CN115426104A - Quantum key supply proprietary and shared protection method and related equipment - Google Patents

Quantum key supply proprietary and shared protection method and related equipment Download PDF

Info

Publication number
CN115426104A
CN115426104A CN202210853501.9A CN202210853501A CN115426104A CN 115426104 A CN115426104 A CN 115426104A CN 202210853501 A CN202210853501 A CN 202210853501A CN 115426104 A CN115426104 A CN 115426104A
Authority
CN
China
Prior art keywords
key
protection
path
quantum
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210853501.9A
Other languages
Chinese (zh)
Inventor
郁小松
刘宇航
赵永利
张�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202210853501.9A priority Critical patent/CN115426104A/en
Publication of CN115426104A publication Critical patent/CN115426104A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a quantum key supply proprietary and shared protection method, which comprises the following steps: constructing a first protection path according to the acquired physical topology information of the first target path; the first target path generates a first user key; the first protection path generates a first protection key; in response to the first user key provisioning interruption, invoking the first protection key in place of the first user key to resume key provisioning of the first target path. According to the method and the device, the protection path resource is used, the protection key is generated in real time along with the user key, and therefore the key supply of the target path is guaranteed in time under the condition that the key supply of the target path has problems.

Description

Quantum key supply proprietary and shared protection method and related equipment
Technical Field
The present application relates to the field of quantum key provisioning technologies, and in particular, to a quantum key provisioning proprietary and shared protection method and related devices.
Background
Quantum key distribution is to ensure communication security by using quantum mechanical characteristics. It enables both communicating parties to generate and share a random, secure key for encrypting and decrypting messages.
Currently, in the existing research, when quantum key distribution is applied to an optical network, a joint protection strategy in a scenario where a data service and a key service are coupled is often considered, for example, a protection path setting scheme for two types of services in an optical network failure scenario, a joint service rerouting mechanism in a multi-domain optical network scenario, and the like.
Disclosure of Invention
In view of the above, an object of the present application is to provide a quantum key supply proprietary and shared protection method and related apparatus.
In view of the above object, the present application provides a quantum key supply proprietary protection method, comprising:
constructing a first protection path according to the acquired physical topology information of the first target path;
generating a first user key according to the first target path;
generating a first protection key according to the first protection path;
in response to the first user key provisioning interruption, invoking the first protection key in place of the first user key to resume key provisioning of the first target path.
In a possible implementation manner, a first rate of generating the first user key by the first target path is the same as a second rate of generating the first protection key by the first protection path;
the method further comprises the following steps:
in response to the first user key regeneration, the first protection key is regenerated.
In one possible implementation, the generating, by the first target path, a first user key includes:
generating at least one first quantum key by at least one pair of nodes of the first target path;
formatting the at least one first quantum key to obtain at least one first formatted key;
and carrying out key relay processing on the at least one first formatted key to obtain a first user key.
In one possible implementation, the generating, by the first protection path, a first protection key includes:
at least one pair of nodes of the first protection path generates at least one second quantum key;
formatting the at least one second quantum key to obtain at least one second formatted key;
and carrying out key relay processing on the at least one second formatted key to obtain a first protection key.
In one possible implementation, the length of the second formatting key is the same as the length of the first user key;
the length of the first protection key is the same as the length of the first user key.
In one possible implementation, the first target path does not coincide with a link of the first protection path.
Based on the same inventive concept, the application also provides a quantum key supply sharing protection method, which comprises the following steps:
constructing a second protection path according to the acquired physical topology information of at least two second target paths;
setting priorities of at least two second target paths;
generating at least two second user keys according to at least two second target paths;
and in response to the interruption of the key supply of at least two second users, taking the path with the highest priority in the at least two second target paths as a third target path, generating a second protection key according to the second protection path, and calling the second protection key to replace the second user key of the third target path so as to recover the key supply of the third target path.
In one possible implementation, the method further includes:
the second protection path generates a third user key in response to at least two of the second user keys being normally provisioned; the third user key serves traffic transport for the second protection path.
Based on the same inventive concept, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the processor implements the method for exclusive and shared protection of quantum key provisioning as described in any one of the above items.
Based on the same inventive concept, one or more embodiments of the present specification also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any one of the above described methods of quantum key provisioning proprietary, shared protection.
As can be seen from the foregoing, in the quantum key supply proprietary and shared protection method provided in this embodiment of the present application, a protection path that does not intersect with a target path is constructed, and a quantum key is generated synchronously with the target path for standby, when a problem occurs in quantum key supply of the target path, a quantum key of the protection path is timely switched to, so as to ensure transmission of a service in real time, when the number of target paths is multiple, a priority of the target path is set in advance, and when a problem occurs in multiple target paths at the same time, quantum keys are redistributed in an order from high to low in priority, so as to ensure that the most urgent service is recovered first, and ensure timeliness of service transmission. In addition, the protection key generated by the protection path can be updated in real time along with the key of the target path, so that the timeliness and the safety of the quantum key are ensured.
Drawings
In order to more clearly illustrate the technical solutions in the present application or related technologies, the drawings required for the embodiments or related technologies in the following description are briefly introduced, and it is obvious that the drawings in the following description are only the embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a proprietary protection method for quantum key provisioning according to an embodiment of the present application;
fig. 2 is a schematic view of an application scenario of a proprietary protection method for quantum key provisioning according to an embodiment of the present application;
fig. 3 is a flowchart of a method for sharing protection of quantum key provisioning according to an embodiment of the present application;
fig. 4 is a schematic view of an application scenario of a quantum key supply sharing protection method according to an embodiment of the present application;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to the accompanying drawings in combination with specific embodiments.
It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
As described in the background section, in the prior art, a joint protection strategy in a scenario where data traffic and key traffic are coupled when quantum key distribution is applied to an optical network is often considered, and differences in survivability between the optical network and a quantum key distribution network are not considered in the actual application process of these schemes, that is, timely switching of data traffic in an optical network protection scenario cannot be completely applicable to the quantum key distribution network, because a new quantum key needs to be regenerated when a problem occurs in quantum key distribution, the generation process of the key needs to undergo a series of operations, and extra overhead caused by these operations has a non-negligible effect on the timeliness of protection.
In view of the above, embodiments of the present application provide a method for quantum key supply proprietary and shared protection, where a protection path that does not intersect with a target path is constructed, the protection path and the target path synchronously generate a quantum key, and when a problem occurs in quantum key supply of the target path, the quantum key of the protection path is timely called to ensure safe transmission of target path services. When the target paths are multiple, the priority of the target paths is set in advance, and the quantum keys are redistributed in the sequence from high to low in priority, so that when the multiple target paths have problems at the same time, the most urgent service is guaranteed to be recovered at first, and the timeliness of service transmission is guaranteed. In addition, the protection key generated by the protection path can be updated in real time along with the key of the target path, so that the timeliness and the safety of the quantum key are ensured.
Hereinafter, the technical means of the embodiments of the present application will be described in detail by specific examples.
Referring to fig. 1, a proprietary protection method for quantum key provisioning of an embodiment of the present application may include the following steps:
step S101, constructing a first protection path according to the acquired physical topology information of the first target path;
step S102, generating a first user key according to the first target path;
step S103, generating a first protection key according to the first protection path;
step S104, in response to the interruption of the first user key supply, invoking the first protection key to replace the first user key so as to recover the key supply of the first target path.
With reference to fig. 2, a schematic view of an application scenario of the proprietary protection method for quantum key provisioning according to the embodiment of the present application is shown with respect to step S101.
The figure shows QKDN controllers (quantum key distribution network controllers), KM1-KM4, being key managers, QKD modules 1-4, being nodes of the target path or the protection path, in the key management layer, in the quantum layer, the quantum layer and the key management layer are connected to the quantum key distribution network manager.
In this embodiment, the controller obtains the intra-domain physical topology, traverses the intra-domain physical link information, and abstracts the two-segment node sequence numbers of the intra-domain links into x and y coordinates of an array in a two-dimensional array form. Then, according to the obtained physical topology information of the first target path (working path), which is the node 1-node 2-node 4 in this embodiment, for key supply on the quantum key distribution path of the path, the node 1-node 3-node 4 is selected as a dedicated protection path to perform key supply protection. It should be noted that the links of the first protection path and the first target path need to be constructed without overlapping, i.e. the two paths do not intersect.
For step S102, in this embodiment, quantum keys are generated at node 1, node 2, and node 4 on the first target path, then the quantum keys of node 1 and node 2 are synchronized, and the subkeys of node 2 and node 4 are synchronized, and all obtained subkeys are the first quantum key.
Then, the key management agent module formats the first quantum keys of the nodes 1-2 to obtain a first formatted key, formats the first quantum keys of the nodes 2-4 to obtain a first formatted key, and then performs key relay processing on the two first formatted keys to obtain the first user keys of the nodes 1-2-4, wherein the key relay process is to enable the source node and the sink node to share the quantum keys, and specifically, the key relay process is that after the quantum keys of the nodes 1-2 are encrypted by the quantum keys of the nodes 2-4, the quantum keys of the nodes 1-2 are transmitted to the nodes 1 and 4 to enable the nodes 1 to obtain the quantum keys of the nodes 2-4, or the quantum keys of the nodes 1-2 can be obtained by the nodes 4. After the key relay process is performed, a first user key is obtained and stored to the key provisioning agent module.
For step S103, in this embodiment, quantum keys are generated at the node 1, the node 3, and the node 4 on the first protection path, then the quantum keys of the node 1 and the node 3 are synchronized, and the sub-keys of the node 3 and the node 4 are synchronized, and all that is obtained is the second quantum key, and those skilled in the art should know the synchronization process, which is not described herein again.
Then, the key management agent module formats the second quantum keys of the nodes 1 to 3 to obtain second formatted keys, formats the second quantum keys of the nodes 3 to 4 to obtain second formatted keys, and then performs key relay processing on the two second formatted keys to obtain first protection keys of the nodes 1 to 3 to 4, wherein the key relay process is to enable the source node and the sink node to share the quantum keys, and specifically, the key relay process is that the node 3 encrypts the quantum keys of the nodes 1 to 3 by using the quantum keys of the nodes 3 to 4 and transmits the encrypted quantum keys to the nodes 1 and 4 to enable the node 1 to obtain the quantum keys of the nodes 3 to 4, or the node 4 can obtain the quantum keys of the nodes 1 to 3. After the key relay process is performed, a first protection key is obtained and stored to the key provisioning agent module.
Step S102 and step S103 are performed synchronously, in the above formatting process, the length of the second formatting key needs to be the same as the length of the first user key, the purpose of the formatting process is to make the length of the first user key and the length of the first protection key finally the same, so as to be used for subsequent key supply switching, and the key length may be set according to the requirement.
The rate of the first user key generated by the first target path in the above step S102 is the same as the rate of the first protection key generated by the first protection path in the above step S103, and the two are generated synchronously, that is, when the first user key is regenerated, the first protection key is also regenerated. The first protection key is periodically and synchronously updated along with the life cycle of the quantum key distribution network. In addition, the key provisioning agent module stores the first user key and the first protection key generated in the above step in a partitioned manner, the first user key is normally provisioned for service use, the first protection key is reserved in the key provisioning agent module to wait for subsequent key switching, and certainly, in the waiting process, as described above, the first user key and the first protection key are updated together.
After that, when the key supply of the node 1-2-4 is interrupted in the service transportation process, the quantum key distribution network can ignore the specific reason of the fault, and directly call the first protection key in the storage to replace the first user key so as to ensure the safe transmission of the node 1-2-4 service.
It should be noted that the first protection key generated in the first protection path cannot serve other services in the process that the first target path normally generates the key, which is to ensure that the first target path can resume supply at the first time when the key supply fails, so that the services can be transmitted in time, and therefore the above-mentioned proprietary protection method for quantum key supply is generally applied to transmitting services that have a high requirement on timeliness.
Based on the same inventive concept, the embodiment of the application also provides a sharing protection method for quantum key supply.
Referring to fig. 3, a method for shared protection of quantum key provisioning according to an embodiment of the present application may include the following steps:
step S301, constructing a second protection path according to the obtained physical topology information of at least two second target paths;
step S302, setting the priority of at least two second target paths;
step S303, generating at least two second user keys according to at least two second target paths;
step S304, in response to at least two second user key supply interruptions, taking a path with a highest priority level in the at least two second target paths as a third target path, generating a second protection key according to the second protection path, and invoking the second protection key to replace the second user key of the third target path, so as to recover key supply of the third target path.
With reference to fig. 4, step S301 is a schematic view of an application scenario of the quantum key provisioning shared protection method according to the embodiment of the present application.
Shown are QKDN controllers (quantum key distribution network controllers), KM1-KM5, being key managers, in a key management layer, QKD modules 1-5, being nodes of a target path or a protection path, in a quantum layer, the quantum layer and the key management layer being connected to the quantum key distribution network manager.
In this embodiment, the controller obtains the intra-domain physical topology, traverses the intra-domain physical link information, and abstracts the two-segment node sequence numbers of the intra-domain links into x and y coordinates of an array in a two-dimensional array form. And then, according to the obtained physical topology information of at least two second target paths (working paths), namely the nodes 1-2-5 and the nodes 1-3-5 in the embodiment, aiming at key supply on the quantum key distribution path of the paths, selecting the nodes 1-4-5 as shared protection paths to perform key supply protection. It should be noted that the links of the constructed second protection path need not overlap with the links of all the second target paths, that is, the second protection path does not intersect with any of the second target paths.
Furthermore, the priority of at least two second target paths is set, and the level of the priority depends on the importance of the customer service and the timeliness of service transmission.
Further, in this embodiment, the quantum keys are generated at the node 1, the node 2 and the node 5 on the second target path of the node 1-2-5, and then the quantum keys of the node 1 and the node 2 are synchronized, and the keys of the node 2 and the node 5 are synchronized, so that the second quantum key is obtained. And generating quantum keys at the node 1, the node 3 and the node 5 on the second target path of the nodes 1-3-5, then synchronizing the quantum keys of the node 1 and the node 3, and synchronizing the quantum keys of the node 3 and the node 5 to obtain the second quantum keys. The above synchronization process is known to those skilled in the art and will not be described herein.
Then, the key management agent module formats the second quantum keys of the nodes 1-2 to obtain third formatted keys, formats the second quantum keys of the nodes 2-5 to obtain third formatted keys, and then performs key relay processing on the two third formatted keys to obtain second user keys of the nodes 1-2-5, wherein the key relay process is to enable the source node and the sink node to share the quantum keys, and specifically, the key relay process is that after the quantum keys of the nodes 1-2 are encrypted by the quantum keys of the nodes 2-5, the quantum keys of the nodes 1-2 are transmitted to the nodes 1 and 5 to enable the nodes 1 to obtain the quantum keys of the nodes 2-5, or the quantum keys of the nodes 1-2 can be obtained by the nodes 5. After the key relay process is performed, a second user key is obtained and stored to the key provisioning agent module. Similarly, the second target path of the node 1-3-5 generates the second user key, and the specific generation process is the same as the second target path generation process of the node 1-2-5, and therefore, the detailed description thereof is omitted here.
With respect to step S303, when the second user keys are generated by at least two second target paths, the second protection path generates a third user key synchronously, and it should be noted that the second protection path generates the third user key only when the second user keys of all the second target paths are normally supplied, and the third user key may be used for transmission of other services. When the second protection path generates the third user key, the speed of generating the key does not need to be consistent with the second target path. Of course, the second protection path may generate the second protection key as in the aforementioned proprietary protection method, that is, the second protection path is set to an idle state, and is replaced after the second target path fails, and it should be noted that, at this time, the speed of generating the second protection key by the second protection path needs to be the same as the speed of generating the second user key by the second target path.
Further, when it is found that there are at least two second user key supply interruptions, the priority of the second target path corresponding to the second user key is first determined, and the path with the highest priority among the second user key supply interruptions is taken as a third target path, in this embodiment, it can be seen that key supply interruptions occur to the nodes 1-2 and 3-5 paths, which causes key supply interruptions to the nodes 1-2-5 path and 1-3-5 path, the protection priorities of the nodes 1-2-5 path and 1-3-5 path are obtained, the priority of the 1-2-5 path is obtained, and then the path 1-2-5 is taken as the third target path. Thereafter, the second protection path generates a second protection key. The second protection path generates a third user key due to normalization, and at this time, if the third user key is in a supply state, the supply of the third user key is stopped, and key relay processing is performed on a fourth formatted key on the second protection path; the fourth formatting key is the formatting key when the third user key is generated; and obtaining and storing the second protection key, then calling the stored second protection key to replace the second user key, and continuing the service transmission of the second target path. The third user key may be a key for node 1-4 path service transmission, a key for node 4-5 path service transmission, or a key for node 1-4-5 path service transmission, so that after the quantum key supply of the target path is interrupted, the protection path needs to perform key relay first to ensure key sharing of the source node and the sink node.
It can be seen from the foregoing embodiments that, in the quantum key supply proprietary and shared protection method according to the embodiments of the present application, a protection path that does not intersect with a target path is constructed, and a quantum key is generated synchronously with the target path for backup, when a problem occurs in quantum key supply of the target path, a quantum key of the protection path is timely switched to, so as to ensure transmission of a service in real time, when the number of target paths is multiple, a priority of the target path is set in advance, and when a problem occurs in multiple target paths at the same time, quantum keys are redistributed in an order from high to low in priority, so as to ensure that the most urgent service is recovered first, and thus, timeliness of service transmission is ensured.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In this distributed scenario, one device of the multiple devices may only perform one or more steps of the method of the embodiment of the present application, and the multiple devices interact with each other to complete the method.
It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the proprietary and shared protection method for quantum key provisioning described in any embodiment above is implemented.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
The bus 1050 includes a path to transfer information between various components of the device, such as the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement a proprietary and shared protection method for quantum key provisioning corresponding to any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiment methods, the present application also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method for quantum key provisioning proprietary, shared protection as described in any of the above embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the method for protecting the proprietary and shared quantum key provisioning as described in any of the foregoing embodiments, and have the beneficial effects of the corresponding method embodiments, and therefore details are not repeated here.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Further, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present application are intended to be included within the scope of the present application.

Claims (10)

1. A method for proprietary protection of quantum key provisioning, comprising:
constructing a first protection path according to the acquired physical topology information of the first target path;
generating a first user key according to the first target path;
generating a first protection key according to the first protection path;
in response to the first user key provisioning interruption, invoking the first protection key in place of the first user key to resume key provisioning of the first target path.
2. The method of claim 1, wherein a first rate at which the first target path generates the first user key is the same as a second rate at which the first protection path generates the first protection key;
the method further comprises the following steps:
the first protection key is regenerated in response to the first user key regeneration.
3. The method of claim 1, wherein generating the first user key based on the first target path comprises:
generating at least one first quantum key according to at least one pair of nodes of the first target path;
formatting the at least one first quantum key to obtain at least one first formatted key;
and carrying out key relay processing on the at least one first formatted key to obtain a first user key.
4. The method of claim 1, wherein generating the first protection key according to the first protection path comprises:
generating at least one second quantum key according to at least one pair of nodes of the first protection path;
formatting the at least one second quantum key to obtain at least one second formatted key;
and carrying out key relay processing on the at least one second formatted key to obtain a first protection key.
5. The method of claim 4, wherein the second formatting key has a length that is the same as the length of the first user key; the length of the first protection key is the same as the length of the first user key.
6. The method of claim 1, wherein the first target path is not coincident with a link of the first protection path.
7. A method for shared protection of quantum key provisioning, comprising:
constructing a second protection path according to the acquired physical topology information of at least two second target paths;
setting priorities of at least two second target paths;
generating at least two second user keys according to at least two second target paths;
and in response to the interruption of the key supply of at least two second users, taking the path with the highest priority in the at least two second target paths as a third target path, generating a second protection key according to the second protection path, and calling the second protection key to replace the second user key of the third target path so as to recover the key supply of the third target path.
8. The method of claim 7, further comprising:
in response to at least two of the second user keys being properly provisioned, the second protection path generates a third user key; the third user key serves traffic transport for the second protection path.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 8 when executing the program.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 8.
CN202210853501.9A 2022-07-08 2022-07-08 Quantum key supply proprietary and shared protection method and related equipment Pending CN115426104A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210853501.9A CN115426104A (en) 2022-07-08 2022-07-08 Quantum key supply proprietary and shared protection method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210853501.9A CN115426104A (en) 2022-07-08 2022-07-08 Quantum key supply proprietary and shared protection method and related equipment

Publications (1)

Publication Number Publication Date
CN115426104A true CN115426104A (en) 2022-12-02

Family

ID=84196632

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210853501.9A Pending CN115426104A (en) 2022-07-08 2022-07-08 Quantum key supply proprietary and shared protection method and related equipment

Country Status (1)

Country Link
CN (1) CN115426104A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633544A (en) * 2023-07-21 2023-08-22 杭州海康威视数字技术股份有限公司 Multi-core key hierarchical storage and synchronization method and device in hardware password module

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633544A (en) * 2023-07-21 2023-08-22 杭州海康威视数字技术股份有限公司 Multi-core key hierarchical storage and synchronization method and device in hardware password module
CN116633544B (en) * 2023-07-21 2023-10-10 杭州海康威视数字技术股份有限公司 Multi-core key hierarchical storage and synchronization method and device in hardware password module

Similar Documents

Publication Publication Date Title
AU2017282817B2 (en) Data processing method and device
CN113259455B (en) Cross-subnet interaction method and device
CN108259175B (en) Distributed password service method and system
CN104679604A (en) Method and device for switching between master node and standby node
US20180351737A1 (en) Communication apparatus, communication system, key sharing method, and computer program product
CN115426104A (en) Quantum key supply proprietary and shared protection method and related equipment
CN109495345A (en) A kind of BFD processing method and the network equipment
CN111325552A (en) Data processing method and device, electronic equipment and storage medium
US20220231907A1 (en) METHOD AND APPARATUS FOR TRIGGERING vOMCI FUNCTION FROM OLT TO SEND OMCI MESSAGES
CN114780982A (en) Flow business circulation method, device and system
US20120254607A1 (en) System And Method For Security Levels With Cluster Communications
WO2023185936A1 (en) Communication methods used for cloud network system, apparatus, system and storage medium
US11388001B2 (en) Encrypted communication device, encrypted communication system, encrypted communication method, and program
US20230056683A1 (en) Quantum Key Distribution Network Security Survivability
CN106357704A (en) Method and device for invoking service on basis of development environments
CN113392350B (en) Page routing processing method, device, equipment and storage medium
CN112398913B (en) Service scheduling method and system
CN102647424B (en) Data transmission method and data transmission device
CN114691034A (en) Data storage method and data processing equipment
JP6309432B2 (en) Secret calculation system and method, management server and program
JP2019153055A (en) Cluster system, information processing apparatus, cluster monitoring method, and cluster monitoring program
CN114039838A (en) Power communication network fault analysis method based on maximum disjoint double routes and related equipment
CN114268576A (en) Method for determining interlock fault survival parameters of power CPS and related equipment
CN104038469A (en) Equipment for security information interaction
CN108717384B (en) Data backup method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination