A (en) * 2016-12-30 2018-07-10 科大国盾量子技术股份有限公司 A kind of backbone system and its trunking method based on quantum communications
CN109995511A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of mobile secret communication method based on quantum key distribution network
CN109995513A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of quantum key Information Mobile Service method of low latency
CN109995510A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of quantum key relay services method
CN109995514A (en) * 2017-12-29 2019-07-09 成都零光量子科技有限公司 A kind of safe and efficient quantum key Information Mobile Service method
CN109302288A (en) * 2018-11-12 2019-02-01 中共中央办公厅电子科技学院 It is a kind of based on the quantum secret communication network system of quantum key distribution technology and its application
CN208986952U (en) * 2018-11-12 2019-06-14 中共中央办公厅电子科技学院 The relay of quantum secret communication network system and communications network system including the device
CN109462547A (en) * 2018-11-13 2019-03-12 国科量子通信网络有限公司 Routing resource and device based on quantum metropolitan area communication network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐鹏毅;李国春;余刚;钟军;张英华;薛路;赵子岩;闫龙川;陈智雨;卢昌斌;罗斌;高松;刘建宏;: "基于QS-KMS的VPN增强电网通信安全方案", 计算机工程, no. 12 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113193958A (en) * 2021-05-10 2021-07-30 成都量安区块链科技有限公司 High-safety high-efficiency quantum key service method and system
CN113193958B (en) * 2021-05-10 2023-07-07 成都量安区块链科技有限公司 Quantum key service method and system
CN113328853A (en) * 2021-05-25 2021-08-31 成都量安区块链科技有限公司 Coalition chain system for improving safety by adopting quantum key
CN113328853B (en) * 2021-05-25 2023-09-08 成都量安区块链科技有限公司 Coalition chain system for improving security by adopting quantum key
CN114268441A (en) * 2022-03-03 2022-04-01 成都量安区块链科技有限公司 Quantum security application method, client device, server device and system

Also Published As

Publication number Publication date
CN112367160B (en) 2023-09-26

Similar Documents

Publication Publication Date Title
CN110661620B (en) Shared key negotiation method based on virtual quantum link
US11736277B2 (en) Technologies for internet of things key management
CN108023725B (en) Quantum key relay method and device based on centralized management and control network
US11595196B2 (en) Quantum key distribution method and device, and storage medium
CN110690928B (en) Quantum relay link virtualization method and device
CN110690961B (en) Quantum network function virtualization method and device
CN110677241B (en) Quantum network virtualization architecture method and device
WO2019128753A1 (en) Quantum key mobile service method with low delay
CN112367160B (en) Virtual quantum link service method and device
CN110690964B (en) Quantum service block chain creation method and application system
CN112367163B (en) Quantum network virtualization method and device
CN110059055B (en) File storage and reading method and device based on distributed private cloud
CN110690962B (en) Application method and device of service node
CN111342952B (en) Safe and efficient quantum key service method and system
CN110690960B (en) Routing service method and device of relay node
CN113315630B (en) Block chain, quantum key distribution method and device
CN113691313A (en) Satellite-ground integrated quantum key link virtualization application service system
CN112367124B (en) Quantum relay node virtualization method and device
CN108462681A (en) A kind of communication means of heterogeneous network, equipment and system
Niewolski et al. Security architecture for authorized anonymous communication in 5G MEC
CN112367161A (en) Relay node function virtualization method and device
CN104168205A (en) Message processing method and device
CN113557706B (en) Method and system for transmitting data packets, transmitting node and receiving node
CN114079560B (en) Communication encryption method, aircraft and computer readable storage medium
CN115276981A (en) Quantum key distribution method, device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant