EP4360231A1 - Communications network transmission and receiving apparatus and method of secure data transmission - Google Patents

Communications network transmission and receiving apparatus and method of secure data transmission

Info

Publication number
EP4360231A1
EP4360231A1 EP21737376.0A EP21737376A EP4360231A1 EP 4360231 A1 EP4360231 A1 EP 4360231A1 EP 21737376 A EP21737376 A EP 21737376A EP 4360231 A1 EP4360231 A1 EP 4360231A1
Authority
EP
European Patent Office
Prior art keywords
user plane
plane data
data
qkd
transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21737376.0A
Other languages
German (de)
French (fr)
Inventor
Giuseppe CELOZZI
Pietro Picaro
Simone BERTUCCI
Ettore Pulieri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of EP4360231A1 publication Critical patent/EP4360231A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0278WDM optical network architectures
    • H04J14/0282WDM tree architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • the invention relates to communications network transmission apparatus, communications network receiving apparatus, communications network fronthaul apparatus, communications network optical interconnect apparatus and a communications network node.
  • the invention further relates to a method of secure data transmission in a communications network.
  • C-RAN Centralized Radio Access Network architecture
  • the new network domain interconnecting the Baseband units, BBU, and the Remote Radio units, RRU, at the cell sites, is referred to as the Mobile Fronthaul.
  • WDM wavelength division multiplexing
  • Fiber fronthaul is the main solution for building strict coordinated or integrated networks when separating radio and baseband parts.
  • microwave fronthaul can overcome these obstacles.
  • Ericsson Fronthaul is fibre fronthaul based on a WDM solution, transporting transparently common public radio interface, CPRI, (as defined, for example, in “CPRI Specification V6.0 (2013-08-30): Interface Specification”) and/or evolved CPRI, eCPRI, (as defined, for example, in “eCPRI Specification V2.0 (2019-05-10): Interface Specification”) protocol signals between radio base station, RBS, baseband units and remote radio units, RRU.
  • CPRI transparently common public radio interface
  • eCPRI evolved CPRI
  • the WDM technology allows many different transport channels to be multiplexed on a single fiber.
  • This assumption is starting to change with the 5G radio market evolving towards Open Radio Access Network, RAN, solutions, and, eventually, to support this vision, a need for a standard and widespread version of CPRI/eCPRI will arise, bringing with it the need to protect this type of traffic with a solid encryption mechanism.
  • An aspect provides communications network transmission apparatus comprising optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry.
  • the optical transceivers are for generating optical signals at one different channel wavelength each.
  • the optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link.
  • the QKD transmitter module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data.
  • the processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
  • the transmission apparatus is provided with the capacity to perform quantum key generation which may enable a state of the art security infrastructure for a communications network.
  • the transmission apparatus may enable encryption of traffic, such as CPRI/eCPRI traffic, within a communications network, so that all data are transported over QKD-protected links.
  • the transmission apparatus may enable implementation of a QKD enabled 5G network, including fronthaul and optical interconnections.
  • the transmission apparatus may enable implementation of QKD directly into the Radio Access Network, RAN, in particular, fronthaul links, including BBU-RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
  • fronthaul links including BBU-RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
  • the user plane data is digital user plane data.
  • the operations further include converting the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms, and resampling and quantizing the I and Q waveforms to obtain equivalent l/Q data.
  • the encrypting comprises encrypting the l/Q data using the cryptographic keys supplied from the QKD transmitter module to form encrypted l/Q data forming the processed user plane data.
  • the transmission apparatus may enable encrypted transmission of l/Q data over a QKD- protected link from a BBU to an RRU or an RRU to an RRU.
  • the user plane data is digital user plane data.
  • the encrypting comprises encrypting the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module to form the processed user plane data.
  • the transmission apparatus may enable encrypted transmission of user plane data over a QKD-protected links between BBUs or between routers.
  • the operations further include providing synchronization and control data, and multiplexing the processed user plane data with the synchronization and control data.
  • Preparing the processed user plane data for transmission comprises preparing the multiplexed data for transmission.
  • the transmitted optical signals carry the multiplexed data prepared for transmission.
  • the transmission apparatus may enable transmission of encrypted user plane data together with synchronization and control data over a QKD-protected link.
  • the multiplexing and preparing the multiplexed data for transmission comprises framing the processed user plane data with related synchronization and control data and line coding the framed data.
  • the transmission apparatus may enable QKD-enabled encryption of the user plane data prior to framing and line coding.
  • preparing the processed user plane data for transmission is performed according to one of a common public radio interface, CPRI, protocol or an enhanced CPRI, eCPRI, protocol.
  • a first optical transceiver is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals.
  • a second optical transceiver is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation.
  • the first and second optical transceivers together enable a QKD link for the QKD transmitter module.
  • the transmission apparatus may enable QKD quantum and authentication channels to be multiplexed together with traffic channels onto the same WDM fiber interconnecting, for example, two fronthaul front-ends, baseband units or routers; advantageously, no additional fibers or specific hardware is required for the quantum and authentication channels.
  • An aspect provides communications network receiving apparatus comprising an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry.
  • the optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link.
  • the optical transceivers are for receiving the optical signals at channel wavelengths.
  • the QKD receiver module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • the receiving apparatus is provided with the capacity to perform quantum key generation which may enable a state of the art security infrastructure for a communications network.
  • the receiving apparatus may enable encryption of traffic, such as CPRI/eCPRI traffic, within a communications network, so that all data are transported over QKD-protected links.
  • the receiving apparatus may enable implementation of a QKD enabled 5G network, including fronthaul and optical interconnections.
  • the receiving apparatus may enable implementation of QKD directly into the Radio Access Network, RAN, in particular, fronthaul links, including BBU- RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
  • fronthaul links including BBU- RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
  • the processed user plane data is encrypted l/Q data and the decrypting comprises decrypting the encrypted l/Q data to obtain l/Q data.
  • the receiving apparatus enables a QKD-protected link to be established between a BBU and an RRU, or between RRUs. Pushing QKD to the RRU enables an easy extension of Quantum-Safe Crypto solutions beyond the edge of the network, thus laying the foundations of an end-to-end Quantum-based security covering the whole network, from UEs and loT devices to national backbones through FrontHaul, Access Aggregation and Metro-Regional Aggregation segments.
  • the decrypting comprises decrypting the processed user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • the receiving apparatus enables a QKD- protected link to be established between BBUs or between routers.
  • the receiving comprises receiving processed user plane data multiplexed with synchronization and control data and demultiplexing the processed user plane data from the synchronization and control data.
  • the receiving apparatus may enable transmission of encrypted user plane data together with synchronization and control data over a QKD-protected link.
  • a first optical transceiver is allocated as a quantum channel for the QKD receiver module for receiving quantum signals.
  • a second optical transceiver is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation.
  • the first and second optical transceivers together enable a QKD link for the QKD receiver module.
  • the receiving apparatus may enable QKD quantum and authentication channels to be multiplexed together with traffic channels onto the same WDM fiber interconnecting, for example, two fronthaul front-ends, baseband units or routers; advantageously, no additional fibers or specific hardware is required for the quantum and authentication channels.
  • An aspect provides communications network fronthaul apparatus comprising communications network transmission apparatus and communications network receiving apparatus.
  • the communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry.
  • the optical transceivers are for generating optical signals at one different channel wavelength each.
  • the optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link.
  • the QKD transmitter module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data.
  • the processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
  • the communications network receiving apparatus comprises an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry.
  • the optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link.
  • the optical transceivers are for receiving the optical signals at channel wavelengths.
  • the QKD receiver module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • the user plane data is digital user plane data.
  • the operations performed by the transmission apparatus processing circuitry further include converting the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms, and resampling and quantizing the I and Q waveforms to obtain equivalent l/Q data.
  • the encrypting comprises encrypting the l/Q data using the cryptographic keys supplied from the QKD transmitter module to form encrypted l/Q data forming the processed user plane data.
  • the processed user plane data received at the receiving apparatus is encrypted l/Q data and the decrypting comprises decrypting the encrypted l/Q data to obtain l/Q data.
  • a first optical transceiver of the transmission apparatus is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals.
  • a second optical transceiver of the transmission apparatus is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation.
  • a first optical transceiver of the receiving apparatus is allocated as a quantum channel for the QKD receiver module for receiving quantum signals.
  • a second optical transceiver of the receiving apparatus is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation.
  • the first and second optical transceivers at the transmission apparatus and at the receiving apparatus together enable a QKD link between the QKD transmitter module and the QKD receiver module.
  • An aspect provides communications network optical interconnect apparatus comprising communications network transmission apparatus and communications network receiving apparatus.
  • the communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry.
  • the optical transceivers are for generating optical signals at one different channel wavelength each.
  • the optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link.
  • the QKD transmitter module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data.
  • the processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
  • the communications network receiving apparatus comprises an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry.
  • the optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link.
  • the optical transceivers are for receiving the optical signals at channel wavelengths.
  • the QKD receiver module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • the user plane data is digital user plane data.
  • the encrypting comprises encrypting the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module to form the processed user plane data.
  • the decrypting comprises decrypting the processed user plane data received at the receiving apparatus using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • a first optical transceiver of the transmission apparatus is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals.
  • a second optical transceiver of the transmission apparatus is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation.
  • a first optical transceiver of the receiving apparatus is allocated as a quantum channel for the QKD receiver module for receiving quantum signals.
  • a second optical transceiver of the receiving apparatus is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation.
  • the first and second optical transceivers at the transmission apparatus and at the receiving apparatus together enable a QKD link between the QKD transmitter module and the QKD receiver module.
  • An aspect provides a communications network node comprising at least one of communications network transmission apparatus and communications network receiving apparatus.
  • the communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry.
  • the optical transceivers are for generating optical signals at one different channel wavelength each.
  • the optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link.
  • the QKD transmitter module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data.
  • the processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
  • the communications network receiving apparatus comprises an optical multiplexer, a plurality of optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry.
  • the optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link.
  • the plurality of optical transceivers are operable to receive the optical signals at channel wavelengths.
  • the QKD receiver module is configured for performing cryptographic key generation.
  • the processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
  • An aspect provides a method of secure data transmission in a communications network.
  • the method comprising the following steps.
  • Quantum key distribution, QKD is performed to generate cryptographic keys.
  • User plane data is received and the user plane data is encrypted using the cryptographic keys to form processed user plane data.
  • the processed user plane data is prepared for transmission and optical signals are transmitted carrying the processed user plane data prepared for transmission.
  • An aspect provides a method of secure data reception in a communications network.
  • the method comprises the following steps. Quantum key distribution, QKD, is performed to generate cryptographic keys.
  • Optical signals carrying processed user plane data are received.
  • the optical signals are detected to obtain the processed user plane data.
  • the processed user plane data is decrypted using the cryptographic keys to obtain user plane data.
  • An aspect provides a method of secure communication in a communications network comprising transmission apparatus and receiving apparatus.
  • the method comprises the following steps.
  • Quantum key distribution, QKD is performed between the transmission apparatus and the receiving apparatus to generate shared cryptographic keys.
  • QKD Quantum key distribution
  • user plane data is received and the user plane data is encrypted using the shared cryptographic keys to form processed user plane data.
  • the processed user plane data is prepared for transmission and optical signals are transmitted carrying the processed user plane data prepared for transmission.
  • optical signals carrying processed user plane data are received and the optical signals are detected to obtain the processed user plane data.
  • the processed user plane data is decrypted using the shared cryptographic keys to obtain user plane data.
  • Figure 1 is a block diagram illustrating an embodiment of communications network transmitter apparatus
  • Figure 2 is a block diagram illustrating an embodiment of communications network receiving apparatus
  • Figure 3 is a block diagram illustrating an embodiment of communications network fronthaul apparatus
  • Figure 4 is a block diagram illustrating an embodiment of communications network optical interconnect apparatus
  • FIGS. 5 to 9 are block diagrams illustrating embodiments of communications network nodes.
  • Figures 10 to 12 are flowcharts illustrating embodiments of method steps.
  • an aspect provides communications network transmission apparatus 100 comprising optical transceivers, TRx, 102, an optical multiplexer, MUX, 104, a quantum key distribution transmitter, QKD Tx, module 106 and processing circuitry 108.
  • the TRx 102 are for generating optical signals at one different channel wavelength each. That is to say, each TRx is for generating optical signals at one channel wavelength and the channel wavelength is different for each TRx.
  • the output optical signals from the TRx 102, at their different channel wavelengths, are provided to the MUX 104 via a plurality of delivery fibres 120.
  • the MUX 104 is arranged to multiplex the optical signals at the different channel wavelengths received from the TRx for transmission on a wavelength division multiplexing, WDM, optical link 130.
  • the QKD Tx module 106 is configured for performing cryptographic key generation, as described, for example, in ITU-T Recommendation ITU-T Y.3800 Overview on networks supporting quantum key distribution”.
  • the processing circuitry 108 is configured to receive user plane data 104.
  • the user plane data may, for example, be received directly by the processing circuitry, via northbound ingress/egress interface to a backhaul network, or may be received via a BBU, RRU or router.
  • the processing circuitry is further configured to encrypt the user plane data using cryptographic keys supplied from the QKD Tx module (as indicated by the open arrow) to form processed user plane data.
  • the processing circuitry is configured to prepare the processed user plane data for transmission and to cause the TRx to transmit optical signals carrying the processed user plane data prepared for transmission.
  • a connection or hardware integration is provided between the QKD Tx module and the processing circuitry 108 to allow the processing circuitry to retrieve distributed cryptographic keys.
  • a get key mechanism as described in the ETSI GS QKD 001 v1 .1 .1 (2010-12) standard, section 6.1 .3, may for example be used to retrieve the cryptographic keys.
  • the user plane data is digital user plane data, for example Ethernet-based traffic received from a backhaul network.
  • the processing circuitry 108 of this embodiment is further configured to: convert the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms; and resample and quantize the I and Q waveforms to obtain equivalent l/Q data.
  • the processing circuitry 108 is configured to encrypt the l/Q data using the cryptographic keys supplied from the QKD Tx module to form encrypted l/Q data, which forms the processed user plane data to be prepared for transmission.
  • processing circuitry 108 is further configured to provide synchronization and control data, such as radio synchronization and timing signals, and to multiplex the processed user plane data with the synchronization and control data.
  • the processing circuitry is configured to prepare the multiplexed data for transmission and the transmitted optical signals carry the multiplexed data prepared for transmission.
  • the user plane data is, again, digital user plane data.
  • the processing circuitry 108 of this embodiment is configured to encrypt the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module.
  • the encrypted digital user plane data forms the processed user plane data to be prepared for transmission.
  • the processing circuitry 108 is configured to multiplex and prepare the multiplexed data for transmission by framing the processed user plane data with related synchronization and control data and line coding the framed data.
  • processing circuitry 108 is configured to prepare the processed user plane data for transmission according to the CPRI protocol or the eCPRI protocol.
  • a first one of the TRx 102, operable at a first channel wavelength is allocated as a quantum channel for the QKD Tx module 106 for transmission of quantum signals and a second one of the TRx, operable at a second channel wavelength, is allocated as a classical channel for the QKD Tx module for synchronisation and key distillation.
  • a first connection 110 is provided between the first TRx and the QKD Tx module for controlling transmission on the quantum channel, causing the first TRx to transmit quantum key, Qkey, bits on the first optical channel 120i.
  • a second connection 112 is provided between the second TRx and the QKD Tx module for synchronisation and key distillation signals, transmitted/received by the second TRx on the second optical channel 120j.
  • a third connection 114 is provided between the processing circuitry and the remaining TRx 102 for providing the processed data for transmission to the TRx, for transmission by the remaining TRx on the remaining optical channels 120 at their channel wavelengths.
  • the first and second optical transceivers together enable a QKD link, across the WDM link 130, for the QKD Tx module.
  • the QKD link is thus wavelength multiplexed with optical channels carrying user plane data.
  • an embodiment provides communications network receiving apparatus 200 comprising an optical multiplexer, MUX, 204, optical transceivers, TRx, 202 and a QKD receiver, QKD RX, module 206.
  • the MUX 204 is arranged to receive WDM signals from a WDM optical link 230 and demultiplex the optical signals into a plurality of optical signals, each at one different channel wavelength; the optical signals carrying processed user plane data.
  • the TRx 202 are operable to receive the demultiplexed optical signals at the different channel wavelengths and to output processed user plane data.
  • the QKD Rx module 206 is configured for performing cryptographic key generation.
  • the processing circuitry 208 is configured to receive the processed user plane data from the TRx 202 and to decrypt the processed user plane data using cryptographic keys supplied from the QKD Rx module (indicated by the open arrow) to obtain user plane data.
  • a connection or hardware integration is provided between the QKD Rx module and the processing circuitry 208 to allow the processing circuitry to retrieve distributed cryptographic keys.
  • a get key mechanism as described in the ETSI GS QKD 001 vl .1.1 (2010-12) standard, section 6.1.3, may for example be used to retrieve the cryptographic keys.
  • the processed user plane data carried by the optical signals is encrypted l/Q data.
  • the processing circuitry 208 is further configured to decrypt the encrypted l/Q data using cryptographic keys supplied from the QKD Rx module to obtain l/Q data.
  • the l/Q data may then be output (as indicated by the solid arrow) to a radio antenna or RRU for transmission over the air.
  • the optical signals that are received carry processed user plane multiplexed with synchronization and control data.
  • the data processing circuitry 208 is further configured to receive the processed user plane data multiplexed with synchronization and control data from the TRx and to demultiplex the processed user plane data from the synchronization and control data, to obtain the processed user plane data.
  • the processed user plane data is then decrypted, as described above.
  • the processing circuitry 208 is configured to decrypt the user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD Rx module to obtain user plane data.
  • the digital user plane data may then be output to a BBU or a router co-located with the receiving apparatus 200.
  • a first one of the TRx 202 is allocated as a quantum channel for the QKD Rx module 206 for receiving quantum signals and a second one of the TRx is allocated as a classical channel for the QKD Rx module for synchronisation and key distillation.
  • a first connection 210 is provided between the first TRx and the QKD Rx module for receiving Qkey bits on the first optical channel 220i.
  • a second connection 212 is provided between the second TRx and the QKD Rx module for synchronisation and key distillation signals, transmitted/received by the second TRx on the second optical channel 220j.
  • a third connection 214 is provided between the processing circuitry and the remaining TRx 202 for receiving the processed data from the TRx, receiving on the remaining optical channels 220.
  • the first and second optical transceivers together enable a QKD link, across the WDM link 230, for the QKD Rx module.
  • the QKD link is thus wavelength multiplexed with optical channels carrying user plane data.
  • an embodiment provides communications network fronthaul apparatus 300 comprising communications network transmission apparatus 150 and communications network receiving apparatus 250, which are connected by a WDM optical link 330.
  • the transmission apparatus 150 is as described above with reference to Figure 1 , with the modification that the processing circuitry comprises a BBU 308.
  • the receiving apparatus 250 is as described above with reference to Figure 2, with the modification that the processing circuitry comprises an RRU 318 having a radio antenna 320.
  • ethernet-based traffic is received by the BBU via a northbound ingress/egress interface (indicated by the solid arrow) with a backhaul network (not shown).
  • Encrypted l/Q data is transmitted from the transmission apparatus across the WDM optical link 330 to the receiving apparatus, where it is decrypted at the RRU to recover the l/Q data, which is then used for the onwards transmission from the radio antenna.
  • the two endpoints (the BBU and the RRU) have asymmetric processing stacks. Encrypting user data at the l/Q level at the BBU means that enables the BBU-RRU fronthaul link to be QKD-enabled, since the RRU does not implement any Ethernet MAC level.
  • the fronthaul apparatus 300 may be used with both CPRI and eCPRI protocols.
  • an embodiment provides communications network optical interconnection apparatus 400 comprising communications network transmission apparatus 100 and communications network receiving apparatus 200, which are connected by a WDM optical link 430.
  • ethernet-based traffic (digital user plane traffic) is received by the transmission apparatus processing circuitry 108 via a northbound ingress/egress interface (indicated by the solid arrow) with a backhaul network (not shown).
  • Encrypted digital user plane traffic is transmitted from the transmission apparatus across the WDM optical link 430 to the receiving apparatus, where it is decrypted at the processing circuitry 208 to recover the digital user plane traffic, which is then transmitted onwards.
  • the two endpoints (the two BBUs and or the two routers) have symmetric processing stacks. It is therefore possible to encrypt the digital user plane data at the transmission apparatus using Ethernet MAC layer encryption because the receiving apparatus is able to provide corresponding Ethernet MAC level processing at the receiving side.
  • the optical interconnection apparatus 400 may be used with the eCPRI protocol.
  • an embodiment provides a communications network node, in this example a BBU 500, comprising communications network transmission apparatus 100, as described above with reference to Figure 1 , with the processing circuitry 508 as illustrated in Figure 7.
  • the processing circuitry 508 is configured to perform channel coding, interleaving and modulation functions 502, multiple input multiple output, MIMO, processing functions 504 and transmission power control functions 506.
  • Incoming ethernet-based traffic received via a northbound ingress/egress with a backhaul network, is initially processed by these functions.
  • the processing circuitry 508 is further configured to perform an Inverse fast Fourier transform, FFT, 510 on the received ethernet-based traffic to convert the digital user plane data into an analog Quadrature, Q, waveform and an analog In-Phase, I, waveform.
  • FFT Inverse fast Fourier transform
  • the processing circuitry 508 is configured to resample and quantize the I and Q waveforms to obtain equivalent l/Q data.
  • the processing circuitry 508 is configured to encrypt 512 the l/Q data using cryptographic keys supplied by the QKD Tx module 106 and to perform CPRI framing and line coding.
  • the processed user plane data is then output on the connection 114 to the TRx 102 for transmission on optical signals 120.
  • an embodiment provides a communications network node, in this example a router 600, comprising communications network receiving apparatus 200, as described above.
  • an embodiment provides a communications network node, in this example an RRU 700, comprising communications network receiving apparatus 250, as described above, with the processing circuitry 708 as illustrated in Figure 9.
  • the processing circuitry 708 is configured to receive encrypted l/Q data multiplexed with synchronisation and control data via the connection 214 with the TRx 202.
  • the processing circuitry is configured to perform CPRI demultiplexing and line decoding 702 to obtain the encrypted l/Q data.
  • the processing circuitry 708 is configured to decrypt 704 the encrypted l/Q data, using cryptographic key supplied by the QKD Rx module 206, to obtain l/Q data and the separate the In-phase, I, samples from the Quadrature, Q, samples.
  • the processing circuitry is configured to perform digital to analog conversion, DAC, of the I and Q samples, followed by Radio equipment, RE, Modulation to prepare the radio signal for transmission from the radio antenna 716.
  • the above embodiments may enable implementation of a QKD enabled 5G network, in which Fronthaul functions are QKD enabled too.
  • the fronthaul network has historically transported its data using a proprietary CPRI/eCPRI standard without any encryption, assuming that the risk of malicious hacking was very low.
  • CPRI/eCPRI proprietary CPRI/eCPRI standard without any encryption
  • the transmission apparatus 100, 150 described above may be located in the rack where BBU and associated fronthaul transceivers are located and in the receiving apparatus 200, 250 described above may be located in the rack where the RRU and associated fronthaul transceivers are located.
  • An embodiment provides a method 800 of secure data transmission in a communications network.
  • the method comprises steps as illustrated in Figure 10.
  • the method comprises steps of:
  • An embodiment provides a method 900 of secure data reception in a communications network. The method comprises steps as illustrated in Figure 11 .
  • the method comprises steps of:
  • An embodiment provides a method 1000 of secure data transmission in a communications network comprising transmission apparatus and receiving apparatus.
  • the method comprises steps as illustrated in Figure 12.
  • the method comprises steps of:
  • QKD quantum and authentication channels can be multiplexed together with the CPRI/eCPRI traffic channels onto the same WDM fiber interconnecting BBU and RRU, two RRUs, two BBUs or two routers (i.e. no additional fibers or specific hardware is required).
  • QKD is implemented directly into the radio access network, RAN.
  • the fronthaul is the best candidate for this, as it has all the required characteristics and architectural pervasiveness to maximize the gain in terms of costs, power consumption and reliability. It works on relatively short distances, requires traffic encryption, works over C/D-WDM optical transport (so allowing high density of logical channels on the same fiber) and doesn’t have many active components (e.g. optical amplifiers) over the physical link, which would jeopardize the quantum signal.
  • Pushing QKD to the RRU enables an easy extension of Quantum-Safe Crypto solutions beyond the edge of the network, thus laying the foundations of an end-to-end Quantum-based security covering the whole network, from UEs and loT devices to national backbones through FrontHaul, Access Aggregation and Metro-Regional Aggregation segments.

Abstract

Communications network transmission apparatus (100) comprises: optical transceivers (102); an optical multiplexer (104) arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing optical link; a quantum key distribution, QKD, transmitter module (106) configured for performing cryptographic key generation; and processing circuitry (108) configured to perform operations including: receiving user plane data; encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data; preparing the processed user plane data for transmission; and causing optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.

Description

COMMUNICATIONS NETWORK TRANSMISSION AND RECEIVING APPARATUS AND METHOD OF SECURE DATA TRANSMISSION
TECHNICAL FIELD
The invention relates to communications network transmission apparatus, communications network receiving apparatus, communications network fronthaul apparatus, communications network optical interconnect apparatus and a communications network node. The invention further relates to a method of secure data transmission in a communications network.
BACKGROUND
As the demand for network traffic grows, the network capacity must meet this demand. New Radio technologies and mobile network densification allow greater capacity per cell site. However, this increase comes at a cost beyond the capital cost of the new equipment. Other costs have to be considered: site rental, bandwidth leasing and energy consumption generally weigh heavily upon the overall cost.
The migration to a Centralized Radio Access Network architecture, C-RAN, offers the solution to these problems. In C-RAN many Baseband units are centralized in a few Central Office, CO, sites. This reduces footprint and power consumption, simplifying the interface between Baseband units and increasing radio performances through improved coordination functions.
The new network domain, interconnecting the Baseband units, BBU, and the Remote Radio units, RRU, at the cell sites, is referred to as the Mobile Fronthaul.
When fiber connection between Baseband and radio unit is available, the best option is to exploit wavelength division multiplexing, WDM, technology to increase the bandwidth capacity per fiber (thus lowering the associated fiber leasing costs). The same technology can also be exploited in metro networks to connect routers over distances of few tens of kilometres. This saves a significant number of fibers and increases connectivity.
Fiber fronthaul is the main solution for building strict coordinated or integrated networks when separating radio and baseband parts. However, the use of fiber is sometimes not possible due to right of way, cost or time to market, in these cases microwave fronthaul can overcome these obstacles. Ericsson Fronthaul is fibre fronthaul based on a WDM solution, transporting transparently common public radio interface, CPRI, (as defined, for example, in “CPRI Specification V6.0 (2013-08-30): Interface Specification”) and/or evolved CPRI, eCPRI, (as defined, for example, in “eCPRI Specification V2.0 (2019-05-10): Interface Specification”) protocol signals between radio base station, RBS, baseband units and remote radio units, RRU. The WDM technology allows many different transport channels to be multiplexed on a single fiber. Historically there hasn’t been any need to encrypt CPRI/eCPRI signals since the protocol was considered a proprietary solution and the potential security risk associated with tampering of the CPRI/eCPRI communication by a malicious party has always been assessed to be very low. This assumption is starting to change with the 5G radio market evolving towards Open Radio Access Network, RAN, solutions, and, eventually, to support this vision, a need for a standard and widespread version of CPRI/eCPRI will arise, bringing with it the need to protect this type of traffic with a solid encryption mechanism.
SUMMARY
It is an object to enable improved security of data transmission within a communications network, such as a fronthaul network or an optical interconnection within an access network.
An aspect provides communications network transmission apparatus comprising optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry. The optical transceivers are for generating optical signals at one different channel wavelength each. The optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link. The QKD transmitter module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data. The processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
The transmission apparatus is provided with the capacity to perform quantum key generation which may enable a state of the art security infrastructure for a communications network. The transmission apparatus may enable encryption of traffic, such as CPRI/eCPRI traffic, within a communications network, so that all data are transported over QKD-protected links. The transmission apparatus may enable implementation of a QKD enabled 5G network, including fronthaul and optical interconnections.
The transmission apparatus may enable implementation of QKD directly into the Radio Access Network, RAN, in particular, fronthaul links, including BBU-RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
In an embodiment, the user plane data is digital user plane data. The operations further include converting the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms, and resampling and quantizing the I and Q waveforms to obtain equivalent l/Q data. The encrypting comprises encrypting the l/Q data using the cryptographic keys supplied from the QKD transmitter module to form encrypted l/Q data forming the processed user plane data. The transmission apparatus may enable encrypted transmission of l/Q data over a QKD- protected link from a BBU to an RRU or an RRU to an RRU. In an embodiment, the user plane data is digital user plane data. The encrypting comprises encrypting the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module to form the processed user plane data. The transmission apparatus may enable encrypted transmission of user plane data over a QKD-protected links between BBUs or between routers.
In an embodiment, the operations further include providing synchronization and control data, and multiplexing the processed user plane data with the synchronization and control data. Preparing the processed user plane data for transmission comprises preparing the multiplexed data for transmission. The transmitted optical signals carry the multiplexed data prepared for transmission. The transmission apparatus may enable transmission of encrypted user plane data together with synchronization and control data over a QKD-protected link.
In an embodiment, the multiplexing and preparing the multiplexed data for transmission comprises framing the processed user plane data with related synchronization and control data and line coding the framed data. The transmission apparatus may enable QKD-enabled encryption of the user plane data prior to framing and line coding.
In an embodiment, preparing the processed user plane data for transmission is performed according to one of a common public radio interface, CPRI, protocol or an enhanced CPRI, eCPRI, protocol.
In an embodiment, a first optical transceiver is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals. A second optical transceiver is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation. The first and second optical transceivers together enable a QKD link for the QKD transmitter module. The transmission apparatus may enable QKD quantum and authentication channels to be multiplexed together with traffic channels onto the same WDM fiber interconnecting, for example, two fronthaul front-ends, baseband units or routers; advantageously, no additional fibers or specific hardware is required for the quantum and authentication channels.
Corresponding embodiments and advantages also apply to the communications network fronthaul apparatus, the communications network optical interconnection apparatus the communications network node and the method described below.
An aspect provides communications network receiving apparatus comprising an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry. The optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link. The optical transceivers are for receiving the optical signals at channel wavelengths. The QKD receiver module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data. The receiving apparatus is provided with the capacity to perform quantum key generation which may enable a state of the art security infrastructure for a communications network. The receiving apparatus may enable encryption of traffic, such as CPRI/eCPRI traffic, within a communications network, so that all data are transported over QKD-protected links. The receiving apparatus may enable implementation of a QKD enabled 5G network, including fronthaul and optical interconnections.
The receiving apparatus may enable implementation of QKD directly into the Radio Access Network, RAN, in particular, fronthaul links, including BBU- RRU and RRU-RRU, and BBU-BBU optical interconnections and router-router optical interconnections.
In an embodiment, the processed user plane data is encrypted l/Q data and the decrypting comprises decrypting the encrypted l/Q data to obtain l/Q data. The receiving apparatus enables a QKD-protected link to be established between a BBU and an RRU, or between RRUs. Pushing QKD to the RRU enables an easy extension of Quantum-Safe Crypto solutions beyond the edge of the network, thus laying the foundations of an end-to-end Quantum-based security covering the whole network, from UEs and loT devices to national backbones through FrontHaul, Access Aggregation and Metro-Regional Aggregation segments.
In an embodiment, the decrypting comprises decrypting the processed user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD receiver module to obtain user plane data. The receiving apparatus enables a QKD- protected link to be established between BBUs or between routers.
In an embodiment, the receiving comprises receiving processed user plane data multiplexed with synchronization and control data and demultiplexing the processed user plane data from the synchronization and control data. The receiving apparatus may enable transmission of encrypted user plane data together with synchronization and control data over a QKD-protected link.
In an embodiment, a first optical transceiver is allocated as a quantum channel for the QKD receiver module for receiving quantum signals. A second optical transceiver is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation. The first and second optical transceivers together enable a QKD link for the QKD receiver module. The receiving apparatus may enable QKD quantum and authentication channels to be multiplexed together with traffic channels onto the same WDM fiber interconnecting, for example, two fronthaul front-ends, baseband units or routers; advantageously, no additional fibers or specific hardware is required for the quantum and authentication channels.
Corresponding embodiments and advantages also apply to the communications network fronthaul apparatus, the communications network optical interconnection apparatus, the communications network node and the method described below.
An aspect provides communications network fronthaul apparatus comprising communications network transmission apparatus and communications network receiving apparatus. The communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry. The optical transceivers are for generating optical signals at one different channel wavelength each. The optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link. The QKD transmitter module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data. The processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission. The communications network receiving apparatus comprises an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry. The optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link. The optical transceivers are for receiving the optical signals at channel wavelengths. The QKD receiver module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
In an embodiment, the user plane data is digital user plane data. The operations performed by the transmission apparatus processing circuitry further include converting the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms, and resampling and quantizing the I and Q waveforms to obtain equivalent l/Q data. The encrypting comprises encrypting the l/Q data using the cryptographic keys supplied from the QKD transmitter module to form encrypted l/Q data forming the processed user plane data. The processed user plane data received at the receiving apparatus is encrypted l/Q data and the decrypting comprises decrypting the encrypted l/Q data to obtain l/Q data.
In an embodiment, a first optical transceiver of the transmission apparatus is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals. A second optical transceiver of the transmission apparatus is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation. A first optical transceiver of the receiving apparatus is allocated as a quantum channel for the QKD receiver module for receiving quantum signals. A second optical transceiver of the receiving apparatus is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation. The first and second optical transceivers at the transmission apparatus and at the receiving apparatus together enable a QKD link between the QKD transmitter module and the QKD receiver module.
An aspect provides communications network optical interconnect apparatus comprising communications network transmission apparatus and communications network receiving apparatus. The communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry. The optical transceivers are for generating optical signals at one different channel wavelength each. The optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link. The QKD transmitter module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data. The processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission. The communications network receiving apparatus comprises an optical multiplexer, optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry. The optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link. The optical transceivers are for receiving the optical signals at channel wavelengths. The QKD receiver module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
In an embodiment, the user plane data is digital user plane data. The encrypting comprises encrypting the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module to form the processed user plane data. The decrypting comprises decrypting the processed user plane data received at the receiving apparatus using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD receiver module to obtain user plane data.
In an embodiment, a first optical transceiver of the transmission apparatus is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals. A second optical transceiver of the transmission apparatus is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation. A first optical transceiver of the receiving apparatus is allocated as a quantum channel for the QKD receiver module for receiving quantum signals. A second optical transceiver of the receiving apparatus is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation. The first and second optical transceivers at the transmission apparatus and at the receiving apparatus together enable a QKD link between the QKD transmitter module and the QKD receiver module.
An aspect provides a communications network node comprising at least one of communications network transmission apparatus and communications network receiving apparatus. The communications network transmission apparatus comprises optical transceivers, an optical multiplexer, a quantum key distribution, QKD, transmitter module and processing circuitry. The optical transceivers are for generating optical signals at one different channel wavelength each. The optical multiplexer is arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link. The QKD transmitter module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving user plane data and encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data. The processing circuitry is further configured to prepare the processed user plane data for transmission and to cause optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission. The communications network receiving apparatus comprises an optical multiplexer, a plurality of optical transceivers, a quantum key distribution, QKD, receiver module and processing circuitry. The optical multiplexer is arranged to demultiplex optical signals received from a WDM optical link. The plurality of optical transceivers are operable to receive the optical signals at channel wavelengths. The QKD receiver module is configured for performing cryptographic key generation. The processing circuitry is configured to perform operations including receiving processed user plane data from the optical transceivers, and decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
An aspect provides a method of secure data transmission in a communications network. The method comprising the following steps. Quantum key distribution, QKD, is performed to generate cryptographic keys. User plane data is received and the user plane data is encrypted using the cryptographic keys to form processed user plane data. The processed user plane data is prepared for transmission and optical signals are transmitted carrying the processed user plane data prepared for transmission.
An aspect provides a method of secure data reception in a communications network. The method comprises the following steps. Quantum key distribution, QKD, is performed to generate cryptographic keys. Optical signals carrying processed user plane data are received. The optical signals are detected to obtain the processed user plane data. The processed user plane data is decrypted using the cryptographic keys to obtain user plane data.
An aspect provides a method of secure communication in a communications network comprising transmission apparatus and receiving apparatus. The method comprises the following steps. Quantum key distribution, QKD, is performed between the transmission apparatus and the receiving apparatus to generate shared cryptographic keys. At the transmission apparatus, user plane data is received and the user plane data is encrypted using the shared cryptographic keys to form processed user plane data. Also at the transmission apparatus, the processed user plane data is prepared for transmission and optical signals are transmitted carrying the processed user plane data prepared for transmission. At the receiving apparatus, optical signals carrying processed user plane data are received and the optical signals are detected to obtain the processed user plane data. Also at the receiving apparatus, the processed user plane data is decrypted using the shared cryptographic keys to obtain user plane data.
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings.
BRIEF DESCRIPTOIN OF THE DRAWINGS
Figure 1 is a block diagram illustrating an embodiment of communications network transmitter apparatus;
Figure 2 is a block diagram illustrating an embodiment of communications network receiving apparatus;
Figure 3 is a block diagram illustrating an embodiment of communications network fronthaul apparatus;
Figure 4 is a block diagram illustrating an embodiment of communications network optical interconnect apparatus;
Figures 5 to 9 are block diagrams illustrating embodiments of communications network nodes; and
Figures 10 to 12 are flowcharts illustrating embodiments of method steps.
DETAILED DESCRIPTION
The same reference numbers will be used for corresponding features in different embodiments.
Referring to Figure 1 , an aspect provides communications network transmission apparatus 100 comprising optical transceivers, TRx, 102, an optical multiplexer, MUX, 104, a quantum key distribution transmitter, QKD Tx, module 106 and processing circuitry 108.
The TRx 102 are for generating optical signals at one different channel wavelength each. That is to say, each TRx is for generating optical signals at one channel wavelength and the channel wavelength is different for each TRx. The output optical signals from the TRx 102, at their different channel wavelengths, are provided to the MUX 104 via a plurality of delivery fibres 120. The MUX 104 is arranged to multiplex the optical signals at the different channel wavelengths received from the TRx for transmission on a wavelength division multiplexing, WDM, optical link 130.
The QKD Tx module 106 is configured for performing cryptographic key generation, as described, for example, in ITU-T Recommendation ITU-T Y.3800 Overview on networks supporting quantum key distribution”.
The processing circuitry 108 is configured to receive user plane data 104. The user plane data may, for example, be received directly by the processing circuitry, via northbound ingress/egress interface to a backhaul network, or may be received via a BBU, RRU or router.
The processing circuitry is further configured to encrypt the user plane data using cryptographic keys supplied from the QKD Tx module (as indicated by the open arrow) to form processed user plane data. The processing circuitry is configured to prepare the processed user plane data for transmission and to cause the TRx to transmit optical signals carrying the processed user plane data prepared for transmission.
In an embodiment, a connection or hardware integration is provided between the QKD Tx module and the processing circuitry 108 to allow the processing circuitry to retrieve distributed cryptographic keys. A get key mechanism as described in the ETSI GS QKD 001 v1 .1 .1 (2010-12) standard, section 6.1 .3, may for example be used to retrieve the cryptographic keys.
In an embodiment, particularly adapted for transmitting to a remote radio unit, RRU, the user plane data is digital user plane data, for example Ethernet-based traffic received from a backhaul network. The processing circuitry 108 of this embodiment is further configured to: convert the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms; and resample and quantize the I and Q waveforms to obtain equivalent l/Q data.
The processing circuitry 108 is configured to encrypt the l/Q data using the cryptographic keys supplied from the QKD Tx module to form encrypted l/Q data, which forms the processed user plane data to be prepared for transmission.
In an embodiment, processing circuitry 108 is further configured to provide synchronization and control data, such as radio synchronization and timing signals, and to multiplex the processed user plane data with the synchronization and control data. The processing circuitry is configured to prepare the multiplexed data for transmission and the transmitted optical signals carry the multiplexed data prepared for transmission.
In another embodiment, particularly adapted for transmitting to a baseband unit or a router, the user plane data is, again, digital user plane data. The processing circuitry 108 of this embodiment is configured to encrypt the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module. The encrypted digital user plane data forms the processed user plane data to be prepared for transmission.
In an embodiment, the processing circuitry 108 is configured to multiplex and prepare the multiplexed data for transmission by framing the processed user plane data with related synchronization and control data and line coding the framed data.
In an embodiment, processing circuitry 108 is configured to prepare the processed user plane data for transmission according to the CPRI protocol or the eCPRI protocol.
In an embodiment, a first one of the TRx 102, operable at a first channel wavelength, is allocated as a quantum channel for the QKD Tx module 106 for transmission of quantum signals and a second one of the TRx, operable at a second channel wavelength, is allocated as a classical channel for the QKD Tx module for synchronisation and key distillation.
A first connection 110 is provided between the first TRx and the QKD Tx module for controlling transmission on the quantum channel, causing the first TRx to transmit quantum key, Qkey, bits on the first optical channel 120i. A second connection 112 is provided between the second TRx and the QKD Tx module for synchronisation and key distillation signals, transmitted/received by the second TRx on the second optical channel 120j.
A third connection 114 is provided between the processing circuitry and the remaining TRx 102 for providing the processed data for transmission to the TRx, for transmission by the remaining TRx on the remaining optical channels 120 at their channel wavelengths.
The first and second optical transceivers together enable a QKD link, across the WDM link 130, for the QKD Tx module. The QKD link is thus wavelength multiplexed with optical channels carrying user plane data.
Referring to Figure 2, an embodiment provides communications network receiving apparatus 200 comprising an optical multiplexer, MUX, 204, optical transceivers, TRx, 202 and a QKD receiver, QKD RX, module 206.
The MUX 204 is arranged to receive WDM signals from a WDM optical link 230 and demultiplex the optical signals into a plurality of optical signals, each at one different channel wavelength; the optical signals carrying processed user plane data.
The TRx 202 are operable to receive the demultiplexed optical signals at the different channel wavelengths and to output processed user plane data.
The QKD Rx module 206 is configured for performing cryptographic key generation.
The processing circuitry 208 is configured to receive the processed user plane data from the TRx 202 and to decrypt the processed user plane data using cryptographic keys supplied from the QKD Rx module (indicated by the open arrow) to obtain user plane data.
In an embodiment, a connection or hardware integration is provided between the QKD Rx module and the processing circuitry 208 to allow the processing circuitry to retrieve distributed cryptographic keys. A get key mechanism as described in the ETSI GS QKD 001 vl .1.1 (2010-12) standard, section 6.1.3, may for example be used to retrieve the cryptographic keys.
In an embodiment, particularly adapted for receiving at a remote radio unit, RRU, the processed user plane data carried by the optical signals is encrypted l/Q data. The processing circuitry 208 is further configured to decrypt the encrypted l/Q data using cryptographic keys supplied from the QKD Rx module to obtain l/Q data. The l/Q data may then be output (as indicated by the solid arrow) to a radio antenna or RRU for transmission over the air.
In an embodiment, the optical signals that are received carry processed user plane multiplexed with synchronization and control data. The data processing circuitry 208 is further configured to receive the processed user plane data multiplexed with synchronization and control data from the TRx and to demultiplex the processed user plane data from the synchronization and control data, to obtain the processed user plane data. The processed user plane data is then decrypted, as described above.
In another embodiment, particularly adapted for receiving at a baseband unit or at a router, the processing circuitry 208 is configured to decrypt the user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD Rx module to obtain user plane data. The digital user plane data may then be output to a BBU or a router co-located with the receiving apparatus 200.
In an embodiment, a first one of the TRx 202 is allocated as a quantum channel for the QKD Rx module 206 for receiving quantum signals and a second one of the TRx is allocated as a classical channel for the QKD Rx module for synchronisation and key distillation.
A first connection 210 is provided between the first TRx and the QKD Rx module for receiving Qkey bits on the first optical channel 220i. A second connection 212 is provided between the second TRx and the QKD Rx module for synchronisation and key distillation signals, transmitted/received by the second TRx on the second optical channel 220j.
A third connection 214 is provided between the processing circuitry and the remaining TRx 202 for receiving the processed data from the TRx, receiving on the remaining optical channels 220.
The first and second optical transceivers together enable a QKD link, across the WDM link 230, for the QKD Rx module. The QKD link is thus wavelength multiplexed with optical channels carrying user plane data.
Referring to Figure 3, an embodiment provides communications network fronthaul apparatus 300 comprising communications network transmission apparatus 150 and communications network receiving apparatus 250, which are connected by a WDM optical link 330.
The transmission apparatus 150 is as described above with reference to Figure 1 , with the modification that the processing circuitry comprises a BBU 308. The receiving apparatus 250 is as described above with reference to Figure 2, with the modification that the processing circuitry comprises an RRU 318 having a radio antenna 320.
In an embodiment, ethernet-based traffic is received by the BBU via a northbound ingress/egress interface (indicated by the solid arrow) with a backhaul network (not shown). Encrypted l/Q data is transmitted from the transmission apparatus across the WDM optical link 330 to the receiving apparatus, where it is decrypted at the RRU to recover the l/Q data, which is then used for the onwards transmission from the radio antenna.
In this case of BBU-RRU fronthaul connectivity, for example in C-RAN, the two endpoints (the BBU and the RRU) have asymmetric processing stacks. Encrypting user data at the l/Q level at the BBU means that enables the BBU-RRU fronthaul link to be QKD-enabled, since the RRU does not implement any Ethernet MAC level.
The fronthaul apparatus 300 may be used with both CPRI and eCPRI protocols.
Referring to Figure 4, an embodiment provides communications network optical interconnection apparatus 400 comprising communications network transmission apparatus 100 and communications network receiving apparatus 200, which are connected by a WDM optical link 430. In an embodiment, ethernet-based traffic (digital user plane traffic) is received by the transmission apparatus processing circuitry 108 via a northbound ingress/egress interface (indicated by the solid arrow) with a backhaul network (not shown). Encrypted digital user plane traffic is transmitted from the transmission apparatus across the WDM optical link 430 to the receiving apparatus, where it is decrypted at the processing circuitry 208 to recover the digital user plane traffic, which is then transmitted onwards.
In this case of a BBU -BBU or router-router connectivity, the two endpoints (the two BBUs and or the two routers) have symmetric processing stacks. It is therefore possible to encrypt the digital user plane data at the transmission apparatus using Ethernet MAC layer encryption because the receiving apparatus is able to provide corresponding Ethernet MAC level processing at the receiving side.
The optical interconnection apparatus 400 may be used with the eCPRI protocol.
Referring to Figures 5 and 7, an embodiment provides a communications network node, in this example a BBU 500, comprising communications network transmission apparatus 100, as described above with reference to Figure 1 , with the processing circuitry 508 as illustrated in Figure 7.
The processing circuitry 508 is configured to perform channel coding, interleaving and modulation functions 502, multiple input multiple output, MIMO, processing functions 504 and transmission power control functions 506. Incoming ethernet-based traffic, received via a northbound ingress/egress with a backhaul network, is initially processed by these functions. The processing circuitry 508 is further configured to perform an Inverse fast Fourier transform, FFT, 510 on the received ethernet-based traffic to convert the digital user plane data into an analog Quadrature, Q, waveform and an analog In-Phase, I, waveform. The processing circuitry 508 is configured to resample and quantize the I and Q waveforms to obtain equivalent l/Q data. The processing circuitry 508 is configured to encrypt 512 the l/Q data using cryptographic keys supplied by the QKD Tx module 106 and to perform CPRI framing and line coding. The processed user plane data is then output on the connection 114 to the TRx 102 for transmission on optical signals 120.
Referring to Figure 6, an embodiment provides a communications network node, in this example a router 600, comprising communications network receiving apparatus 200, as described above.
Referring to Figures 8 and 9, an embodiment provides a communications network node, in this example an RRU 700, comprising communications network receiving apparatus 250, as described above, with the processing circuitry 708 as illustrated in Figure 9.
The processing circuitry 708 is configured to receive encrypted l/Q data multiplexed with synchronisation and control data via the connection 214 with the TRx 202. The processing circuitry is configured to perform CPRI demultiplexing and line decoding 702 to obtain the encrypted l/Q data. The processing circuitry 708 is configured to decrypt 704 the encrypted l/Q data, using cryptographic key supplied by the QKD Rx module 206, to obtain l/Q data and the separate the In-phase, I, samples from the Quadrature, Q, samples. The processing circuitry is configured to perform digital to analog conversion, DAC, of the I and Q samples, followed by Radio equipment, RE, Modulation to prepare the radio signal for transmission from the radio antenna 716.
The above embodiments may enable implementation of a QKD enabled 5G network, in which Fronthaul functions are QKD enabled too. The fronthaul network has historically transported its data using a proprietary CPRI/eCPRI standard without any encryption, assuming that the risk of malicious hacking was very low. With the definition of an Open RAN architecture and, consequently, of a standard CPRI/eCPRI version, this assumption may not be true anymore and connection between the Baseband unit and the Radio Unit will need to be encrypted.
To leverage the full potential of QKD, the transmission apparatus 100, 150 described above may be located in the rack where BBU and associated fronthaul transceivers are located and in the receiving apparatus 200, 250 described above may be located in the rack where the RRU and associated fronthaul transceivers are located.
This arrangement, with the BBU and the RRU co-located with the fronthaul transceivers, is one of the most common arrangements in network deployment and, under such circumstances, it is safe to assume that the only connections that need to be protected are the ones starting from the BBU, spanning through the fronthaul transceivers and WDM optical link, and reaching the RRU. As a consequence, the transmission apparatus and the receiving apparatus of the above embodiments may be integrated in hardware inside the BBU and the RRU, or equally well provided as a standalone device in the same rack, with no particular security requirements other than the ones provided in the network operator’s facility where it is located.
An embodiment provides a method 800 of secure data transmission in a communications network. The method comprises steps as illustrated in Figure 10.
The method comprises steps of:
- performing 802 QKD to generate cryptographic keys;
- receiving 804 user plane data;
- encrypting 806 the user plane data using the cryptographic keys to form processed user plane data;
- preparing 808 the processed user plane data for transmission; and
- transmitting 810 optical signals carrying the processed user plane data prepared for transmission.
An embodiment provides a method 900 of secure data reception in a communications network. The method comprises steps as illustrated in Figure 11 .
The method comprises steps of:
- performing 902 QKD to generate cryptographic keys;
- receiving 904 optical signals carrying processed user plane data; - detecting 906 the optical signals to obtain the processed user plane data; and
- decrypting 908 the processed user plane data using the cryptographic keys to obtain user plane data.
An embodiment provides a method 1000 of secure data transmission in a communications network comprising transmission apparatus and receiving apparatus. The method comprises steps as illustrated in Figure 12.
The method comprises steps of:
- performing 1002 QKD between the transmission apparatus and the receiving apparatus to generate shared cryptographic keys;
- at the transmission apparatus:
- receiving 804 user plane data;
- encrypting 806 the user plane data using the shared cryptographic keys to form processed user plane data;
- preparing 808 the processed user plane data for transmission; and
- transmitting 810 optical signals carrying the processed user plane data prepared for transmission;
- at the receiving apparatus:
- receiving 904 optical signals carrying processed user plane data;
- detecting 906 the optical signals to obtain the processed user plane data; and
- decrypting 908 the processed user plane data using the shared cryptographic keys to obtain user plane data.
The described embodiments provide various advantages, as follows.
1 . All data are transported over QKD-protected links. Two parties, given access to an insecure quantum and classical channels, can securely establish a cryptographic key without making any assumptions about the capabilities of an eavesdropper who might be present.
2. QKD quantum and authentication channels can be multiplexed together with the CPRI/eCPRI traffic channels onto the same WDM fiber interconnecting BBU and RRU, two RRUs, two BBUs or two routers (i.e. no additional fibers or specific hardware is required).
3. QKD is implemented directly into the radio access network, RAN. The fronthaul is the best candidate for this, as it has all the required characteristics and architectural pervasiveness to maximize the gain in terms of costs, power consumption and reliability. It works on relatively short distances, requires traffic encryption, works over C/D-WDM optical transport (so allowing high density of logical channels on the same fiber) and doesn’t have many active components (e.g. optical amplifiers) over the physical link, which would jeopardize the quantum signal.
4. Pushing QKD to the RRU enables an easy extension of Quantum-Safe Crypto solutions beyond the edge of the network, thus laying the foundations of an end-to-end Quantum-based security covering the whole network, from UEs and loT devices to national backbones through FrontHaul, Access Aggregation and Metro-Regional Aggregation segments.

Claims

1 . Communications network transmission apparatus (100, 150) comprising: optical transceivers (102) for generating optical signals at one different channel wavelength each; an optical multiplexer (104) arranged to multiplex optical signals from the optical transceivers for transmission on a wavelength division multiplexing, WDM, optical link; a quantum key distribution, QKD, transmitter module (106) configured for performing cryptographic key generation; and processing circuitry (108, 308, 508) configured to perform operations including:
- receiving user plane data;
- encrypting the user plane data using cryptographic keys supplied from the QKD transmitter module to form processed user plane data;
- preparing the processed user plane data for transmission; and
- causing optical transceivers to transmit optical signals carrying the processed user plane data prepared for transmission.
2. Apparatus as claimed in claim 1 , wherein the user plane data is digital user plane data and wherein the operations further include converting the digital user plane data into In-Phase, I, and Quadrature, Q, analogue waveforms, and resampling and quantizing the I and Q waveforms to obtain equivalent l/Q data and wherein the encrypting comprises encrypting the l/Q data using the cryptographic keys supplied from the QKD transmitter module to form encrypted l/Q data forming the processed user plane data.
3. Apparatus as claimed in claim 1 , wherein the user plane data is digital user plane data and wherein the encrypting comprises encrypting the digital user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD transmitter module to form the processed user plane data
4. Apparatus as claimed in any one of claims 1 to 3, wherein the operations further include providing synchronization and control data, and multiplexing the processed user plane data with the synchronization and control data, and wherein preparing the processed user plane data for transmission comprises preparing the multiplexed data for transmission and the transmitted optical signals carry the multiplexed data prepared for transmission.
5. Apparatus as claimed in 3, wherein the multiplexing and preparing the multiplexed data for transmission comprises framing the processed user plane data with related synchronization and control data and line coding the framed data.
6. Apparatus as claimed in any one of claims 1 to 4, wherein preparing the processed user plane data for transmission is performed according to one of a common public radio interface, CPRI, protocol and an enhanced CPRI, eCPRI, protocol.
7. Apparatus as claimed in claim 1 or claim 2, wherein a first optical transceiver is allocated as a quantum channel for the QKD transmitter module for transmission of quantum signals and a second optical transceiver is allocated as a classical channel for the QKD transmitter module for synchronisation and key distillation, the first and second optical transceivers together enabling a QKD link for the QKD transmitter module.
8. Communications network receiving apparatus (200, 250) comprising: an optical multiplexer (204) arranged to demultiplex optical signals received from a WDM optical link; a plurality of optical transceivers (202) operable to receive the optical signals at channel wavelengths; a quantum key distribution, QKD, receiver module (206) configured for performing cryptographic key generation; and processing circuitry (208, 318, 708) configured to perform operations including:
- receiving processed user plane data from the optical transceivers; and
- decrypting the processed user plane data using cryptographic keys supplied from the QKD receiver module to obtain user plane data.
9. Apparatus as claimed in claim 8, wherein the processed user plane data is encrypted l/Q data and the decrypting comprises decrypting the encrypted l/Q data to obtain l/Q data.
10. Apparatus as claimed in claim 8, wherein the decrypting comprises decrypting the processed user plane data using an Ethernet MAC layer encryption method using the cryptographic keys supplied from the QKD receiver module to obtain user plane data.
11. Apparatus as claimed in any one of claims 8 to 10, wherein the receiving comprises receiving processed user plane data multiplexed with synchronization and control data and demultiplexing the processed user plane data from the synchronization and control data.
12. Apparatus as claimed in any one of claims 8 to 11 , wherein a first optical transceiver is allocated as a quantum channel for the QKD receiver module for receiving quantum signals and a second optical transceiver is allocated as a classical channel for the QKD receiver module for synchronisation and key distillation, the first and second optical transceivers together enabling a QKD link for the QKD receiver module.
13. Communications network fronthaul apparatus (300) comprising: communications network transmitter apparatus (150) according to any one of claims 1 , 2 and 4 to 7; and communications network receiver apparatus (250) according to any one of claims 8,
9, 11 and 12.
14. Communications network optical interconnect apparatus (400) comprising: communications network transmission apparatus (100) according to any one of claims 1 , 3 and 4 to 7; and communications network receiving apparatus (200) according to any one of claims 8,
10, 11 and 12.
15. A communications network node (500, 600, 700) comprising at least one of: communications network transmission apparatus (100) according to any one of claims 1 to 7; and communications network receiving apparatus (200, 250) according to any one of claims 8 to 12.
16. A method (800) of secure data transmission in a communications network, the method comprising steps of:
- performing (802) quantum key distribution, QKD, to generate cryptographic keys;
- receiving (804) user plane data;
- encrypting (806) the user plane data using the cryptographic keys to form processed user plane data;
- preparing (808) the processed user plane data for transmission; and
- transmitting (810) respective optical signals carrying the processed user plane data prepared for transmission.
17. A method (900) of secure data reception in a communications network, the method comprising steps of:
- performing (902) quantum key distribution, QKD, to generate cryptographic keys;
- receiving (904) optical signals carrying processed user plane data;
- detecting (906) the optical signals to obtain the processed user plane data; and - decrypting (908) the processed user plane data using the cryptographic keys to obtain user plane data.
18. A method (1000) of secure communication in a communications network comprising transmission apparatus and receiving apparatus, the method comprising steps of:
- performing (1002) quantum key distribution, QKD, between the transmission apparatus and the receiving apparatus to generate shared cryptographic keys;
- at the transmission apparatus:
- receiving (804) user plane data;
- encrypting (806) the user plane data using the shared cryptographic keys to form processed user plane data;
- preparing (808) the processed user plane data for transmission; and
- transmitting (810) respective optical signals carrying the processed user plane data prepared for transmission;
- at the receiving apparatus:
- receiving (904) optical signals carrying processed user plane data;
- detecting (906) the optical signals to obtain the processed user plane data; and
- decrypting (908) the processed user plane data using the shared cryptographic keys to obtain user plane data.
EP21737376.0A 2021-06-24 2021-06-24 Communications network transmission and receiving apparatus and method of secure data transmission Pending EP4360231A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/067394 WO2022268327A1 (en) 2021-06-24 2021-06-24 Communications network transmission and receiving apparatus and method of secure data transmission

Publications (1)

Publication Number Publication Date
EP4360231A1 true EP4360231A1 (en) 2024-05-01

Family

ID=76765126

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21737376.0A Pending EP4360231A1 (en) 2021-06-24 2021-06-24 Communications network transmission and receiving apparatus and method of secure data transmission

Country Status (2)

Country Link
EP (1) EP4360231A1 (en)
WO (1) WO2022268327A1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015048783A1 (en) * 2013-09-30 2015-04-02 Nordholt, Jane, E. Quantum-secured communications overlay for optical fiber communications networks

Also Published As

Publication number Publication date
WO2022268327A1 (en) 2022-12-29

Similar Documents

Publication Publication Date Title
US10757570B2 (en) Architecture for reconfigurable quantum key distribution networks based on entangled photons directed by a wavelength selective switch
US7450854B2 (en) High-speed wireless LAN system
Liu Enabling optical network technologies for 5G and beyond
EP3146686B1 (en) Signal aggregation for wireless fronthaul communication
EP3281311B1 (en) Method and apparatus for digital representations of analog signals and control words using different multi-level modulation formats
EP3528405B1 (en) Distributed antenna system with managed connectivity
EP2622783B1 (en) Quantum key distribution using card, base station and trusted authority
US6788666B1 (en) Hybrid fiber wireless communication system
US8837735B2 (en) Architecture for reconfigurable quantum key distribution networks based on entangled photons by wavelength division multiplexing
US9485023B2 (en) Communication system, main unit, radio access unit and communication method
CN109428665B (en) Wavelength division multiplexing transmission device, reception device, relay device, and transmission system
US7450719B2 (en) Gigabit Ethernet-based passive optical network and data encryption method
US11616645B1 (en) Encrypted data transmission in optical- and radio-access networks based on quantum key distribution
CN105847001A (en) Device, system and method for digital microwave communication based on quantum encryption
WO2019195989A1 (en) Zero-knowledge range proof with reversible commitment
EP4360231A1 (en) Communications network transmission and receiving apparatus and method of secure data transmission
CN108540286A (en) A kind of changeable polymorphic type quantum terminal network communication system and method for distributing key
Razavi et al. Architectural considerations in hybrid quantum-classical networks
CN219018826U (en) Encryption communication system based on quantum key distribution and communication integration
Liu et al. Trends in PON-fiber/wireless convergence and software-defined transmission and networking
US20240106637A1 (en) Qkd switching system and protocols
CN116743380B (en) OTN encryption communication method and system based on quantum key distribution
KR100699985B1 (en) Gigabit data transmission system for digital data of intermediate frequency band with unshielded twisted pair cable
CN117675176A (en) Encryption communication method based on quantum key distribution and communication integration
Zeng et al. DSP for high-speed fiber-wireless convergence

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20240119

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR