CN113765660B - Method for distributing quantum keys of terminal equipment of Internet of things on demand - Google Patents

Method for distributing quantum keys of terminal equipment of Internet of things on demand Download PDF

Info

Publication number
CN113765660B
CN113765660B CN202111039799.1A CN202111039799A CN113765660B CN 113765660 B CN113765660 B CN 113765660B CN 202111039799 A CN202111039799 A CN 202111039799A CN 113765660 B CN113765660 B CN 113765660B
Authority
CN
China
Prior art keywords
key
quantum key
request
quantum
pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111039799.1A
Other languages
Chinese (zh)
Other versions
CN113765660A (en
Inventor
陈芊叶
陈立全
陈婧琦
曹楷林
陆意
傅寒青
张亦浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN202111039799.1A priority Critical patent/CN113765660B/en
Publication of CN113765660A publication Critical patent/CN113765660A/en
Application granted granted Critical
Publication of CN113765660B publication Critical patent/CN113765660B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Abstract

The invention discloses an internet of things terminal equipment quantum key on-demand distribution method, which comprises the steps of requesting according to an application program of the internet of things; after a key request of the terminal equipment of the Internet of things arrives, two processes of key resource allocation of a key pool and key resource supplementation of the key pool are completely designed according to the requirement of the key request; quantitatively considering the quantum key demand requirement and the quantum key security requirement of the key request according to the proportion, determining the queuing response sequence of the key requests with the same arrival time, and performing key resource allocation of the key pool; when the residual key amount cannot respond to the key request, the key pool sends a key supplement request, and key relay supplement is carried out as required; setting two thresholds of high and low of the key pool, and dynamically supplementing the key of the key pool according to the requirement in idle time slots. The method can reduce the time delay from the key request of the application program of the Internet of things to the completion of the request response, and improve the system efficiency and the key pool carrying key request service capability.

Description

Method for distributing quantum keys of terminal equipment of Internet of things on demand
Technical Field
The invention belongs to the technical field of information security, discloses application of quantum key distribution in a new field, and particularly relates to a method for distributing quantum keys of terminal equipment of the Internet of things as required.
Background
In the current internet of things system, the traditional cryptographic technology for ensuring the data transmission safety has the risk of being cracked by a quantum computer, so that the application of a quantum key to the internet of things terminal has important practical significance. The quantum key distribution QKD is based on quantum unclonable principle and quantum inseparable principle of quantum physics, and can effectively realize safe generation and distribution of keys. Quantum key services can be provided to multiple users by connecting multiple point-to-point QKD systems to form a quantum key distribution network.
However, the QKD network will face many unaccounted problems in the application scenario of the internet of things, and firstly, because the generation rate of the quantum key is generally low, a high requirement is put on how to efficiently perform quantum key resource allocation when a large number of quantum key requests are faced. Secondly, the number of the terminal devices accessed in the internet of things is large and complicated, and due to the limitation of storage and calculation capacities of a plurality of terminal devices in the internet of things, high requirements are provided for the distribution efficiency of the quantum key of the internet of things and the algorithm for acquiring the quantum key required by encrypted communication by the terminal devices in the internet of things.
In addition, in addition to the problem of improving the quantum key distribution efficiency according to the quantum key request of the application program, because the problem of low quantum key generation efficiency of the QKD network can meet the quantum key usage requirement by adopting the accumulation of quantum key resources, a key pool is adopted for the quantum key for storage, and for the storage security problem of the quantum key in the key pool, the problem of the quantum key supplement process in the key pool needs to be considered while the quantum key resource allocation is considered.
Therefore, the quantum key request response time delay is reduced according to the application program requirements of the internet of things, the system efficiency is improved, and the time cost for receiving the quantum key by the terminal equipment of the internet of things is urgently needed to be solved.
Disclosure of Invention
In order to solve the problems, the invention discloses a quantum key on-demand distribution method of an internet of things terminal device, which aims to efficiently utilize quantum key resources and realize balance between QKD network quantum key resources and internet of things security requirements.
In order to achieve the purpose, the invention adopts the technical scheme that: an Internet of things terminal equipment quantum key on-demand distribution method comprises the following steps:
s1, responding to an application program request of the Internet of things, and according to the safety requirement of the application program, determining the safety requirement of the quantum key when information encryption is carried out between the application program and the server in a grading and quantitative mode;
s2, quantitatively considering the quantum key demand requirement and the quantum key security requirement of the key request according to the proportion, and calculating the response weight value of the application program quantum key request of the Internet of things;
s3, determining the queuing response sequence of the quantum key requests with the same arrival time from high to low according to the weight values of the quantum key requests, and performing key distribution on the residual quantum key amount of the key pool according to needs;
s4, when the residual quantum key quantity can not respond to the key request, the key pool sends out a quantum key supplement request, and the quantum key supplement request is responded according to the key request weight value responded by the key pool;
and S5, setting two thresholds of high and low of the key pool in consideration of system time slice resources, and performing quantum key supplementation of the key pool when the key pool and the corresponding repeater are in idle time slots and the quantum key remaining quantity is lower than the low threshold.
The invention is further improved in that: in step S1, the request of the application program of the internet of things is responded, the request of the application program of the internet of things and the characteristic of the lightweight processing data of the internet of things are subjected to lightweight data acquisition and message management, the security level of the message is graded according to the security requirement of the message application of the application program, and the security requirement of the quantum key when information encryption is performed between the application program and the server is quantitatively determined according to different grades.
The invention is further improved in that: the step S2 further includes:
s21, after the application program of the Internet of things arrives, a plurality of terminal devices of the Internet of things send a plurality of quantum key requests to the edge gateway, wherein the quantum key requests need to contain information such as quantum key demand, quantum key security requirements, identity identifications of two parties of a session and the like;
and S22, according to different requirements of the system on efficiency and safety, quantitatively considering the quantum key demand requirement and the quantum key safety requirement of the key request according to proportion, and calculating the response weight value of the quantum key request.
The invention is further improved in that: the step S3 further includes:
s31, after receiving a plurality of quantum key requests, the edge gateway sequences the response sequence of the quantum key requests according to the arrival time and the priority of the key request response weight value, when the quantum key surplus of the key pool QKP is sufficient and can meet the quantum key amount requirement of the arrived key requests, the edge gateway responds to the quantum key requests according to the arrival time sequence of the quantum key requests, and responds to the quantum key requests according to the weight value under the condition that the arrival time of the quantum key requests is consistent;
s32, when the quantum residual key amount of the key pool QKP is insufficient and cannot satisfy the quantum key amount requirement of the key request, the key pool QKP issues a quantum key supplement application. After quantum key supplement is carried out on the key pool QKP, when the residual quantum key quantity of the key pool can meet the requirement of the quantum key demand quantity of the key request, quantum key distribution of the key request is carried out;
and S33, after the quantum key request is responded, the edge gateway acquires the quantum key from the corresponding key pool QKP at the edge gateway as required, generates a wireless key through a wireless channel, encrypts the wireless key and transmits the encrypted wireless key to the terminal equipment of the Internet of things.
The invention is further improved in that: the step S4 further includes:
s41, when the residual key quantity can not respond to the quantum key request, the key pool sends out a quantum key supplement request, the quantum key supplement request includes key pool information, quantum key demand quantity of the current key request, quantum key safety requirement, identity identification of both parties of the session and other information;
s42, when the quantum key surplus of a plurality of key pools QKP is not enough to provide quantum key service, because the relay keys generated between the OLT and the ONU at the same time can only perform one-to-one quantum key relay, when processing the key pool QKP quantum key supplement requests arriving at the same time, the quantum key demand requirement and the quantum key safety requirement of the key requests are considered proportionally and quantitatively, the response weight value is calculated, and the response sequence of the corresponding key pool quantum key supplement requests is determined according to the response weight value from high to low.
The invention is further improved in that: the step S5 further includes:
s51, comprehensively considering the requirements of system security and efficiency, and setting the high and low thresholds of the quantum key pool;
s52, when the residual quantum key amount of the key pool is too small and is lower than the set low threshold, in order to prevent the residual quantum key amount of the key pool QKP from being unable to meet the quantum key demand requirement of the subsequent key request, when the key pool and the corresponding repeater are in idle time slots, quantum key supplementation is carried out in time;
and S53, when the residual quantum key amount of the key pool is too much and is more than or equal to the set high threshold, in order to prevent the quantum key security from being reduced due to too much quantum key storage for too long time, the quantum key supplement is stopped.
Compared with the prior art, the invention provides an internet of things terminal equipment quantum key on-demand distribution method, after an internet of things application program quantum key request arrives, the quantum key security requirement when information encryption is carried out between an application program and a server is determined, after the internet of things terminal equipment key request arrives, two processes of key pool key resource distribution and key pool key resource supplement are completely designed according to the requirement of the quantum key request, the key demand and the key security requirement of the internet of things application program key request are quantitatively considered according to proportion, quantum key resource distribution is carried out, meanwhile, two thresholds of high and low of a key pool are set, and dynamic supplement is carried out on the key pool quantum key on demand, so that the system has higher efficient key processing efficiency and higher key pool QKP key request carrying capacity, and the requirements of the internet of things application program on storage, and the requirements of the internet of things application program, The computing power and the light weight are required, and the balance between the quantum key resources of the QKD network and the safety requirements of the Internet of things is realized.
Drawings
FIG. 1 is a flow chart of the method steps of the present invention;
FIG. 2 is a working frame diagram of the present invention;
FIG. 3 is a flow diagram of a portion of the present invention responding to a quantum key request;
FIG. 4 is a flow chart of a portion of the present invention responding to a quantum key supplement request;
FIG. 5 is a flow chart of a key pool quantum key supplement portion of the present invention.
Detailed Description
The present invention will be further illustrated with reference to the accompanying drawings and specific embodiments, which are to be understood as merely illustrative of the invention and not as limiting the scope of the invention. It should be noted that the terms "front," "back," "left," "right," "upper" and "lower" used in the following description refer to directions in the drawings, and the terms "inner" and "outer" refer to directions toward and away from, respectively, the geometric center of a particular component.
The symbols and their definitions in this scheme are shown in table 1:
TABLE 1
Figure BDA0003248670710000061
Figure BDA0003248670710000071
The method relies on a quantum key distribution QKD network to generate a quantum key to ensure the safe communication of the terminal equipment of the Internet of things. An access network to an edge gateway realizes key distribution based on a passive optical network, a quantum receiver and a trusted quantum relay device are arranged at an Optical Line Terminal (OLT), the quantum receiver and the trusted quantum relay device can be shared by a plurality of quantum transmitters for key generation, and the quantum transmitters are arranged at Optical Network Units (ONUs); quantum key distribution is performed in the optical fiber by wavelength division multiplexing and time division multiplexing to generate a security key between the optical network unit ONU and the optical line terminal OLT.
In a quantum key distribution QKD network with a trusted repeater, the quantum key is subjected to exclusive-OR encryption through a relay key generated point to point, and the quantum key is transmitted in an encrypted manner. The quantum key generated between the OLT and the ONU is used for relaying the key, and the quantum key which is finally used for the session from the quantum backbone network is relayed through the credible quantum repeater.
Quantum keys are stored in a key pool, and based on Software Defined Network (SDN) technology, the quantum key storage device is abstracted and virtualized into a key pool QKP, the key pool QKP exists between any two QKD nodes, and the keys are managed in a pair-wise manner between the two nodes.
The technical means disclosed in the present invention will be described in further detail below by specific procedures.
As shown in fig. 1, the present document provides an internet of things terminal device quantum key on-demand distribution method, including the following steps:
(1) responding to an application program request of the Internet of things, carrying out grade division on the security level of the message by adopting light-weight data acquisition and message management for the request of the application program of the Internet of things and the characteristic of light-weight data processing of the Internet of things, and quantitatively determining the security requirement of the quantum key when information encryption is carried out between the application program and the server according to different grades.
According to the security requirement of an application program, 3 security level Sec divisions are provided, wherein the security level Sec is respectively the lowest (Sec is 0), and a message arrives at most once for the message which can be lost; the security level is medium (Sec is 1), the message arrives at least once, and the receiver is ensured to receive the message certainly, but the message is repeated; the highest security level (Sec 2) the message arrives only once for very important and non-repeatable messages. According to the lightweight requirement of the internet of things and the consideration of system efficiency, the quantum key is only used when the requirement on the service quality of the message application is high, that is, when Sec is 1 or Sec is 2, the quantum key is used for encrypting the message when the application program and the server perform information interaction, and when other security levels are low, the message is directly transmitted in a plaintext.
(2) And when the request of the quantum key of the application program of the Internet of things arrives, the edge gateway determines the response sequence of the quantum key request after receiving a plurality of quantum key requests from the terminal equipment of the Internet of things.
The step (2) comprises the following substeps:
(2.1) application program quantum key request K of Internet of things Request After the request is received, a plurality of terminal devices of the internet of things send a plurality of quantum key requests K to the edge gateway G1 Request The quantum key requesting K Request Medium requirement containing quantum key requirement K qua Quantum key security requirement K sec The identities of the two parties of the session, that is, the session application terminal T1, the session target terminal T2, the edge gateway G1 corresponding to T1, the edge gateway G2 corresponding to T2, and the like, that is, K Request =(K qua ,K sec ,T1,T2,G1,G2)。
(2.2) request K for quantum key of terminal equipment of Internet of things Request Reaching numerous numbers in a period of time, so a request for a quantum key, K, is required Request The response order of (2) is ordered, the highest priority being the quantum key request K Request Time of arrival t arr At the arrival time t arr In the same case, with a certain response weight value est (K) i ) Quantitative identification quantum key request K Request Quantum key requirement of K qua And quantum key security K sec Requirement of (1), weight value est (K) i ) The specific calculation of (2) is shown in formula (1):
est(K i )=(1-ω)lnK qua +ωln(10-K sec ) (1)
in the formula (2), K sec ∈[1,5]And K is sec E.n, representing quantum key request security K sec Require that ω ∈ [0,1 ]]Indicating that the system requests K for a quantum key Request Quantum key requirement of K qua And the security requirement K of quantum key services sec Because the requirements of the system on the quantum key demand and the quantum key security tradeoff are different, the weight values of the two factors will change accordingly, and the quantum key request K of the system is satisfied by adjusting the magnitude of ω Request Quantum key requirement of K qua And the security requirement K of quantum key services sec Different requirements of (2). Weight value est (K) i ) In ascending order, the quantum key demand K qua The smaller, the security requirement K of quantum key services sec Larger quantum key request K Request There is a higher priority of response.
(3) According to the weight value of the quantum key request, determining the queuing response sequence of the quantum key requests with the same arrival time, and performing key distribution on the residual quantum key amount of the key pool as required, wherein the algorithm flow is shown in fig. 3.
The step (3) comprises the following substeps:
(3.1) after receiving multiple key requests, the edge gateway G1 requests K according to the quantum key Request In the identity identifications of the two parties of the middle conversation, the edge gateway G1 corresponding to the conversation application terminal T1 and the edge gateway G2 corresponding to the conversation target terminal T2 extract quantum keys from the corresponding key pool QKP at the edge gateway, the key pool QKP specifically identifies through indexes, and the keys are placed in VKP corresponding to the index numbers according to the edge gateway G1 corresponding to the conversation application terminal T1 and the edge gateway G2 corresponding to the conversation target terminal T2 of the communication request 1-2 In the method, the safety requirements of two communication parties for carrying out one-to-one correspondence on key resource allocation are met.
(3.2) responding to the quantum key request K according to the algorithm flow Request The quantum keys of the key pool QKP are distributed. And sequencing the response sequence of the quantum key requests according to the arrival time and the priority of the response weight value of the quantum key requests. Equivalent subkey request K Request Arrive atThen, whether a current quantum key request K exists or not is judged Request (i) Quantum key request K arriving at same time Request If there is a quantum key request K with the current quantum key Request (i) Time of arrival t arr Consistent other quantum key request K Request Then according to the request K Request Quantum key requirement K qua And quantum key security K sec Calculated response weight value est (K) i ) Sorting, and then queuing for waiting until the current quantum key request K is reached Request (i) Waiting for a response; if the current quantum key request K is not satisfied Request (I) Time of arrival t arr Identical quantum key request K Request Direct turn to current quantum key request K Request (i) And waiting for a response.
(3.3) when the current quantum key request K is arrived at Request (I) Waiting for response, judging whether the current key pool time slot is occupied according to the condition of time slice resources, if the key pool QKP is located in the time slot which is requested by the last quantum key K Request (I-1) occupation, i.e. last quantum key request K Request (i-1) time t at which quantum key is obtained from pool QKP get Not less than current quantum key request K Request (i) Time of arrival t arr Then the current quantum key requests K Request (i) Waiting for the quantum key request K when the time slot needs to be idle in a queue Request (I) Obtaining a response; if the key pool QKP is in a free time slot, the last quantum key request K Request (i-1) time r to obtain a quantum key from pool QKP get <Current quantum key request K Request (I) Time of arrival t arr Then the current quantum key requests K Request (I) A response is obtained directly.
(3.4) Current Quantum Key request K Request (i) Get a response, based on the pool QKP of residual quantum keys K sur In the case of (3), the remaining quantum key amount K of the key pool QKP is judged sur Whether the current quantum key request K can be satisfied Request (i) Quantum key requirement of K qua If the remaining quantum key amount K of the key pool QKP is sur Can not satisfy the current quantum key request K Request (i) Quantum key requirement of K qua The current quantum key request K Request (i) Quantum key requirement of K qua >Residual quantum key amount K of key pool QKP sur Then quantum key supplementation is required and the key pool QKP issues a quantum key supplementation application. Waiting until the key pool QKP for quantum key supplementation, the key pool has a remaining quantum key amount K sur Can satisfy the current quantum key request K Request (i) Quantum key requirement of K qua When required, the current quantum key request K is carried out Request (i) The key distribution of (2); if the remaining quantum key quantum K of the key pool QKP sur Can satisfy the current quantum key request K Request (i) Quantum key requirement of K qua The current quantum key request K Request (i) Quantum key requirement of K qua The residual quantum key amount K of the key pool QKP is less than or equal to sur Then the current quantum key requests K Request (i) The corresponding K may be extracted from the key pool QKP qua The quantum key of (1).
(3.5) after the quantum key request is responded, the edge gateway acquires the quantum key from the corresponding key pool QKP at the edge gateway as required, channel characteristics are extracted on a wireless channel of communication to generate an encryption and decryption key, the quantum key is encrypted by the encryption key and then is sent to the internet of things terminal through the wireless channel, and the internet of things mobile terminal acquires the quantum key after decryption.
(4) And when the residual quantum key amount cannot bear the key request, the key pool sends a quantum key supplement request, and the quantum key supplement request is responded according to the quantum key request weighted value responded by the key pool.
The step (4) comprises the following substeps:
(4.1) remaining quantum Key volume K of Key pool QKP sur Can not satisfy the current quantum key request K Request (i) Quantum key requirement of K qua When the request is received, a quantum key supplement application K needs to be sent to the OLT and the ONU Supplement The quantum key supplementApplication K Supplement The method comprises the following steps: key pool QKP information, current quantum key request K Request (i) Quantum key requirement of K qua Quantum key security requirement K sec The identities of the two parties of the session, that is, the session application terminal T1, the session target terminal T2, the edge gateway G1 corresponding to T1, the edge gateway G2 corresponding to T2, and the like, that is, K Supplement =(QKP,K Request (K qua ,K sec T1, T2, G1, G2)), wait for the generation of a relay quantum key between the optical line termination OLT and the optical network unit ONU, and respond to a quantum key supplement request for the key QKP.
(4.2) Quantum Key Replementation request K for Key pool QKP Supplement Reaching numerous numbers in a period of time, so a request for a quantum key, K, is required Supplement The response order of (2) is ordered, the highest priority being the quantum key request K Supplement Time of arrival T arr At the arrival time T arr In the same case, since the relay quantum key generated between the optical line terminal OLT and the optical network unit ONU at the same time can only perform one-to-one quantum key relay, the quantum key supplement request K is processed in the key pool QKP that arrives at the same time Supplement Then, quantum key request K is weighted and considered according to algorithm flow Request Quantum key requirement of K qua And the security requirement K of quantum key services sec The order in which quantum key complementation considerations of key pool QKP are made is determined. With a certain weight est (K) i ) Quantitative identification quantum key request K Request Quantum key requirement of K qua And quantum key security K sec Is a requirement of, weight est (K) i ) The specific calculation of (2) is shown in formula (3):
est(K i )=(1-ω)lnK qua +ωln(10-K sec ) (3)
in the formula (3), K sec ∈[1,5]And K is sec E.n, representing quantum key request security K sec Require ω ∈ [0,1 ]]Indicating that the system requests K for a quantum key Request Quantum key requirement of K qua And security of quantum key servicesRequirement K sec Because the requirements of the system on the quantum key demand and the quantum key security tradeoff are different, the weights of the two factors are changed, and the quantum key demand K of the system is satisfied by adjusting the magnitude of omega Request Quantum key requirement of K qua And the security requirement K of quantum key services sec Different requirements of (2). Weight est (K) i ) In ascending order, the quantum key demand K qua The smaller, the security requirement K of quantum key services sec Larger quantum key request K Request With higher priority, corresponding quantum key supplement request K Supplement The more first a response will be obtained.
(4.3) responding to the quantum key supplement request K according to the algorithm flow Supplement The quantum keys of the key pool QKP are supplemented, and the algorithm flow is shown in fig. 4. And sequencing the response sequence of the quantum key supplement requests according to the arrival time and the priority of the response weight value of the quantum key supplement requests. When the quantum key supplement request reaches K Supplement Then, whether a current quantum key supplement request K exists or not is judged Supplement (i) Quantum key request K arriving at same time Supplement If there is a quantum key supplement request K with the current quantum key Supplement (i) Time of arrival T arr Consistent other quantum key supplement request K Supplement Then according to the quantum supplement request K Supplement Quantum key requirement of K qua And quantum key security K sec Calculated response weight value est (K) i ) Sorting, and then queuing for waiting until the current quantum complementary key request K is turned Supplement (i) Waiting for a response; if the current quantum key supplement request K is not available Supplement (i) Time of arrival T arr Same quantum key supplement request K Supplement Direct turn to current quantum key request K Supplement (i) And waiting for a response.
(4.4) when it is the turn of the current quantum key request K Supplement (i) Waiting for response, and judging the current OLT and ONU according to the condition of time slice resourcesWhether the time slot of the ONU is occupied or not, if the time slot of the OLT and the ONU is occupied by the last quantum key supplement request K Supplement (i-1) occupation, i.e. last QKP quantum key supplement request K Supplement (i-1) time T to obtain a quantum key get The current quantum key supplement request K is not less than Supplement (i) Time of arrival T arr Then the previous quantum key requests K Supplement (i) Waiting for the quantum key supplement request K when the time slot needs to be idle in a queue Supplement (i) Obtaining a response; if the optical line terminal OLT and the optical network unit ONU are in idle time slots, namely the last QKP quantum key supplement request K Supplement (i-1) time T to obtain a quantum key get <Current quantum key supplement request K Supplement (i) Time of arrival T arr Then the current quantum key supplements request K Supplement (i) The response is directly obtained without queuing.
(4.5) Current Quantum Key request K Request (i) And responding, and performing one-to-one quantum key relay on the relay quantum key generated between the optical line terminal OLT and the optical network unit ONU to complete key supplement of the key pool.
(5) And considering system time slice resources, setting two thresholds of high and low of the key pool, and supplementing the quantum keys of the key pool when the key pool and the corresponding repeater are in idle time slots and the quantity of the residual quantum keys is lower than the low threshold.
The step (5) comprises the following substeps:
(5.1) when the key pool QKP, the OLT and the ONU are in idle time slots, dynamically supplementing quantum keys to the key pool QKP, comprehensively considering the requirements of system security and efficiency, setting two thresholds of the key pool QKP, and setting a low threshold K threshold_low A high threshold value K threshold_high
(5.2) Quantum Key population is performed on Key pool QKP according to an algorithmic flow, as shown in FIG. 5. Judging whether the key pool is in a free time slot or not according to the condition of the time slice, and judging the residual quantum quantity of the key pool QKP when the key pool QKP is in the free time slotK sur Whether or not it is below a low threshold K threshold_low When the quantum key amount K remains sur Too little, below a set low threshold K threshold_low To prevent the pool of keys QKP from leaving a quantum key quantum K sur Can not satisfy the follow-up quantum key request K Request Quantum key requirement of K qua And (4) requiring that quantum key supplement is carried out in time when the key pool and the corresponding repeater are in idle time slots.
(5.3) after the condition that the key pool QKP performs key supplement is met, judging whether the current optical line terminal OLT and the optical network unit ONU are in idle time slots, and performing key supplement if the current optical line terminal OLT and the optical network unit ONU are idle time slots.
(5.4) determining the remaining quantum key amount K of the key pool QKP sur Whether or not it is higher than the high threshold K threshold_high When the quantum key amount K remains sur Too much above the set high threshold K threshold_high In order to prevent the quantum key from being reduced in security due to excessive quantum key storage for too long time, quantum key supplementation is stopped.
The technical means disclosed in the invention scheme are not limited to the technical means disclosed in the above embodiments, but also include the technical scheme formed by any combination of the above technical features.

Claims (6)

1. A method for distributing quantum keys of terminal equipment of the Internet of things on demand is characterized by comprising the following steps: the method comprises the following steps:
s1, responding to an application program request of the Internet of things, and according to the safety requirement of the application program, determining the safety requirement of the quantum key when information encryption is carried out between the application program and the server in a grading and quantitative mode;
s2, quantitatively considering the quantum key demand requirement and the quantum key security requirement of the key request according to the proportion, and calculating the response weight value of the application program quantum key request of the Internet of things;
s3, determining the queuing response sequence of the quantum key requests with the same arrival time from high to low according to the weight values of the quantum key requests, and performing key distribution on the residual quantum key amount of the key pool according to needs;
s4, when the residual quantum key quantity can not respond to the key request, the key pool sends out a quantum key supplement request, and the quantum key supplement request is responded according to the quantum key request weight value responded by the key pool;
and S5, setting two thresholds of high and low of the key pool in consideration of system time slice resources, and performing quantum key supplementation of the key pool when the key pool and the corresponding repeater are in idle time slots and the quantum key remaining quantity is lower than the low threshold.
2. The internet of things terminal device quantum key on-demand distribution method of claim 1, characterized in that: in step S1, the request of the application program of the internet of things is responded, the request of the application program of the internet of things is combined with the characteristic of lightweight processing data of the internet of things itself, lightweight data acquisition and message management are adopted, the security level of the message is graded according to the security requirement of the message application of the application program, and the security requirement of the quantum key when information encryption is performed between the application program and the server is quantitatively determined according to different grades.
3. The internet of things terminal device quantum key on-demand distribution method of claim 1, characterized in that: the step S2 further includes:
s21, after the application program of the Internet of things arrives, the plurality of terminal devices of the Internet of things send a plurality of quantum key requests to the edge gateway, wherein the quantum key requests need to contain information of quantum key demand, quantum key security requirements and identification of both parties of the session;
and S22, according to different requirements of the system on efficiency and safety, quantitatively considering the quantum key demand requirement and the quantum key safety requirement of the quantum key request according to proportion, and calculating the response weight value of the quantum key request.
4. The internet of things terminal device quantum key on-demand distribution method of claim 1, characterized in that: the step S3 further includes:
s31, after receiving the multiple quantum key requests, the edge gateway sorts the response sequence of the quantum key requests according to the arrival time and the priority of the key request response weight value;
s32, when the residual quantum key amount of the key pool QKP is insufficient, the edge gateway sends a key pool QKP quantum key supplement request, and when the residual quantum key amount of the key pool QKP meets the requirement, the quantum key request is responded;
and S33, after the quantum key request is responded, the edge gateway acquires the quantum key from the corresponding key pool QKP at the edge gateway as required, generates a wireless key through a wireless channel, encrypts the key and transmits the encrypted key to the terminal equipment of the Internet of things.
5. The internet of things terminal device quantum key on-demand distribution method of claim 1, characterized in that: the step S4 further includes:
s41, when the residual key quantity can not respond to the quantum key request, the key pool sends out a quantum key supplement request, the quantum key supplement request contains the key pool information, the quantum key demand quantity of the current quantum key request, the quantum key security requirement and the information of the identity identification of both parties of the conversation;
s42, when the quantum key surplus of a plurality of key pools QKP is not enough to provide quantum key service, when processing a key pool QKP quantum key supplement request arriving at the same time, the quantum key demand requirement and the quantum key safety requirement of the key request are considered in proportion and quantity, a response weight value is calculated, the response sequence of the key pool quantum key supplement request is determined according to the response weight value from high to low, and the quantum key resource supplement of the key pool is carried out.
6. The internet of things terminal device quantum key on-demand distribution method of claim 1, characterized in that: the step S5 further includes:
s51, comprehensively considering the requirements of system security and efficiency, and setting the high and low thresholds of the quantum key pool; in the key pool QKP, rayWhen the OLT and the ONU are in idle time slots, dynamic quantum key supplement is carried out on the key pool QKP, two thresholds of the key pool QKP are set, and one low threshold K is set threshold_low A high threshold value K threshold_high
S52, quantum key supplement is carried out on the key pool QKP, whether the key pool is in the idle time slot or not is judged according to the condition of the time slice, and when the key pool QKP is in the idle time slot, the residual quantum K of the key pool QKP is judged sur Whether or not it is below a low threshold K threshold_low When the quantum key amount K remains sur Too little, below a set low threshold K threshold_low To prevent the pool QKP from leaving a quantum key quantum K sur Can not satisfy the follow-up quantum key request K Request Quantum key demand K of qua The quantum key is supplemented in time when the key pool and the corresponding repeater are in idle time slots;
s53, after satisfying the condition of key supplement in the key pool QKP, judging whether the current OLT and ONU are in idle time slot, if so, then performing key supplement;
s54, judging the residual quantum key amount K of the key pool QKP sur Whether or not it is higher than the high threshold K threshold_high When the quantum key amount K remains sur Too much above the set high threshold K threshold_high In order to prevent the quantum key from being reduced in security due to excessive quantum key storage for too long time, quantum key supplementation is stopped.
CN202111039799.1A 2021-09-06 2021-09-06 Method for distributing quantum keys of terminal equipment of Internet of things on demand Active CN113765660B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111039799.1A CN113765660B (en) 2021-09-06 2021-09-06 Method for distributing quantum keys of terminal equipment of Internet of things on demand

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111039799.1A CN113765660B (en) 2021-09-06 2021-09-06 Method for distributing quantum keys of terminal equipment of Internet of things on demand

Publications (2)

Publication Number Publication Date
CN113765660A CN113765660A (en) 2021-12-07
CN113765660B true CN113765660B (en) 2022-08-02

Family

ID=78793233

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111039799.1A Active CN113765660B (en) 2021-09-06 2021-09-06 Method for distributing quantum keys of terminal equipment of Internet of things on demand

Country Status (1)

Country Link
CN (1) CN113765660B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115865332B (en) * 2022-11-24 2024-01-02 北京百度网讯科技有限公司 Request processing method and device and electronic equipment
CN115694815B (en) * 2023-01-03 2023-03-28 国网天津市电力公司电力科学研究院 Communication encryption method and device for power distribution terminal
CN116318689B (en) * 2023-05-25 2023-07-28 天津市城市规划设计研究总院有限公司 Method and system for improving information transmission safety of Internet of things equipment by utilizing quantum key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138552A (en) * 2019-05-08 2019-08-16 北京邮电大学 Multi-user quantum key Supply Method and device
CN110149204A (en) * 2019-05-09 2019-08-20 北京邮电大学 The key resource allocation methods and system of QKD network
CN110365476A (en) * 2019-07-01 2019-10-22 北京邮电大学 The schedule management method of QKD network and its key based on SDN
CN112910639A (en) * 2021-02-05 2021-06-04 北京邮电大学 Quantum encryption service transmission method under multi-domain scene and related equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107959566A (en) * 2016-10-14 2018-04-24 阿里巴巴集团控股有限公司 Quantal data key agreement system and quantal data cryptographic key negotiation method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138552A (en) * 2019-05-08 2019-08-16 北京邮电大学 Multi-user quantum key Supply Method and device
CN110149204A (en) * 2019-05-09 2019-08-20 北京邮电大学 The key resource allocation methods and system of QKD network
CN110365476A (en) * 2019-07-01 2019-10-22 北京邮电大学 The schedule management method of QKD network and its key based on SDN
CN112910639A (en) * 2021-02-05 2021-06-04 北京邮电大学 Quantum encryption service transmission method under multi-domain scene and related equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Scalable QKD Network Using Simple Key-Management Technique with On-Demand Crypto-Key Supply";Maeda, W等;《2008 34TH EUROPEAN CONFERENCE ON OPTICAL COMMUNICATION (ECOC)》;20080925;全文 *
物联网通信信道的量子密钥协议研究;赵洁;《激光杂志》;20171225(第12期);第118-122页 *

Also Published As

Publication number Publication date
CN113765660A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
CN113765660B (en) Method for distributing quantum keys of terminal equipment of Internet of things on demand
CN110808989B (en) HTTPS acceleration method and system based on content distribution network
CN111246586B (en) Method and system for distributing smart grid resources based on genetic algorithm
CN108491267B (en) Method and apparatus for generating information
CN112637354B (en) Data transmission management method, system and equipment based on cloud storage
CN113746677B (en) 5G new air interface-oriented network intra-slice resource allocation method
US20060072581A1 (en) Method and apparatus for providing quality of service guarantees using stateful monitoring of network load
CN110868290A (en) Key service method and device without central control
CN104992100A (en) Iris dynamic encryption and decryption system and method for electronic document flowing
US8341266B2 (en) Method and system for load balancing over a set of communication channels
US10412057B2 (en) Service access method and system, and apparatus
Mondal et al. A novel cost optimization framework for multi-cloudlet environment over optical access networks
CN114125831B (en) 5G smart grid user side data acquisition method and system based on proxy re-encryption
US20180317040A1 (en) Massive small data transmission for machine-type communication system
US20060072453A1 (en) Method and apparatus for assessing traffic load of a communication network
CN106487761B (en) Message transmission method and network equipment
CN114760602B (en) Holographic communication method, device, system and computer readable storage medium
CN112134872B (en) Network system with multi-application-layer cloud computing function
CN112242978B (en) Method and device for processing data
CN114071461A (en) 5G communication module based on quantum key encryption
CN101997720A (en) Transregional monitoring flow on demand method and video management server
CN114422107B (en) Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform
CN111492643A (en) Apparatus and method for code caching
CN111800293B (en) Edge calculation control gateway of intelligent micro-grid
CN114285854B (en) Edge computing system and method with storage optimization and security transmission capability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant