CN112422284A - Quantum communication system - Google Patents

Quantum communication system Download PDF

Info

Publication number
CN112422284A
CN112422284A CN202011308201.XA CN202011308201A CN112422284A CN 112422284 A CN112422284 A CN 112422284A CN 202011308201 A CN202011308201 A CN 202011308201A CN 112422284 A CN112422284 A CN 112422284A
Authority
CN
China
Prior art keywords
key
quantum
pool
data
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011308201.XA
Other languages
Chinese (zh)
Other versions
CN112422284B (en
Inventor
谢四江
冯雁
刘念
阎亚龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Original Assignee
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE filed Critical BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority to CN202011308201.XA priority Critical patent/CN112422284B/en
Publication of CN112422284A publication Critical patent/CN112422284A/en
Application granted granted Critical
Publication of CN112422284B publication Critical patent/CN112422284B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication

Abstract

The embodiment of the specification discloses a quantum communication system, which comprises at least one network node; the network node includes at least one sub-node corresponding to different communication layers. A pair of first key pools is correspondingly distributed in adjacent child nodes of the same communication layer; the adjacent subnodes refer to two subnodes which carry out information encryption transmission based on a quantum key shared between the two subnodes in the same communication layer. Quantum keys shared by corresponding adjacent child nodes are stored in the first key pool; at least part of sub nodes of the same communication layer are internally provided with a second key pool; the second key pools are distributed in pairs in the two child nodes, and the pair of second key pools corresponds to the pair of first key pools of the next communication layer of the communication layer where the pair of second key pools are located. The pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools. The arrangement sequence of the communication layers from top to bottom is the sequence of quantum key transmission in the network nodes.

Description

Quantum communication system
Technical Field
The present disclosure relates to the field of quantum cryptography communication technologies, and in particular, to a quantum communication system.
Background
With the active development of quantum theory and technical research in various countries, many countries have begun to build wide-area quantum communication networks. According to the existing research results, similar to the traditional TCP/IP network, the quantum communication network is divided into network layers according to a network protocol, and secret communication among network nodes of each layer is completed by constructing a key pool on the network nodes of each layer, so that the quantum key distribution of the whole network is realized.
In network communication, a pair of synchronous key pools needs to be respectively constructed at both communication sides, and a key is taken out from the key pools to encrypt messages transmitted between the pair of network nodes. However, no matter the quantum terrestrial network or the quantum satellite network, the keys in the network node key pool are all generated by quantum key production of the quantum key distribution equipment, and then the keys are distributed according to different network node communication requirements. Different network nodes have great difference according to actual requirements, structures of communication layers, communication protocols and the like. For the difference, the distribution of the key also needs to be configured differently to meet the needs of the actual scene. Practical experience shows that the differential configuration makes the key transmission design between the network nodes complex and tedious, has poor universality and is difficult to flexibly expand. Therefore, a more simple and flexible key pool layout method and key distribution method for a quantum communication system are needed.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a quantum communication system, which can make the construction of the whole quantum communication system more simple, convenient and flexible, and have stronger expansibility.
The present specification provides a quantum communication system, which is implemented by the following modes:
a quantum communication system, the system comprising at least one network node. The network node includes at least one sub-node corresponding to different communication layers. And a pair of first key pools is correspondingly distributed in adjacent child nodes of the same communication layer. The adjacent subnodes refer to two subnodes which carry out information encryption transmission based on a quantum key shared between the two subnodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes. And a second key pool is distributed in at least part of the sub-nodes of the same communication layer. The second key pools are distributed in pairs in the two child nodes, and the pair of second key pools corresponds to the pair of first key pools of the next communication layer of the communication layer where the pair of second key pools are located. The pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools. And the arrangement sequence of the communication layers from top to bottom is the sequence of quantum key transmission in the network nodes.
In other embodiments of the system provided in this specification, the quantum keys in the second key pool are obtained as follows. When the second key pool is determined to have the key filling requirement, taking the second key pool with the key filling requirement as a current second key pool, and taking another second key pool which is arranged in pair with the current second key pool as a target second key pool; and taking the child node where the current second key pool is located as the current child node. Determining a key synchronization path corresponding to the current second key pool; the key synchronization path refers to a key transmission path for realizing quantum key consistency in a pair of second key pools. Determining, based on the key synchronization path, to populate a first key pool of quantum keys to the current second key pool as a designated first key pool. And taking at least part of the quantum key from the appointed first key pool and filling the quantum key into the current second key pool. And transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path.
In other embodiments of the system provided in this specification, the transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path includes the following steps. Determining each adjacent child node on a key transmission path based on the key synchronization path; and taking the child node where the target second key pool is located as a target child node. And based on the determined quantum keys in the first key pool of each adjacent child node, carrying out encryption transmission on at least part of the extracted quantum keys hop by hop, and transmitting the encrypted quantum keys to the target child node. Populating the retrieved at least a portion of the quantum keys received by the target child node into the target second key pool.
In other embodiments of the system provided in this specification, when it is determined that there is a need to fill keys in a first key pool, for neighboring child nodes of other communication layers except the uppermost communication layer, at least part of quantum keys are taken from a second key pool corresponding to the first key pool and located in a previous communication layer, and are transmitted to the first key pool where there is a need to fill keys.
In other embodiments of the system provided herein, each of the child nodes within the network node performs data transmission based on an IP communication protocol. Correspondingly, at least part of the extracted quantum key is transmitted to the first key pool with the key filling requirement based on the IP communication protocol.
In other embodiments of the system provided by this specification, the extracted at least part of the quantum key is transmitted to the first key pool where the key padding requirement exists based on the SSL protocol.
In other embodiments of the system provided in this specification, when the number of quantum keys in the first key pool is smaller than a first preset threshold, it is determined that a key padding requirement exists in the corresponding first key pool.
In other embodiments of the system provided in this specification, when the amount of quantum key stored in the second key pool is less than a second preset threshold, it is determined that a key padding requirement exists in the corresponding second key pool.
In other embodiments of the system provided in this specification, the transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path includes the following steps. Splitting the at least part of the quantum key to obtain at least one quantum key fragment; and transmitting each quantum key fragment to the target second key pool based on the key synchronization path.
In other embodiments of the system provided in this specification, for any quantum key fragment, the quantum key fragment is transmitted to the target second key pool based on the key synchronization path in the following manner. And acquiring the position information and the length information of the quantum key fragment. And transmitting the quantum key fragments and the position information and the length information of the quantum key fragments to the target second key pool based on the key synchronization path. And storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments.
In other embodiments of the system provided in this specification, a pair of first key pools located in a next communication layer and corresponding to the current second key pool and the target second key pool are respectively used as the current first key pool and the target first key pool. Correspondingly, the child node where the current first key pool is located serves as a first receiver of data transmission, and the child node where the target first key pool is located serves as a first sender of data transmission, and the following method is executed to perform quantum key encryption data transmission. A first sender acquires synchronous quantum key data stored in the target first key pool; the synchronized quantum key data refers to the quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronization path. A first sender extracts a quantum key data segment of a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss. The first sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to the first receiver; and sending the position information and the length information of the at least one sub-key segment to a first receiver. The first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and utilizing the extracted corresponding quantum key data segment to decrypt the received secret state transmission data.
In other embodiments of the system provided in this specification, the service applications corresponding to the current second key pool and the target second key pool are respectively used as a second sender and a second receiver of data transmission, and the following manner is performed to perform quantum key encrypted data transmission. The second sender sends an encryption key use request to the target child node; and the target child node is the child node where the target second key pool is located. The target child node acquires the synchronous quantum key data stored in the target second key pool; the synchronized quantum key data refers to the quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronization path. The target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss. And the target child node feeds back the position information and the length information of the at least one child key segment to the second sender. The second sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to a second receiver; and sending the position information and the length information of the at least one sub-key segment to the second receiver. And the second receiver sends a decryption key use request to the current child node according to the received position information and the length information of the at least one child key segment. And the current child node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one child key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver. And the second receiver decrypts the received secret state transmission data by using the received corresponding quantum key data segment.
The quantum communication system provided in one or more embodiments of the present specification may flexibly configure a corresponding key pool according to a need of a service application, and may flexibly configure a communication connection relationship between nodes of a communication layer based on a key filling requirement of the key pool, so as to effectively shorten a key synchronization path and improve key filling and synchronization processing efficiency. In the process of configuring the communication connection relation between nodes of the communication layer, the key pool corresponding to the child node needing to establish communication can be directly configured in the node, and then the consistent filling of the quantum key of the newly configured key pool can be realized by utilizing a key filling and synchronous processing mechanism, so that the communication construction between the nodes and the consistent filling of the quantum key can be simply and conveniently realized. Therefore, based on the scheme provided by the embodiment of the specification, the whole quantum communication system can be constructed more conveniently and flexibly and has stronger expansibility.
Based on the system architecture, the system does not depend on the communication protocol of each device in the network node, is applicable to different quantum communication network structures, node devices or network protocols, and is also applicable to a quantum ground network, a quantum satellite network or a 'heaven-earth integration' hybrid network consisting of the quantum ground network and the quantum satellite network, and has strong universality. So that the method can be used in various quantum communication networks known at present.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort. In the drawings:
fig. 1 is a schematic diagram of a quantum communication system architecture in some embodiments provided herein;
fig. 2 is a schematic diagram of a quantum communication system architecture in further embodiments provided herein;
fig. 3 is a key pool layout diagram of a quantum communication system in some embodiments provided herein;
fig. 4 is a schematic diagram of key pool layout of a quantum communication system in further embodiments provided herein;
FIG. 5 is a schematic diagram of quantum key data synchronization in some embodiments provided herein;
fig. 6 is a schematic diagram of a quantum key data synchronization method in other embodiments provided in the present specification;
FIG. 7 is a diagram illustrating quantum key data synchronization in further embodiments provided herein;
FIG. 8 is a schematic illustration of a quantum key data storage approach in some embodiments provided herein;
FIG. 9 is a schematic diagram of a quantum key data storage approach in further embodiments provided herein;
fig. 10 is a schematic diagram of a quantum key data extraction manner in some embodiments provided in the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the specification, and not all embodiments. All other embodiments obtained by a person skilled in the art based on one or more embodiments of the present specification without making any creative effort shall fall within the protection scope of the embodiments of the present specification.
The embodiment of the specification provides a quantum communication system which can comprise at least one network node. The network node may comprise at least one sub-node corresponding to different communication layers. And a pair of first key pools is correspondingly distributed in adjacent child nodes of the same communication layer. The adjacent child nodes may refer to two child nodes that perform information encryption transmission based on a quantum key shared between the two child nodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes. And a second key pool is distributed in at least part of the sub-nodes of the same communication layer. The second key pools are distributed in pairs in the two child nodes, and the pair of second key pools corresponds to the pair of first key pools of the next communication layer of the communication layer where the pair of second key pools are located. The pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools. And the arrangement sequence of the communication layers from top to bottom is the sequence of quantum key transmission in the network nodes.
Fig. 1 is a schematic diagram of an overall architecture of a quantum communication system provided in an example of an application scenario of the present specification. As shown in fig. 1, the system is divided from the deployment location and the physical connection relationship, and may include a plurality of network nodes. The network nodes may include a network node located on the ground and a network node located on a satellite. The ground-based network nodes may be further divided into ground station network nodes for ground to satellite communication and local area network nodes for ground station communication.
For example, as shown in fig. 1, quantum communication devices may be provided in the ground stations a and B located in different areas, respectively, or in the satellite S. The quantum communication device may include devices that enable quantum key production, storage, and distribution. The quantum communication devices arranged on the ground station a, the ground station B and the satellite S can be respectively used as different network nodes. The same region may include only one network node, or may include a plurality of network nodes. Referring to fig. 1, different local area network nodes, such as a local area network access node B, a local area network node C, a local area network node D, and the like, may also be correspondingly arranged for different users. Thereby constructing and obtaining the 'heaven and earth integration' quantum key transmission architecture.
Only one integrated device implementing quantum key production, storage and distribution functions may be included within a network node. Alternatively, a network node may comprise a system of devices each implementing a different function. Of course, a network node may also comprise a system of integrated devices. And are not limited herein.
Different network nodes can be connected through optical fibers or similar photonic circuits to realize quantum key sharing among different network nodes, so that quantum key encryption transmission of information among downstream service applications corresponding to different network nodes is realized. Information transmission security between devices or components in the same network node is generally high, and the possibility of cutting information is low, so that information transmission may be performed by using an information transmission method such as an IP Protocol (Internet Protocol) in a TCP/IP network system.
As shown in fig. 1, the system is divided into communication layers, and at least may include different communication layers. The communication layer may be divided into a key production layer and a key service layer, for example. The key production layer may be used for the production and distribution of quantum keys. The key service layer can be used for receiving the quantum key produced by the key production layer and providing the quantum key for the corresponding business application, so that the business application can carry out information encryption transmission based on the quantum key. In some embodiments, a key exchange layer may be designed between the key production layer and the key service layer. The key exchange layer can be used for transmission of quantum keys, network routing, management of key distribution of a quantum communication system and the like. The number of node layers of the key production layer, the key exchange layer, and the key service layer may be configured as needed, and the number of node layers of the key production layer, the key exchange layer, and the key service layer corresponding to different ground stations or local area network access points, local area network user nodes, and the like may also be different, which is not limited herein.
Fig. 2 is a schematic diagram of a hierarchical design of a quantum communication system. As shown in fig. 2, in one example scenario, the quantum communication system may include a key production layer, a key exchange layer, and a key service layer. Wherein the content of the first and second substances,
and the key production layer can be arranged in network nodes of the quantum ground network and satellite network nodes. The Key production layer may be connected to a Quantum Key Distribution (QKD) device, and configured to receive Quantum Key data produced by the QKD and distribute keys to other communication layers.
And a QKD device for realizing quantum key production can be arranged in the network node to realize quantum key production. The key production devices of the network nodes may be connected by optical fibres or similar photonic lines. Correspondingly, the produced quantum key data are consistent through the optical fiber or the similar photonic circuit so as to encrypt and decrypt the data transmitted between the corresponding network nodes. The quantum keys produced by the key production device may be stored directly into a key pool of the key production layer.
And the key exchange layer and the key production layer can transmit the quantum key produced by the QKD to the key service layer through the key exchange layer. Correspondingly, a Key Exchange device (QKX) may also be disposed on the Key Exchange layer, and the QKX device is mainly responsible for Quantum Key transmission, network routing, management of the Key service system, and the like.
And the key service layer requests the quantum key data from the key exchange layer and provides the quantum key data for the corresponding service application. Correspondingly, a Key Service layer may also be provided with a Key Service device (QKS), and the QKS device may be docked with each Service application, and Key sharing and synchronization may be performed between the two ends QKS devices corresponding to the Service application requiring Key distribution, so as to implement distribution of the Quantum Key to the Service application.
In the embodiments of the present specification, for convenience of description, different communication layers in each network node may be respectively regarded as different child nodes.
As shown in fig. 1, there may be a SQKD-a (key producing sub-node a in communication with the satellite), one or more layers of key exchange sub-nodes, and QKS-a (key serving sub-node a) under ground station a; QKS-A can be connected with a plurality of business applications APP-A1, APP-A2, … …, APP-An. The quantum key produced by SQKD-A may be transmitted QKS-A, QKS-A through the key exchange child node and then transmitted to the business application so that the business application may encrypt and transmit the information. Under the local area network node D, there are QKD-D (key producing sub-node D), one or more layers of key exchange sub-nodes, and QKS-A (key serving sub-node D); QKS-D can be connected with a plurality of business applications APP-D1, APP-D2, … …, APP-Dn. The quantum key produced by the QKD-D may be transmitted QKS-D through the key exchange child node, QKS-D and then the quantum key is transmitted to the business application so that the business application may encrypt the information for transmission. Assuming that information transmission is required between APP-A1 and APP-D1, quantum keys can be obtained from QKS-A, QKS-D respectively to perform encryption transmission and decryption of information to obtain corresponding information.
Of course, the above layout manner is a preferred example, and in the specific implementation, flexible design such as the number of network nodes, the number of layers, the relationship between network nodes, and the like may be performed on this basis, which is not limited herein. And the distribution process of the quantum key is completed through the mutual cooperation of the hierarchical and node-divided communication structure design.
Each network node may be configured with a key pool. The key pools are distributed in pairs in the network nodes of both communication parties and used for storing quantum keys shared between the network nodes of both communication parties so as to realize the encryption transmission and decryption of information between two network nodes or between service applications corresponding to the network nodes by using the shared quantum keys. In this embodiment of the present specification, the key pool may be divided into a first key pool and a second key pool.
A pair of first key pools can be correspondingly distributed in adjacent child nodes of the same communication layer. The adjacent child nodes may refer to two child nodes that perform information encryption transmission based on a quantum key shared between the two child nodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes.
Two network nodes that are directly connected by optical fibers or similar photonic lines may be configured with a pair of first key pools in the key production layer sub-nodes of the two connected network nodes. Correspondingly, the quantum key data produced by the key production equipment can be stored in the first key pool corresponding to the subnode of the key production layer. Because the quantum keys produced by the two network nodes are consistent through the optical fiber or the photonic circuit, the quantum keys of a pair of first key pools configured in the corresponding key production layer sub-nodes are also consistent, and the quantum keys can be used for data transmission between the two key production layer sub-nodes. Accordingly, the two key production layer sub-nodes may be considered as neighboring sub-nodes.
For example, as shown in fig. 1, the ground station a and the ground station B are directly connected to the satellite S through photonic lines, respectively, and then the SQKD-a sub-node of the ground station a and the SQKD-B sub-node of the ground station B are respectively configured with a pair of first key pools NP corresponding to the SQKD-S sub-node of the satellite SAS 1And NPBS 1. NP in SQKD-A and SQKD-SAS 1The quantum keys stored in (A) are consistent for encrypting and decrypting the transmitted data between SQKD-A and SQKD-S. SQKD-B and NP in SQKD-SBS 1The quantum keys stored in (A) are consistent for encrypting and decrypting the transmitted data between SQKD-B and SQKD-S. Correspondingly, the SQKD-A child node and the SQKD-S child node are a pair of adjacent child nodes, and the SQKD-B child node and the SQKD-S child node are a pair of adjacent child nodes.
Of course, for other communication layers, two child nodes that perform encrypted information transmission based on a quantum key shared between the two child nodes in the same communication layer may be used as the adjacent child nodes. And a pair of first key pools can be distributed in the adjacent child nodes and used for storing the quantum keys shared by the corresponding adjacent child nodes. The quantum keys in the first key pool may be populated by key production layer sub-nodes of the respective network nodes and processed synchronously to derive quantum keys shared by respective neighboring sub-nodes, in addition to the key production layer.
A second key pool can be arranged in at least part of the sub-nodes of the same communication layer. The second key pools are also distributed in pairs in the two child nodes, and one pair of the second key pools corresponds to the adjacent child node of the next communication layer of the communication layer where the pair of the second key pools are located. The pair of second key pools may store quantum keys shared by corresponding adjacent child nodes. And the arrangement sequence of the communication layers from top to bottom is the sequence of quantum key transmission in the network nodes.
For convenience of description, in the embodiments of the present specification, the arrangement order of different communication layers from top to bottom is an order of quantum key transmission in a network node, that is, an order in which quantum keys produced by a quantum key production device are transferred from a key production layer to a key service layer by layer, and is an order in which quantum keys are transferred from top to bottom layer by layer. Correspondingly, the key production layer is positioned at the uppermost layer, and the key service layer is positioned at the lowermost layer. Of course, the above description of the layout sequence is only defined for convenience of illustration, and does not directly limit the specific architecture of the embodiments in this specification.
As shown in fig. 3, each network node may be configured with multiple communication layers as needed, and the number of communication layers correspondingly configured by different network nodes may be different. It is assumed that the first communication layers of the network nodes in fig. 3 are key production layers, and in addition, each network node may further sequentially lay one or more communication layers as a second communication layer, a third communication layer, and so on as needed.
If communication needs to be established between the second communication layer sub-nodes of some two network nodes. As in A of FIG. 32And C2The child nodes need to establish communication, and then the communication can be established between the two child nodes A2、C2Correspondingly configuring a pair of first key pool (Neighbor pool) NPsAC 2For storing the two child nodes A2、C2The quantum key required for communication. Correspondingly, can be at A2And C2The sub-node A of the previous communication layer (i.e. the first communication layer) in the network node1And C1Configuring a pair of second Key pools (Cross Pool) CPAC 1. Accordingly, the pair of second key pools CPAC 1With a first key pool NPAC 2And correspondingly. For the child nodes of other communication layers, the first key pool and the corresponding second key pool may be configured in the same manner.
Based on the above scenario example, if a communication connection is established between two child nodes, a pair of first key pools may be configured in the two child nodes correspondingly, and a pair of second key pools may be configured in a previous communication layer child node of the corresponding network node correspondingly. Correspondingly, except for each adjacent child node of the first communication layer, each adjacent child node of other communication layers corresponds to a pair of second key pools on the previous communication layer. In other words, in the quantum communication system constructed by the above configuration, any pair of second key pools configured in each child node corresponds to an adjacent child node of a communication layer next to the communication layer where the pair of second key pools are located.
In some embodiments, the security of information transmission between communication layers in the same network node is generally high, the possibility of cutting information is low, and information transmission modes such as protocols in a TCP/IP network can be directly adopted without collecting information encryption transmission modes based on quantum communication. Correspondingly, quantum keys in the same network node can be transmitted to the key service layer sub-node layer by the key production layer sub-node through a TCP/IP network protocol, and then are provided for corresponding service application to carry out quantum encryption communication.
Based on the above-described quantum communication system, the distribution and transmission of the quantum key can be performed in the following manner.
For the neighboring child node A in FIG. 32And C2The first key pool NP is configured and completed in the wayAC 2And a corresponding second key pool CPAC 1Thereafter, the first key pool NP may be mappedAC 2Performing quantum key padding and synchronization process to make NPAC 2The quantum key shared by the corresponding adjacent child nodes is stored in the storage unit, so that the adjacent child node A is realized2And C2To encrypt the transmission of information therebetween.
The sub-nodes of the same network node adopt integrated configuration and are composed of a sub-node A2The network node a initiates the quantum key padding and synchronization process as an example, which is described as follows. Of course, if each sub-node corresponds to a processor in the actual application scenario, the sub-node a may also be used2And initiating the filling of the quantum key and the synchronous processing. Of course, in practice, the sub-node C2Or C2The network node C at which it is located may also initiate the quantum key padding and synchronization process. The corresponding key padding and execution subject initiated by the synchronization process may be determined according to an actual hardware design manner and an application scenario processing manner, which is not limited herein.
Network node A may be at NPAC 2And CPAC 1After the configuration is finished, the key filling is initiated, and the subnode A of the slave key production layer1First key pool NP ofAC 1The extracted part of the quantum key is written into a second key pool CPAC 1In (1). While performing the padding process or after completing the padding process, the network node a may synchronize the extracted quantum key to C1Second key pool CPAC 1In (1).
In some embodiments, network node a may first determine synchronization to C1Second key pool CPAC 1The key synchronization path in (1). The network node a may determine the key synchronization path corresponding to the current synchronization processing based on the parameter information of the network node, the child node, the key pool, and the like of the current synchronization processing.
In some embodiments, the key synchronization path may be preconfigured and stored. If the key synchronization path is pre-stored in the storage device corresponding to the network node a, a may obtain the key synchronization path corresponding to the current synchronization processing from the storage device based on the parameter information of the network node, the child node, the key pool, and the like of the current synchronization processing. In an actual application scenario, the path for key synchronization may correspond to one or more paths, and the path with the least number of hops between nodes may be used as the key synchronization path in advance, and stored based on parameter information such as corresponding network nodes, child nodes, and key pools. Of course, the path optimization method is only an example, and may be configured as needed in a specific application scenario. Alternatively, a plurality of paths may be stored at the same time, and then, a preferred condition may be set to perform the screening of the key synchronization path of the present synchronization process.
Or, in other embodiments, the key synchronization path may not be configured in advance, the topology architecture information of the quantum communication system is stored in the storage device of the network node, and the server of the network node selects the key synchronization path corresponding to the current synchronization processing in real time according to the parameter information of the network node, the child node, the key pool, and the like of the current synchronization processing, or further referring to a pre-configured preferred condition.
Assume the key synchronization path corresponding to this synchronization process as the adjacent child node A1And S1Adjacent child node S1And B1Adjacent child node B1And C1And synchronizing to C1Second key pool CPAC 1Then network node a may be from a1First key pool NP ofAS 1Taking out A1And S1Shared quantum key KASThen, K can be utilizedASCarrying out encryption processing on the key, and encrypting the encrypted quantum keyASAnd the key synchronization path is sent to the child node S of the network node S1. E.g. to the child node S1The storage device of (3), local caching. The network node S may be a slave S1First key pool NP ofAS 1Retrieving a consistent key KASThen, K can be utilizedASFor keyASAnd carrying out decryption processing to obtain the key. The key can be cached locally first. Then, after the key is encrypted and transmitted to the next hop child node, the cached data is cleaned. Alternatively, the cache data may be periodically cleared. For the following hop-by-hop key transmission, the key may be stored in the same or similar manner as in this embodiment, which is not described in detail below. And if the key synchronization path is also encrypted, decrypting the encrypted key synchronization path to obtain the key synchronization path.
The network node S may then synchronize the path from S based on the key1First key pool NP ofBS 1In which S is taken out1And B1Shared quantum key KBSThen, K can be utilizedBSCarrying out encryption processing on the key, and encrypting the encrypted quantum keyBSAnd the key synchronization path to the child node B of the network node B1. The network node B may be from B1First key pool NP ofBS 1Retrieving a consistent key KBSThen, K can be utilizedBSFor keyBSAnd carrying out decryption processing to obtain the key. And if the key synchronization path is also encrypted, it is also possibleAnd decrypting the encrypted key synchronization path to obtain the key synchronization path.
Thereafter, the network node B may repeat the above steps, using the key and key synchronization path B1And C1The quantum key in the corresponding first key pool is encrypted and transmitted to the child node C1. Finally, network node C can populate the keys to QKD-C based on the key synchronization path1Second key pool CPAC 1In the above, the present synchronization process is completed.
Based on the above scenario example, in some embodiments, the shared quantum key in the second key pool may be obtained in the following manner. And when determining that the second key pool has the key filling requirement, taking the second key pool with the key filling requirement as a current second key pool, and taking another second key pool which is paired with the current second key pool as a target second key pool. And taking the child node where the current second key pool is located as the current child node. Determining a key synchronization path corresponding to the current second key pool; the key synchronization path refers to a key transmission path for realizing quantum key consistency in a pair of second key pools. Determining, based on the key synchronization path, to populate a first key pool of quantum keys to the current second key pool as a designated first key pool. And taking at least part of the quantum key from the appointed first key pool and filling the quantum key into the current second key pool. And transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path.
Wherein the step of transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path may include the following steps. And determining each adjacent child node on the key transmission path based on the key synchronization path. And taking the child node where the target second key pool is located as a target child node. Correspondingly, based on the determined shared quantum key stored in the first key pool of each adjacent child node, performing hop-by-hop encrypted transmission on at least part of the extracted quantum key, and transmitting the quantum key to the target child node. Populating the retrieved at least a portion of the quantum keys received by the target child node into the target second key pool.
In other embodiments, network nodes A or C may each be selected from a corresponding CPAC 1Extract key and fill to adjacent child node A2And C2First key pool NP ofAC 2In (1).
Based on the quantum communication system, the network nodes A, C may respectively receive the corresponding CPs based on the IP communication protocolAC 1Extract key and fill to adjacent child node A2、C2First key pool NP ofAC 2In (1). In some embodiments, the network node A, C may also fill the extracted quantum key to the neighboring child node a based on SSL (Secure Sockets Layer) protocol2、C2First key pool NP ofAC 2In (1). Of course, other communication protocols may be used for secure transmission, and are not limited herein.
When quantum keys are extracted from the corresponding second key pools and the quantum keys are filled into the first key pools of the adjacent child nodes, a full-filling mode can be adopted. That is, all quantum key data stored therein may be extracted from the corresponding second key pool and filled into its corresponding pair of first key pools located in the next communication layer. The simplicity of quantum key filling can be improved by the full filling mode. In other embodiments, a non-full padding mode may also be adopted, and accordingly, the key padding instruction may include a secondary CP corresponding to the key padding instructionAC 1Parameter information of key extracted so that the network node C can slave to the corresponding CPAC 1Extracting corresponding quantum key, and filling into NPAC 2In, the child node A is guaranteed2And C2First key pool NP in (1)AC 2The quantum key data in (1).
Based on the above scenario example, in some embodiments, when it is determined that there is a key padding requirement for a first key pool, for neighboring child nodes of other communication layers except for the uppermost communication layer, at least part of quantum keys may be taken from a second key pool located in an upper communication layer corresponding to the first key pool, and transmitted to the first key pool where there is a key padding requirement.
In the case that each child node in the network node performs data transmission based on the IP communication protocol, at least part of the extracted quantum keys may be transmitted to the first key pool with the key padding requirement based on the IP communication protocol. Further, at least part of the extracted quantum keys can be safely transmitted to the first key pool with the key filling requirement based on the SSL protocol.
In other embodiments, a key padding requirement determining mechanism may be further configured for each of the first key pool and the second key pool. The network node may determine whether the respective first and second key pools require key padding based on the respective key padding requiring decision mechanisms. In some embodiments, the key padding requirement determining mechanism may be that the quantum key storage amount in the first key pool or the second key pool is less than a preset threshold, for example.
Correspondingly, when the quantum key storage amount in the second key pool is smaller than a second preset threshold, it may be determined that a key filling requirement exists in the corresponding second key pool. And determining that the key filling requirement exists in the corresponding first key pool when the number of the quantum keys in the first key pool is smaller than a first preset threshold. Based on the determination mechanism, the network node or the child node may initiate quantum key padding and synchronization processing when determining that the quantum key storage amount in each of the first key pool or the second key pool is smaller than a corresponding preset threshold. The first preset threshold and the second preset threshold can be configured according to the communication requirements of the sub-nodes or the service applications corresponding to the first key pool or the second key pool and the requirements of key layer-by-layer transmission, so that the flexibility of key filling is improved.
For example, network node A is determining child node A2First key pool NPAC 2When the storage amount of the medium quantum key is less than the corresponding first preset threshold value, the corresponding CP can be startedAC 1Extracting key and filling the key to the child node A2First key pool NPAC 2In (1). And, can be directed to the corresponding child node C2Sending a key padding instruction to let network node C slave to the corresponding CPAC 1Extract key and fill to child node C2First key pool NP ofAC 2In (1).
If the network node A determines the child node QKD-A1Second key pool CPAC 1When the storage amount of the medium quantum key is less than the corresponding second preset threshold value, the storage amount of the medium quantum key can be selected from QKD-A1First key pool NP ofAC 1The extracted quantum key is filled into a second key pool CPAC 1In (1). And, can also be based on the above-mentioned synchronous processing method, synchronize the quantum key that is extracted to the child node QKD-C1Second key pool CPAC 1In (1).
The above-mentioned key padding requirement determining mechanism is a preferred example, and in practical applications, other key padding requirement determining mechanisms may also be adopted, such as setting a padding time, and the like, which is not limited herein.
According to the scheme, the key pool design mode and the key transmission scheme provided by the embodiment of the specification can be suitable for different quantum secret communication network structures, node devices or network protocols, can also be suitable for a quantum ground network, a quantum satellite network or a 'heaven and earth integration' mixed network consisting of the quantum ground network and the satellite network, have strong universality, and can be popularized and used in various currently known quantum secret communication network design schemes. That is, the key pool design method and the key transfer scheme provided in the above embodiments directly utilize the loop iteration of the first key pool pair between adjacent child nodes and the second key pool pair correspondingly laid on the previous communication layer, so that the layer-by-layer transfer of the quantum key can be realized, it is not necessary to distinguish which communication layer the devices to be communicated work on, and which communication method is adopted between the devices on the communication layer, thereby greatly improving the simplicity and universality of the quantum key transfer.
Based on the solutions provided by the above embodiments, embodiments of the present specification further provide a service application scenario example, so as to further illustrate the practicability of the solutions provided by the above embodiments corresponding to the service application.
As shown in FIG. 4, for example, the business applications APP-1 through APP-m correspond to the key service layer sub-node A of the network node A3Service applications APP-1 'to APP-m' correspond to the key service layer sub-node P of the network node P3. Wherein, information transmission is respectively carried out between APP-1 and APP-1', APP-2 and APP-2', … … APP-m and APP-m '. Can be based on the above information transmission requirement at A3And P3A pair of second key pools is correspondingly configured, and quantum keys required by a corresponding pair of service applications in information transmission are stored in the second key pools. Correspondingly, when a pair of service applications perform information transmission, any one of the service applications may extract quantum key data from the corresponding second key pool, encrypt transmission information, and send the encrypted transmission data to the other service application. Another service application may extract quantum key data from the corresponding second key pool and then decrypt the received encrypted transmission information to obtain the transmission information.
In determining A3And P3When the quantum key storage amount of any second key pool is smaller than the corresponding preset threshold, the key synchronization path corresponding to the second key pool may be determined first, and the determination method may be implemented with reference to the above embodiment. Suppose is A3Second key pool CP corresponding to middle APP-1AP 3,1The storage amount of the quantum key in the second key pool is less than the corresponding preset threshold value, and the determined second key pool CPAP 3,1The corresponding key synchronization path is the adjacent child node A3And C3Adjacent child node C3And P3And synchronizing to P3Second key pool CPAP 3,1. Based on the key synchronization path, the direction A can be determined3Second key pool CP in (1)AP 3,1First key pool NP for key paddingAC 3. First key pool NPAC 3Is A3And C3A corresponding first key pool.
First within a child nodeThe key pool and the second key pool are not necessarily one-to-one, and in an actual application scenario, the first key pool for filling keys into the second key pool may be determined based on a key synchronization path corresponding to the second key pool. The network node a may then derive from the first key pool NPAC 3Extracting quantum key-1 from the first key pool, and filling the quantum key-1 into a second key pool CPAP 3,1In (1). Meanwhile, the extracted quantum key-1 can be further based on the first key pool NPAC 3The quantum key in (1) is encrypted and transmitted to the child node C3. Child node C3After decryption, key-1 is based on the first key pool NPCP 3The quantum key in (1) is encrypted and transmitted to the child node P3. Child node P3After decryption, key-1 may be padded to P3Second key pool CP in (1)AP 3,1. The synchronization processing method can be specifically implemented with reference to the above embodiments, and will not be further described here.
By the method, the quantum key in the second key pool corresponding to the service application can be synchronously filled, correspondingly, the service application can directly extract the quantum key from the corresponding second key pool and carry out information encryption transmission, and the quantum key distribution is simply and efficiently realized.
In an actual application scenario, the corresponding second key pool can be flexibly configured according to the requirements of service application, and meanwhile, the communication connection relation between the sub-nodes of the upper communication layer can be flexibly configured based on the key filling requirements of the second key pool, so that the key synchronization path is effectively shortened, and the key filling and synchronization processing efficiency is improved.
In the process of configuring the communication connection relation between the sub-nodes of the upper communication layer, the first key pool corresponding to the sub-node needing to establish communication and the second key pool corresponding to the sub-node needing to establish communication can be directly configured in the sub-node, and then, the consistent filling of the quantum keys of the newly configured key pool can be realized by using a key filling and synchronous processing mechanism, so that the communication construction between the sub-nodes and the consistent filling of the quantum keys can be simply and conveniently realized. Meanwhile, when a redundant communication connection relation occurs, the cleaning of the redundant communication relation can be completed on the basis of not causing substantial influence on the whole communication system by directly removing the corresponding first key pool and the second key pool. Therefore, based on the scheme provided by the embodiment of the specification, the whole quantum communication system can be constructed more conveniently and flexibly and has stronger expansibility.
In some embodiments, the quantum key synchronization process may be performed in the following manner. Setting a Maximum Transmission Unit (MTU), and dividing the key in the key Pool Cross Pool into a plurality of fragments according to the size of the MTU. Wherein the MTU is used to limit the key data size of a single transmission. The size of the MTU can be set according to actual needs to reduce the influence on the use of the whole key when the key data is lost. The network node may determine the key synchronization path by querying a routing table. As shown in fig. 5, each child node of the path to the destination node can be found, and each child node can be divided into a current child node, one or more intermediate child nodes, and a target child node. And encrypting the key fragments by using a quantum key shared by adjacent child nodes in a key synchronization path, and sequentially transmitting the key fragments hop by hop until the target child nodes. The processing method for synchronizing each key fragment from the current child node to the target child node may be implemented with reference to the foregoing embodiment, and details are not described here.
Accordingly, in some embodiments, the transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path may include: and splitting the at least part of the quantum key to obtain at least one quantum key fragment, and transmitting each quantum key fragment to the target second key pool based on the key synchronization path.
Then, through error control protocol, sending confirmation, error feedback and retransmission can be carried out between the corresponding child nodes at the two ends, so as to ensure that the transmission of the key fragment is error-free. And after confirming that the transmission of the key fragments is correct, the target child node fills the key fragments into the corresponding second key pool.
The complex interaction process of the error control protocol itself may further consume the quantum keys in the key pool, resulting in a waste of quantum keys. Correspondingly, in other embodiments, the following manner may also be adopted for the synchronization processing of the quantum key and the encrypted transmission of information based on the quantum key.
As shown in fig. 6, it is assumed that a key synchronization path corresponding to a certain synchronization process is as follows. Referring to FIG. 6, assume that the current child node is T1The middle child nodes are respectively T2、T3… …, the target child node is Tm. The quantum key data to be transmitted in the sub-synchronous processing is a key, and correspondingly, the key can be a slave T1And T2And quantum key data taken out of the corresponding first key pool. Assume that the execution subject is each child node, child node T1Can write the key into the child node T1In (1) corresponds to T1And TmSecond key pool CP1m
As shown in FIG. 7, the child node T1The key may be further split into n key slices per MTU: k1、K2、K3、….、Kn. Accordingly, the specific synchronization process for each key fragment is performed as follows.
(1) Child node T1Determining a next hop sub-node T according to the key synchronization path2
(2) Child node T1Slave child node T1And T2First key pool NP of12Taking out the quantum key K12Then, using K12Slicing key1OTP (One Time Password) protection is performed.
(3) Child node T1Will protect K1、K1Length (Length) L of1、K1At child node T1Second key pool CP in (1)1mOf1(offset amount), K12Length L of the key12And K12At child node T1First key pool NP in (1)12Of12Transmission to child node T2
(4) Child node T2Receiving child node T1Transmission ofAfter data of (D), according to K12Key length and K12Of12Slave child node T2First key pool NP in (1)12Taking out the secret key K12For protected K1、K1Length L of the key1、K1Of1Decrypting to obtain K1、L1And offset1
(5) Child node T2K will be treated in a manner similar to that of (1) - (4)1、L1And offset1Transmitting to next hop node T3. And so on until K1、L1And offset1Transmission to child node Tm
(6) Child node TmObtaining K1、L1And offset1Then according to L1And offset1Is a reaction of K1Write child node TmSecond key pool CP in (1)1m
(7) Likewise, for K2、K3、….、KnThe equal key fragments are also transmitted to T according to the processing modes of (1) - (6)mSecond key pool CP in (1)1m
As shown in fig. 8, each key fragment K is transmitted and written in the key fragment transmission and writing manner described above1、K2、K3、…、KnAre written into the second key pool CP in sequence according to the corresponding offset and Length1m. If each child node transmits K1、K2、K3、….、KnIn the process, some key fragment transmission failures occur, for example, the key fragment data is lost or the key data is wrong in the transmission process, which results in TmIf the corresponding key fragment is not received, a hole appears at the corresponding position, namely, the key fragment data is missing.
Assume K is shown in FIGS. 7 and 81、K2、K3、….、KnIn the process of equal key fragment transmission, the key fragment Ki(1. ltoreq. i. ltoreq. n) and Kj(j is more than or equal to 1 and less than or equal to n and i is not equal to j) fails in the transmission of the middle child node,
(1)Kinext key fragment K ofi+1To the child node TmTime, child node TmAccording to Ki+1Ofi+1And Li+1Will Ki+1Write to second Key pool CP1mIn (1). Thus, the child node TmSecond key pool CP1mCorresponds to KiThe section of the region in which the "hole" appears, i.e. the child node T1Second key pool CP1mWith KiAnd child node TmSecond key pool CP1mOnly remain KiWithout key data padding, as shown in the left hand diagram of fig. 8.
(2) Child node TmCan record KiOffset ofiAnd length Li
(3) Similarly, when KjNext key fragment K ofj+1To the child node TmTime, child node TmAccording to Kj+1Offset ofiAnd length LiWill Kj+1Write to second Key pool CP1mIn (1). Thus, the child node TmSecond key pool CP1mCorresponds to KjThere will also be "holes" in that section of the region, i.e., the child node T1Second key pool CP1mWith KjAnd child node TmSecond key pool CP1mOnly remain KjWithout key data padding.
(4) Child node TmCan record KjOffset ofjAnd length Lj
Based on the above scenario example, in some embodiments, for any quantum key fragment, the quantum key fragment may be transmitted to the target second key pool based on the key synchronization path in the following manner. Acquiring position information and length information of the quantum key fragments; transmitting the quantum key fragments and the position information and the length information of the quantum key fragments to the target second key pool based on the key synchronization path; and storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments. Wherein the position information can be characterized by the Offset. Of course, the method may also be characterized in other ways in practical application, and is not limited herein.
Through the above manner, the quantum key data synchronized to the second key pool may have a condition of key data missing, and in this embodiment of the present description, the key data in the second key pool may not be subjected to error correction, so as to avoid further consumption of the key data caused by an error correction process.
And when the quantum key is extracted from the second key pool and the key is filled in the first key pool of the next communication layer corresponding to the second key pool, the extracted quantum key can be directly written in the corresponding first key pool through an IP communication protocol. Correspondingly, when the adjacent child nodes encrypt and transmit the transmission data by using the quantum key data in the first key pool, the child node initiating data transmission in the adjacent child nodes, that is, the data sender, may encrypt the transmission data by using the quantum key data synchronously transmitted in the first key pool corresponding to the adjacent child nodes.
For example, for the scenario example above, TmCP of1mIn which slave T is correspondingly storedmDirectly fills up the quantum key from the first key pool of (a), and from T1Synchronously transmitting the quantum key; likewise, T1CP of1mIn which slave T is correspondingly stored1Directly fills up the quantum key from the first key pool of (a), and from TmAnd synchronizing the transmitted quantum keys. The quantum keys filled this time and processed synchronously can be marked in the second key pool respectively.
For example, T may bemCP of1mFrom TmThe first key pool is directly filled with the quantum key, and the identifier is the data of the filled quantum key; will TmCP of1mFrom T1And the quantum key synchronously transmitted based on the key synchronization path is identified as synchronous quantum key data. For T1CP of1mMay be identified in the same manner. Or, the two kinds of quantum keys can be respectively stored to the data of the corresponding identificationsIn the table. Of course, the above labels are merely examples, and do not constitute a direct limitation on the corresponding quantum key data storage manner of the present application. Persons in the corresponding technical field can set the identification mode and the storage mode as required.
Suppose CP1mThe first key pool of the corresponding next communication layer is NP1m,NP1mThe adjacent sub-nodes are respectively T1' and Tm'。T1' and Tm' from T1And TmCP of1mExtraction of the Quantum Key, T1And TmThe extracted quantum key may be written to T via an IP communication protocol1' and Tm' NP of1mIn, then T1' and Tm' NP of1mThe system also corresponds to the directly filled quantum key and the synchronously transmitted quantum key. T is1And TmWriting the extracted quantum key to T over an IP communication protocol1' and Tm' NP of1mIn this case, the identification information associated with the quantum key may be transmitted together. Accordingly, the quantum key may be written to T based on the identification information associated with the quantum key1' and Tm' NP of1mIn (1).
In other embodiments, the first key pool and the second key pool may be further divided to obtain sub-key pools respectively identified as a first synchronization sub-key pool, a first padding sub-key pool, a second synchronization sub-key pool, and a second padding sub-key pool. Accordingly, TmCP of1mMay include a second pool of synchronized subkeys CP1m-2Second padding sub-key pool CP1m-1。NP1mMay comprise a first synchronization subkey pool NP1m-2First padding of the subkey pool NP1m-1. Then from TmThe first key pool is directly filled with the quantum key, and the CP can be written in1m-1(ii) a From T1Based on quantum key synchronously transmitted by key synchronous path, CP can be written1m-2. For T1CP of1mThe pool of sub-keys may be partitioned in the same manner and the quantum keys may be written. T is1And TmAmount to be extracted by IP communication protocolSubkey write T1' and Tm' NP of1mIn the middle, can be respectively from CP1m-1、CP1m-2Respectively fetching the quantum key and correspondingly writing NP1m-1、NP1m-2In (1).
The data sender may utilize NP1mThe synchronized quantum key in (1) encrypts the transmission data. The data sender can extract the quantum key data segment used for encryption according to the Offset and the length L of the key data missing part in the synchronous quantum key, so that the quantum key data segment used for encryption has no key missing.
In some embodiments, such as from a certain position Offset0Start to extract the specified length L0If the missing part of the key data is not involved, the extracted quantum key data segment only includes a sub-key segment with the start position of Offset0Length of L0
From a certain position Offset0Start to extract the specified length L0If the missing part of the key data is involved, the Offset from a certain position is extracted first0Starting with a sub-key segment of the first missing key portion and recording the start position Offset of the sub-key segment0And length information L1. Then, skipping over the first key missing part, and continuing to extract the quantum data until the sum of the lengths of all the extracted sub-key segments is L0. Correspondingly, the extracted quantum key data segment may include two or more sub-key segments, and the start position and length information of each sub-key segment are recorded.
Accordingly, the data sender may extract a quantum key data segment for encryption according to the Offset and the length L of the missing key data portion in the synchronous quantum key, and the extracted quantum key data segment may include at least one sub-key segment. The data transmitting side may record the location information and the length information of the at least one sub-key segment.
The data sender can encrypt the transmission data by using the extracted quantum key data segment and encrypt the encrypted dataAnd transmitting the transmission data to a data receiver, namely a child node which receives the transmission data in the adjacent child nodes. The data sending party can also send the position information and the length information of at least one sub-key segment in the extracted quantum key data segment to the data receiving party. The data sender may send the position information and the length information of at least one sub-key segment in the extracted quantum key data segment to the data receiver when sending the encrypted transmission data. Alternatively, the data sending side may send the location information and the length information of the sub-key segment to the data receiving side every time the data sending side extracts a word key segment. The data receiver can utilize the position information and the length information of at least one sub-key segment to receive the NP of the data receiver1mAnd extracting the corresponding quantum key data segment for decryption to decrypt the encrypted transmission data.
By the mode, the key receiving end can simply and efficiently judge which fragments have errors or lost packets in the transmission process according to the actually received position information and length information of the key fragments in the using process. The key receiving end only uses the correctly received key fragments to use the keys, and the keys which are correspondingly stored by the key sending end are complete, so that the corresponding decryption keys can be effectively extracted according to the encryption keys used by the key receiving end, and the normal decryption of the data is ensured. Therefore, the data encryption transmission based on the quantum key can be realized without complicated error control, data check and retransmission in the key transmission process, and the resource waste in the key transmission process is effectively reduced.
In one scenario example, NP1mThe key data stored in (1) is shown in FIG. 9, T1' and Tm' encrypted data transmission can be performed in the following manner.
(1)Tm' application for encrypted quantum key data segment key, the specified length of application is length. The specified length can be determined according to actual needs. For example, the transmission information to be encrypted for transmission is a length quantum key, based on a corresponding encryption algorithm, TmThe quantum key data segment used for encryption in the' application is also length.
(2)TmFrom a first pool of keys NP1mThe rule for retrieving the quantum key data segment is as follows.
First-in-first-out, i.e., fetching key data segments from the first key pool from the bottom up as shown in fig. 10.
If the first key pool NP1mIf there is no hole in the current region covered between Offset and Offset + Length, then T ism'directly fetching quantum key data segment key with Length, Length of key' and key in first key pool NP1mOffset, when Length' is the same as Length. The extracted quantum key data segment includes a sub-key segment whose position information is Offset and Length.
If the first key pool NP is determined according to the record of the missing key data1mIn the area covered by the current Offset and Offset + Length, there is a hole, as shown in fig. 10. Then Tm'get the quantum key data with Length' first, where Length 'is not equal to Length and Length' < Length. And taking the quantum key data between the extracted Offset and Offset + Length' as a first sub-key segment. The first sub-key segment is in a first key pool NP1mThe starting position of (1) is Offset and the Length is Length'.
Suppose the Length of the first hole is Length1Skipping the first hole, and setting the start position of the next sub-key segment as offset1=offset+Length’+Length1. Then, the offset can be set1For the starting position, Length is extracted1Length-Length' Length quantum key data. If offset1And offset1+Length1' No hole is covered between them, the extraction is finished, and the extracted offset is used1And offset1+Length1The quantum key data between' as the second subkey segment. The starting position of the second sub-key segment is offset1Length of Length1'. Correspondingly, the extracted quantum key data segment comprises a first sub-key segment and a second sub-key segment.
If offset1And offset1+Length1If there is a hole between them, the hole is used as the second hole to extract the offset1And quantum key data between the initial position of the second hole is used as a second sub-key segment, and the initial position offset of the second sub-key segment is recorded1And Length1'. Then, skipping the second hole, and the initial position of the next extracted sub-key segment is offset2=offset1+Length1’+Length2Wherein, Length2The length of the second cavity. Then, the offset can be set2For the starting position, Length is extracted2’=Length-Length’-Length1Quantum key data of' length. If offset2And offset2+Length2' there is no hole covered between them, the extraction is finished. Will offset2And offset2+Length2The quantum key data between' as the third subkey segment. If the holes are covered, the similar processing steps are repeated, the third sub-key segment is extracted, and the extraction of the next sub-key segment is continued by skipping the holes. And so on until the whole length of the extracted quantum key data is equal to length. (3) T ismThe method comprises the steps of encrypting transmission data by using a key, and transmitting the position information and the length information of at least one sub-key segment in the key to T when the encrypted transmission data is transmitted1'。
(4)T1' after receiving the position information and the length information of at least one sub-key segment in the key, the position information and the length information can be obtained from T1' the first key pool NP1mAnd extracting the quantum key data segment key corresponding to the corresponding position information and the length information. Then, T1And decrypting the received secret transmission data by using the extracted key to obtain the transmission data.
Based on the above scenario example, in some embodiments, a pair of first key pools located in a next communication layer and corresponding to the current second key pool and the target second key pool may be respectively used as the current first key pool and the target first key pool. Correspondingly, the child node where the current first key pool is located serves as a first receiver of data transmission, and the child node where the target first key pool is located serves as a first sender of data transmission, and the following method is executed to perform quantum key encryption data transmission.
S101: a first sender acquires synchronous quantum key data stored in the target first key pool; the synchronized quantum key data refers to the quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronization path.
S102: a first sender extracts a quantum key data segment of a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss.
S103: the first sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to the first receiver; and sending the position information and the length information of the at least one sub-key segment to a first receiver.
S104: the first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and utilizing the extracted corresponding quantum key data segment to decrypt the received secret state transmission data.
If CP1mCorresponding to the business application, the sub-node T is assumed1、TmThe corresponding service applications are APP-i and APP-i ', and APP-i' can perform encrypted data transmission in the following manner.
(1) APP-i' to TmApplying for a quantum key data segment key for encryption, wherein the length of the application is length. The specified length may be determined according to the size of the quantum key required by the service application to transmit data.
(2)TmFrom a second pool of keys CP1mThe rule for retrieving the quantum key data segment is as follows.
First-in-first-out, i.e., the key data segments are taken from the second key pool from the bottom up as shown in fig. 10.
If the second key pool CP1mIf there is no hole in the current region covered between Offset and Offset + Length, then T ismDirectly taking out the quantum key data segment key with Length, the Length' of the key and the key in the first key pool CP1mOffset, when Length' is the same as Length. The extracted quantum key data segment includes a sub-key segment whose position information is Offset and Length.
(iii) if TmDetermining a second key pool CP from a record of missing key data1mIn the area covered by the current Offset and Offset + Length, there is a hole, as shown in fig. 10. Then TmAnd taking out the key quantum key data with the Length 'which is different from the Length' and is less than the Length. And taking the quantum key data between the extracted Offset and Offset + Length' as a first sub-key segment. The first sub-key segment is in the second key pool CP1mThe starting position of (1) is Offset and the Length is Length'.
Suppose the Length of the first hole is Length1Skipping the first hole, and setting the start position of the next sub-key segment as offset1=offset+Length’+Length1. Then, the offset can be set1For the starting position, Length is extracted1Length-Length' Length quantum key data. If offset1And offset1+Length1' No hole is covered between them, the extraction is finished, and the extracted offset is used1And offset1+Length1The quantum key data between' as the second subkey segment. The starting position of the second sub-key segment is offset1Length of Length1'. Correspondingly, the extracted quantum key data segment comprises a first sub-key segment and a second sub-key segment.
If offset1And offset1+Length1If there is a hole between them, the hole is used as the second hole to extract the offset1Quantum between the initial position of the second holeKey data as a second sub-key segment, and recording a start position offset of the second sub-key segment1And Length1'. Then, skipping the second hole, and the initial position of the next extracted sub-key segment is offset2=offset1+Length1’+Length2Wherein, Length2The length of the second cavity. Then, the offset can be set2For the starting position, Length is extracted2’=Length-Length’-Length1Quantum key data of' length. If offset2And offset2+Length2' there is no hole covered between them, the extraction is finished. Will offset2And offset2+Length2The quantum key data between' as the third subkey segment. If the holes are covered, the similar processing steps are repeated, the third sub-key segment is extracted, and the extraction of the next sub-key segment is continued by skipping the holes. And so on until the whole length of the extracted quantum key data is equal to length.
(3)TmAnd sending the position information and the length information of at least one sub-key segment in the key and the key to a business application APP-i', encrypting the transmission data by using the key, and transmitting the position information and the length information of at least one sub-key segment in the key to the APP-i when the encrypted transmission data is sent.
(4) After APP-i receives the position information and the length information of at least one sub-key segment in the key, the position information and the length information are sent to T1And applying for a decryption key, wherein the parameters corresponding to the key data segment are the position information and the length information of at least one sub-key segment in the key.
(5)T1Can be selected from T1Second key pool CP in (1)1mAnd extracting the quantum key data segment key corresponding to the corresponding position information and the length information. And then, feeding back to the business application APP-i.
(6) And the business application APP-i decrypts the received secret transmission data by using the extracted key to obtain the transmission data.
Based on the above scenario example, in some embodiments, the service applications corresponding to the current second key pool and the target second key pool may be respectively used as a second sender and a second receiver of data transmission, and perform quantum key encryption data transmission in the following manner.
S201: the second sender sends an encryption key use request to the target child node; and the target child node is the child node where the target second key pool is located. The encryption key use request may include address information of the second sender, instruction information to acquire quantum key data for encryption, and the like.
S202: the target child node acquires the synchronous quantum key data stored in the target second key pool; the synchronized quantum key data refers to the quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronization path.
S203: the target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss.
S204: and the target child node feeds back the position information and the length information of the at least one child key segment to the second sender.
S205: the second sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to a second receiver; and sending the position information and the length information of the at least one sub-key segment to the second receiver.
S206: and the second receiver sends a decryption key use request to the current child node according to the received position information and the length information of the at least one child key segment. The decryption key usage request may include address information of the second receiver, location information and length information of at least one sub-key segment received by the second receiver, instruction information for acquiring quantum key data corresponding to the location information and the length information of the at least one sub-key segment, and the like.
S207: and the current child node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one child key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver.
S208: and the second receiver decrypts the received secret state transmission data by using the received corresponding quantum key data segment.
In the key distribution and use method provided in the above embodiments, when the keys are synchronized, the key fragments are written based on the position information and the length information of each key fragment, when the key distribution and use method is used, the key data segments without data loss are directly extracted to perform encryption processing of the keys, and the position information and the length information of the corresponding key data segments are sent to the other party, so that the other party extracts the corresponding key data segments based on the corresponding position information and the length information, and decryption processing can be achieved. Therefore, after the key synchronization processing, the quantum key data does not need to be subjected to additional error correction processing, the data encryption transmission by using the quantum key can be simply and conveniently realized, and the simplicity of the data encryption transmission based on the quantum key is improved. Meanwhile, the waste of the quantum key can be avoided, and the utilization rate of the quantum key is improved.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. For details, reference may be made to the description of the related embodiments of the related processing, and details are not repeated herein.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments of the present description are not limited to what must be consistent with a standard data model/template or described in the embodiments of the present description. Certain industry standards, or implementations modified slightly from those described using custom modes or examples, may also achieve the same, equivalent, or similar, or other, contemplated implementations of the above-described examples. The embodiments using these modified or transformed data acquisition, storage, judgment, processing, etc. may still fall within the scope of the alternative embodiments of the present description.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (12)

1. A quantum communication system, characterized in that the system comprises at least one network node; the network node comprises at least one sub-node corresponding to different communication layers; wherein the content of the first and second substances,
a pair of first key pools is correspondingly distributed in adjacent child nodes of the same communication layer; the adjacent subnodes refer to two subnodes which carry out information encryption transmission based on a quantum key shared between the two subnodes in the same communication layer; quantum keys shared by corresponding adjacent child nodes are stored in the first key pool;
at least part of sub nodes of the same communication layer are internally provided with a second key pool; the second key pools are distributed in pairs in the two child nodes, and the pair of second key pools corresponds to the pair of first key pools of the next communication layer of the communication layer where the pair of second key pools are located; the pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools; and the arrangement sequence of the communication layers from top to bottom is the sequence of quantum key transmission in the network nodes.
2. The system of claim 1, wherein the quantum key in the second key pool is obtained by:
when the second key pool is determined to have the key filling requirement, taking the second key pool with the key filling requirement as a current second key pool, and taking another second key pool which is arranged in pair with the current second key pool as a target second key pool; taking the child node where the current second key pool is located as a current child node;
determining a key synchronization path corresponding to the current second key pool; the key synchronization path is a key transmission path for realizing quantum key consistency in a pair of second key pools;
determining, based on the key synchronization path, a first key pool that fills the current second key pool with quantum keys as a designated first key pool;
taking out at least part of quantum keys from the appointed first key pool and filling the quantum keys into the current second key pool;
and transmitting at least part of the extracted quantum key to the target second key pool based on the key synchronization path.
3. The system of claim 2, wherein the transmitting at least a portion of the retrieved quantum key to the target second key pool based on the key synchronization path comprises:
determining each adjacent child node on a key transmission path based on the key synchronization path; taking the child node where the target second key pool is located as a target child node;
based on the quantum key in the first key pool of each determined adjacent child node, carrying out encryption transmission on at least part of the taken quantum keys hop by hop, and transmitting the quantum keys to the target child node;
populating the retrieved at least a portion of the quantum keys received by the target child node into the target second key pool.
4. The system according to claim 1, wherein, when it is determined that the first key pool has a key padding requirement, the neighboring child nodes of other communication layers than the uppermost communication layer take out at least part of the quantum keys from the second key pool corresponding to the first key pool and located in the previous communication layer, and transmit the quantum keys to the first key pool having the key padding requirement.
5. The system of claim 4, wherein each child node within the network node performs data transmission based on an IP communication protocol; correspondingly, at least part of the extracted quantum key is transmitted to the first key pool with the key filling requirement based on the IP communication protocol.
6. The system according to claim 5, wherein said transmitting at least a portion of the extracted quantum key to the first key pool where the key padding requirement exists comprises:
and transmitting at least part of the extracted quantum key to the first key pool with the key filling requirement based on the SSL protocol.
7. The system according to claim 4, wherein when the number of quantum keys in the first key pool is smaller than a first preset threshold, it is determined that the key filling requirement exists in the corresponding first key pool.
8. The system according to claim 2, wherein when the quantum key storage amount in the second key pool is less than a second preset threshold, it is determined that the key padding requirement exists in the corresponding second key pool.
9. The system of claim 2, wherein the transmitting at least a portion of the retrieved quantum key to the target second key pool based on the key synchronization path comprises:
splitting the at least part of the quantum key to obtain at least one quantum key fragment;
and transmitting each quantum key fragment to the target second key pool based on the key synchronization path.
10. The system according to claim 9, wherein for any quantum key fragment, the quantum key fragment is transmitted to the target second key pool based on the key synchronization path in the following manner:
acquiring position information and length information of the quantum key fragments;
transmitting the quantum key fragments and the position information and the length information of the quantum key fragments to the target second key pool based on the key synchronization path;
and storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments.
11. The system according to claim 10, wherein a pair of first key pools located in a next communication layer corresponding to the current second key pool and the target second key pool are respectively used as the current first key pool and the target first key pool; correspondingly, the child node where the current first key pool is located serves as a first receiver of data transmission, and the child node where the target first key pool is located serves as a first sender of data transmission, and the following modes are executed to perform quantum key encryption data transmission:
a first sender acquires synchronous quantum key data stored in the target first key pool; the synchronous quantum key data refers to quantum keys received by the target second key pool and transmitted from the specified first key pool based on a key synchronous path;
a first sender extracts a quantum key data segment of a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss;
the first sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to the first receiver; sending the position information and the length information of the at least one sub-key segment to a first receiver;
the first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and utilizing the extracted corresponding quantum key data segment to decrypt the received secret state transmission data.
12. The system according to claim 10, wherein the service applications corresponding to the current second key pool and the target second key pool are respectively used as a second sender and a second receiver of data transmission, and perform quantum key encrypted data transmission in the following manner:
the second sender sends an encryption key use request to the target child node; the target child node is a child node where the target second key pool is located;
the target child node acquires the synchronous quantum key data stored in the target second key pool; the synchronous quantum key data refers to quantum keys received by the target second key pool and transmitted from the specified first key pool based on a key synchronous path;
the target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data loss;
the target child node feeds back the position information and the length information of the at least one child key segment to the second sender;
the second sender encrypts the transmission data by using the extracted quantum key data segment and sends the secret transmission data to a second receiver; and sending the position information and the length information of the at least one sub-key segment to the second receiver;
the second receiver sends a decryption key use request to the current child node according to the received position information and the length information of at least one child key segment;
the current child node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one child key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver;
and the second receiver decrypts the received secret state transmission data by using the received corresponding quantum key data segment.
CN202011308201.XA 2020-11-19 2020-11-19 Quantum communication system Active CN112422284B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011308201.XA CN112422284B (en) 2020-11-19 2020-11-19 Quantum communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011308201.XA CN112422284B (en) 2020-11-19 2020-11-19 Quantum communication system

Publications (2)

Publication Number Publication Date
CN112422284A true CN112422284A (en) 2021-02-26
CN112422284B CN112422284B (en) 2024-03-29

Family

ID=74773183

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011308201.XA Active CN112422284B (en) 2020-11-19 2020-11-19 Quantum communication system

Country Status (1)

Country Link
CN (1) CN112422284B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114006694A (en) * 2021-09-26 2022-02-01 北京邮电大学 Quantum key processing method and device, electronic equipment and storage medium
CN114024666A (en) * 2021-09-15 2022-02-08 北京邮电大学 Quantum key distribution method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016206498A1 (en) * 2015-06-23 2016-12-29 中兴通讯股份有限公司 First quantum node, second quantum node, secure communications architecture system, and method
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
KR20200041021A (en) * 2018-10-11 2020-04-21 주식회사 케이티 Method for controlling quantum cryptography communication network and system thereof
US20200169398A1 (en) * 2015-06-08 2020-05-28 Alibaba Group Holding Limited System, method, and apparatus for quantum key output, storage, and consistency verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200169398A1 (en) * 2015-06-08 2020-05-28 Alibaba Group Holding Limited System, method, and apparatus for quantum key output, storage, and consistency verification
WO2016206498A1 (en) * 2015-06-23 2016-12-29 中兴通讯股份有限公司 First quantum node, second quantum node, secure communications architecture system, and method
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
KR20200041021A (en) * 2018-10-11 2020-04-21 주식회사 케이티 Method for controlling quantum cryptography communication network and system thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
马彰超等: "软件定义的量子密钥分发网络技术研究", 邮电设计技术, no. 2019, pages 71 - 75 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024666A (en) * 2021-09-15 2022-02-08 北京邮电大学 Quantum key distribution method and system
CN114006694A (en) * 2021-09-26 2022-02-01 北京邮电大学 Quantum key processing method and device, electronic equipment and storage medium
CN114006694B (en) * 2021-09-26 2023-09-22 北京邮电大学 Quantum key processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN112422284B (en) 2024-03-29

Similar Documents

Publication Publication Date Title
WO2016206498A1 (en) First quantum node, second quantum node, secure communications architecture system, and method
JP5013728B2 (en) System and processing method thereof, and communication apparatus and processing method
KR20120047911A (en) Method for combining authentication and secret keys management mechanism in a sensor network
CN105471576A (en) Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN107040378A (en) A kind of key dispatching system and method based on Multi-user Remote Communication
Dolev et al. Secure communication over radio channels
CN101600198B (en) Identity-based wireless sensor network security trust method
CN110581763A (en) Quantum key service block chain network system
CN103490891A (en) Method for updating and using secret key in power grid SSL VPN
WO2023082600A1 (en) Quantum key-based blockchain network and data secure transmission method
WO2023082599A1 (en) Blockchain network security communication method based on quantum key
CN112422284B (en) Quantum communication system
JP2011160098A (en) Communication system and communication device
CN112422283B (en) Quantum key transmission method
JP2010212878A (en) Communication method, mesh network system and communication terminal
EP3909196B1 (en) One-time pads encryption hub
Halford et al. Energy-efficient group key agreement for wireless networks
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
WO2011041933A1 (en) Method for key pre-distribution and key establishment in a sensor network
CN109698744B (en) Satellite networking session key negotiation method and device
CN102611574A (en) Automatic configuration system and configuration method for VPN (Virtual Private Network)
JP5234307B2 (en) Encryption key update method, encryption key update apparatus, and encryption key update program
JP2017050580A (en) Communication system, communication method, control device, control program, communication device and communication program
JP4606885B2 (en) Key distribution system, key management server, and key distribution method
Saraswathi et al. Dynamic and probabilistic key management for distributed wireless sensor networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant