A quantum key distribution system

By combining the access authentication, key generation, and encrypted transmission modules of the quantum key distribution system with the anomaly analysis of the situational awareness module, the problems of insecurity and resource waste in quantum key distribution in the Internet of Things have been solved, thereby improving both security and efficiency.

CN116346319BActive Publication Date: 2026-06-05HENGTONG QASKY QUANTUM INFORMATION RES INST CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HENGTONG QASKY QUANTUM INFORMATION RES INST CO LTD
Filing Date
2023-02-06
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In IoT scenarios, quantum key distribution suffers from insecurity and resource waste.

Method used

A quantum key distribution system is provided, including an access authentication module, a key generation module, an encrypted transmission module, and a situational awareness module. The system performs identity authentication by generating security certificates, allocates the number of quantum keys and the distribution rate according to the business importance of IoT devices, and uses encryption algorithms and artificial intelligence anomaly analysis to improve transmission security.

Benefits of technology

It enables secure transmission and rational distribution of quantum keys in traditional networks, enhances the system's self-immunity, and reduces latency and resource waste.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116346319B_ABST
    Figure CN116346319B_ABST
Patent Text Reader

Abstract

The present application relates to the technical field of quantum key distribution, in particular to a quantum key distribution system. The present application generates a security certificate for different Internet of Things devices by using quantum keys on the server, and when the Internet of Things devices need to apply for keys, access authentication is completed through the security certificate, the quantum key for generating the security certificate is used to encrypt the quantum key to be distributed, and the transmission security of the quantum key in the traditional network is further improved; the Internet of Things devices are given weights according to the importance of the business, the required number of quantum keys is calculated, each device applies for the corresponding number of quantum keys, and the quantum keys are stored in the corresponding key pool, so that the reasonable allocation of quantum keys is realized, the keys are directly obtained from the key pool during use, the time delay problem caused by re-application during use is solved, different key distribution rates are set for each Internet of Things device, and the application of the next device does not need to be performed after the application of one device is completed.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of quantum key distribution technology, and in particular to a quantum key distribution system. Background Technology

[0002] Quantum key distribution (QKD) utilizes the properties of quantum mechanics to ensure communication security. It enables two communicating parties to generate and share a random, secure key to encrypt and decrypt messages. One of the most important and unique properties of QKD is that if a third party attempts to eavesdrop on the password, the communicating parties will detect it. This property is based on the fundamental principle of quantum mechanics: any measurement of a quantum system will interfere with the system. A third party attempting to eavesdrop must measure the password in some way, and these measurements will introduce detectable anomalies. By transmitting information through quantum superposition or quantum entanglement states, the communication system can detect eavesdropping. When the eavesdropping level is below a certain threshold, a secure key can be generated.

[0003] Current encryption methods use ordinary keys and encryption algorithms of varying complexity to ensure data security. However, the advent of supercomputers allows for brute-force decryption, rendering even complex encryption algorithms ineffective. With the development of quantum mechanics and the emergence of quantum keys, truly random and absolutely secure quantum keys can further guarantee data security. Data encryption can be achieved using quantum keys and appropriate encryption algorithms selected based on the application scenario. To ensure secure access to quantum keys, the BB84 protocol guarantees absolutely secure quantum key distribution, ensuring that both parties receive a random and secure quantum key. The latest fiber-optic quantum key distribution distance has reached 833 kilometers.

[0004] To further realize the application of quantum keys and quantum encryption, traditional fiber-optic-based quantum key distribution is greatly limited in practical applications. Quantum keys are more conducive to their use in traditional network environments, such as TCP / IP networks. However, quantum keys are more susceptible to eavesdropping and cracking in traditional networks, and the security of quantum keys during transmission in traditional networks cannot be guaranteed. Furthermore, for a massive number of connected IoT devices, the number of keys required varies in different IoT business scenarios. If not allocated reasonably, it will lead to a waste of resources. Summary of the Invention

[0005] Therefore, the technical problem to be solved by the present invention is to overcome the problems of insecurity and resource waste in quantum key distribution in the Internet of Things scenario in the existing technology.

[0006] To address the aforementioned technical problems, this invention provides a quantum key distribution system, comprising:

[0007] The access authentication module is used to determine whether the i-th IoT device has a built-in security certificate generated using quantum key that has been registered on the server when the i-th IoT device first applies for a key. If the security certificate exists, the first access authentication is completed and the device can apply to the server to generate a quantum key.

[0008] The key generation module is used by the server to generate the required number of quantum keys for the i-th IoT device, one by one, according to the key distribution rate corresponding to the i-th IoT device. The calculation process for the required number of quantum keys for the i-th IoT device is as follows:

[0009] Each IoT device is assigned a weight based on its business importance. The number of quantum keys required for the i-th IoT device is calculated by dividing the product of the i-th IoT device's business weight and the server's key pool capacity by the sum of the business weights of all IoT devices.

[0010] The calculation process for the key distribution rate corresponding to the i-th IoT device is as follows:

[0011] The key distribution rate corresponding to the i-th IoT device is obtained by the ratio of the product of the business weight of the i-th IoT device, the size of the server key pool, and the server key update frequency to the sum of the business weights of all IoT devices.

[0012] The encrypted transmission module is used to encrypt the quantum key generated by the server using the quantum key used to generate the security certificate and send it to the i-th IoT device through a traditional network, and store it in the corresponding key pool after decryption.

[0013] Preferably, the key pool has a key validity period, and the key stored therein becomes invalid after the preset key validity period has expired.

[0014] Preferably, when the number of keys in the key pool is less than the number of quantum keys required by the IoT device, a new request for key replenishment is made to the server.

[0015] Preferably, the security certificate has an expiration date, and an expired security certificate cannot pass access authentication.

[0016] Preferably, after the IoT device completes its initial access authentication:

[0017] The quantum key generated by the server is intercepted and used as an authentication key, which is then stored in the IoT device. The starting position of the interception is recorded on the server. Later, when the IoT device requests a key again, the intercepted quantum key is compared with the quantum key previously generated by the server. If they match, the access authentication is completed, and the device can request the server to generate a new quantum key. Similarly, the newly generated quantum key is intercepted and used as the authentication key for the next authentication.

[0018] Preferably, the step of encrypting the quantum key generated by the server using the quantum key used to generate the security certificate and sending it to the i-th IoT device via a traditional network, and then storing it in the corresponding key pool after decryption, includes:

[0019] The quantum key to be distributed is encrypted using an encryption algorithm via the quantum key used by the server to generate security certificates for IoT devices;

[0020] The encrypted quantum key is transmitted to the IoT device through a traditional network, and the IoT device decrypts the quantum key using a built-in security certificate. The encrypted quantum key distributed by the server is then decrypted, and the decrypted quantum key is stored in the key pool of the IoT device.

[0021] Preferably, the encryption algorithm is the SM4 algorithm or the AES algorithm.

[0022] Preferably, the quantum key distribution system further includes:

[0023] The situational awareness module is used to perform anomaly analysis on the daily behavior of IoT devices using artificial intelligence methods, based on the key distribution logs established by the server for IoT devices.

[0024] Preferably, the step of using artificial intelligence methods to perform anomaly analysis on the daily behavior of IoT devices based on the key distribution logs established by the server for IoT devices includes:

[0025] Based on the key distribution log established by the server for IoT devices, an IoT device behavior log table is created, including the amount of keys requested by IoT devices, the request time, the number of requests, and whether the IoT devices have completed access authentication.

[0026] The IoT device behavior log table is compared and analyzed with the standard behavior table using artificial intelligence methods. If any behavior does not conform to the standard, it indicates that an anomaly has occurred.

[0027] Preferably, if an anomaly occurs, the system administrator is notified and key transmission is interrupted.

[0028] The technical solution of the present invention has the following advantages over the prior art:

[0029] Traditional fiber-optic quantum key distribution is subject to numerous limitations and has finite distances. Transmitting quantum keys through traditional networks can increase the practicality of quantum key use and accelerate the development of quantum encryption services. This invention uses a server to generate a security certificate for different IoT devices using quantum keys. When an IoT device needs to request a key, it completes access authentication (identity verification) using this security certificate. Subsequently, the quantum key to be distributed is encrypted using the quantum key used to generate the security certificate, further improving the transmission security of quantum keys in traditional networks. Due to the existence of access authentication and transmission encryption, eavesdroppers cannot obtain the quantum key, giving the system a self-immune characteristic, thus possessing inherent security. Furthermore, by assigning weights to connected IoT devices based on their business importance, the required number of quantum keys for each device is calculated. Each device requests a corresponding number of quantum keys, which are stored in a corresponding key pool, achieving reasonable allocation of quantum keys. When needed, keys are directly obtained from the key pool, solving the latency problem caused by requesting keys only when needed. Moreover, different key distribution rates are set for each IoT device, eliminating the need for one device to complete its request before the next device can apply. Attached Figure Description

[0030] To make the content of this invention easier to understand, the invention will be further described in detail below with reference to specific embodiments and accompanying drawings, wherein:

[0031] Figure 1 This is a structural diagram of a quantum key distribution system according to the present invention;

[0032] Figure 2 This is a structural diagram of a quantum key distribution system provided in one embodiment of the present invention;

[0033] Figure 3 This is a schematic diagram illustrating the working principle of quantum key distribution according to the present invention. Detailed Implementation

[0034] The core of this invention is to provide a quantum key distribution system that improves the security of quantum key transmission in traditional networks and enables the rational allocation of key resources.

[0035] To enable those skilled in the art to better understand the present invention, the invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. Obviously, the described embodiments are merely some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0036] Please refer to Figure 1 , Figure 1 The structural diagram of a quantum key distribution system provided by the present invention is as follows:

[0037] The access authentication module is used to determine whether the i-th IoT device has a built-in security certificate generated using quantum keys that has been registered on the server when the i-th IoT device first requests a key. If the security certificate exists, the first access authentication is completed and the device can request the server to generate a quantum key. The security certificate has an expiration time, and an expired security certificate cannot pass the access authentication.

[0038] After the IoT device completes its initial access authentication:

[0039] The quantum key generated by the server is intercepted and used as an authentication key, which is then stored in the IoT device. The starting position of the interception is recorded on the server. Later, when the IoT device requests a key again, the intercepted quantum key is compared with the quantum key previously generated by the server. If they match, the access authentication is completed, and the device can request the server to generate a new quantum key. Similarly, the newly generated quantum key is intercepted and used as the authentication key for the next authentication.

[0040] The key generation module is used by the server to generate the required number of quantum keys for the i-th IoT device, one by one, according to the key distribution rate corresponding to the i-th IoT device. The calculation process for the required number of quantum keys for the i-th IoT device is as follows:

[0041] Each IoT device is assigned a weight based on its business importance. The number of quantum keys required for the i-th IoT device is calculated by dividing the product of the i-th IoT device's business weight and the server's key pool capacity by the sum of the business weights of all IoT devices.

[0042] The calculation process for the key distribution rate corresponding to the i-th IoT device is as follows:

[0043] The key distribution rate corresponding to the i-th IoT device is obtained by the ratio of the product of the business weight of the i-th IoT device, the size of the server key pool, and the server key update frequency to the sum of the business weights of all IoT devices.

[0044] An encrypted transmission module is used to encrypt the quantum key generated by the server using the quantum key used to generate the security certificate and send it to the i-th IoT device through a traditional network, and store it in the corresponding key pool after decryption:

[0045] The quantum key to be distributed is encrypted using a quantum key used by the server to generate security certificates for IoT devices, with an encryption algorithm (SM4 or AES).

[0046] The encrypted quantum key is transmitted to the IoT device through a traditional network, and the IoT device decrypts the quantum key using a built-in security certificate. The encrypted quantum key distributed by the server is then decrypted, and the decrypted quantum key is stored in the key pool of the IoT device.

[0047] The key pool has a key validity period. When the key stored in it exceeds the preset key validity period, it becomes invalid. When the number of keys in the key pool is less than the number of quantum keys required by the IoT device, it requests key replenishment from the server again.

[0048] Traditional fiber-optic quantum key distribution is subject to numerous limitations and has finite distances. Transmitting quantum keys through traditional networks can increase the practicality of quantum key use and accelerate the development of quantum encryption services. This invention uses a server to generate a security certificate for different IoT devices using quantum keys. When an IoT device needs to request a key, it completes access authentication (identity verification) using this security certificate. Subsequently, the quantum key to be distributed is encrypted using the quantum key used to generate the security certificate, further improving the transmission security of quantum keys in traditional networks. Due to the existence of access authentication and transmission encryption, eavesdroppers cannot obtain the quantum key, giving the system a self-immune characteristic, thus possessing inherent security. Furthermore, by assigning weights to connected IoT devices based on their business importance, the required number of quantum keys for each device is calculated. Each device requests a corresponding number of quantum keys, which are stored in a corresponding key pool, achieving reasonable allocation of quantum keys. When needed, keys are directly obtained from the key pool, solving the latency problem caused by requesting keys only when needed. Moreover, different key distribution rates are set for each IoT device, eliminating the need for one device to complete its request before the next device can apply.

[0049] Based on the above embodiments, this embodiment provides a detailed description of the key distribution rate corresponding to the i-th IoT device and the number of quantum keys required by the i-th IoT device:

[0050] Based on the usage scenarios of IoT devices, a data importance table for IoT scenarios is established, as shown in Table 1:

[0051] Table 1. Importance of Data in IoT Scenarios

[0052] Business type Business Types Data Importance Control-related business Sensor control 10.00 Machine control 8.00 Data reading Sensor data 6.00 Machine parameters 4.00 ... ... ...

[0053] The importance of IoT services is used as the independent variable, varying according to the type of service and the actual business scenario. The dependent variable is the number of keys acquired for the IoT service, resulting in the following calculation method:

[0054]

[0055] In the formula Q i Let n be the number of quantum keys required for a specific IoT service, i.e., the size of the key pool for each service, where n represents the importance of each service. Q s Given the size of the server-side key pool, this formula calculates the amount of keys required for a particular service based on the importance of each service. The importance of IoT services can be dynamically adjusted according to the actual situation.

[0056] The average rate is also dynamically adjusted according to the change in business importance, based on which the key distribution rate for each specific business can be obtained as follows:

[0057]

[0058] In the formula The average rate at which quantum keys are distributed to the server. Q s The size of the server-side key pool. ns The overall importance of all business operations, I This represents the key update frequency on the server side. Based on this formula, the key distribution rate for each specific service can be calculated.

[0059] Based on the above two formulas, the server can adjust the distribution of keys for specific IoT services and the specific value of the key distribution rate according to the actual use scenario of IoT. Users can dynamically adjust the service importance table to make the key distribution more in line with the working scenario of IoT, reduce the waste of key quantity caused by uneven key distribution, reduce key distribution latency, and reduce the total latency of IoT data transmission.

[0060] like Figure 2 As shown, based on the above embodiments, this embodiment further illustrates the quantum key distribution system:

[0061] The quantum key distribution system also includes a situational awareness module, which uses artificial intelligence methods to perform anomaly analysis on the daily behavior of IoT devices based on the key distribution logs established by the server for IoT devices.

[0062] Based on the key distribution log established by the server for IoT devices, an IoT device behavior log table is created, including the amount of keys requested by IoT devices, the request time, the number of requests, and whether the IoT devices have completed access authentication.

[0063] The IoT device behavior log table is compared and analyzed with the standard behavior table using artificial intelligence methods. If any behavior does not conform to the standard, it indicates an anomaly, reports to the system administrator, and interrupts key transmission.

[0064] like Figure 3 As shown, the system of this invention, based on access authentication and transmission encryption modules, ensures the security of quantum keys during traditional network distribution and confirms the identity of IoT devices. The quantum key is encrypted during transmission, preventing unidentified IoT devices from accessing the system. Every step of the key distribution process is secure and reliable. With such security measures, even if the system is compromised and the quantum key transmitted in the traditional network is intercepted, the plaintext of the quantum key cannot be deciphered, nor can the quantum key be obtained by impersonating an IoT device. The system itself is immune to external intrusions and will not allow the quantum key to be stolen due to external attacks. Although the system itself has self-immunity, situational awareness methods are used to detect intruders in a timely manner. The server establishes a corresponding key distribution log for each IoT device, recording the daily behavior of each IoT device. Artificial intelligence methods are used to analyze the generated behavior logs, including real-time analysis of the key request amount, request time, request frequency, and whether the IoT device is authorized. Abnormal requests are promptly reported to the system administrator, and key transmission is interrupted. Through these methods, the system can detect abnormal states of IoT devices and impersonated IoT devices, further ensuring security.

[0065] Obviously, the above embodiments are merely illustrative examples for clear explanation and are not intended to limit the implementation. Those skilled in the art will recognize that other variations or modifications can be made based on the above description. It is neither necessary nor possible to exhaustively list all possible implementations here. However, obvious variations or modifications derived therefrom are still within the scope of protection of this invention.

Claims

1. A quantum key distribution system, characterized in that, include: The access authentication module is used to determine whether the i-th IoT device has a built-in security certificate generated using quantum key that has been registered on the server when the i-th IoT device first applies for a key. If the security certificate exists, the first access authentication is completed and the device can apply to the server to generate a quantum key. The key generation module is used by the server to generate the required number of quantum keys for the i-th IoT device, one by one, according to the key distribution rate corresponding to the i-th IoT device. The calculation process for the required number of quantum keys for the i-th IoT device is as follows: Each IoT device is assigned a weight based on its business importance. The number of quantum keys required for the i-th IoT device is calculated by dividing the product of the i-th IoT device's business weight and the server's key pool capacity by the sum of the business weights of all IoT devices. The calculation process for the key distribution rate corresponding to the i-th IoT device is as follows: The key distribution rate corresponding to the i-th IoT device is obtained by the ratio of the product of the business weight of the i-th IoT device, the size of the server key pool, and the server key update frequency to the sum of the business weights of all IoT devices. The encrypted transmission module is used to encrypt the quantum key generated by the server using the quantum key used to generate the security certificate and send it to the i-th IoT device through a traditional network, and store it in the corresponding key pool after decryption.

2. The quantum key distribution system according to claim 1, characterized in that, The key pool has a key validity period. When a key stored in the pool exceeds the preset key validity period, it becomes invalid.

3. The quantum key distribution system according to claim 1, characterized in that, When the number of keys in the key pool is less than the number of quantum keys required by the IoT device, the key replenishment request is made to the server again.

4. The quantum key distribution system according to claim 1, characterized in that, The security certificate has an expiration date; expired security certificates cannot be authenticated upon access.

5. The quantum key distribution system according to claim 1, characterized in that, After the IoT device completes its initial access authentication: The quantum key generated by the server is intercepted and used as an authentication key, which is then stored in the IoT device. The starting position of the interception is recorded on the server. Later, when the IoT device requests a key again, the intercepted quantum key is compared with the quantum key previously generated by the server. If they match, the access authentication is completed, and the device can request the server to generate a new quantum key. Similarly, the newly generated quantum key is intercepted and used as the authentication key for the next authentication.

6. The quantum key distribution system according to claim 1, characterized in that, The step of encrypting the quantum key generated by the server using the quantum key used to generate the security certificate and sending it to the i-th IoT device through a traditional network, and then storing it in the corresponding key pool after decryption includes: The quantum key to be distributed is encrypted using an encryption algorithm via the quantum key used by the server to generate security certificates for IoT devices; The encrypted quantum key is transmitted to the IoT device through a traditional network. The IoT device then decrypts the quantum key using its built-in security certificate, decrypts the encrypted quantum key distributed by the server, and stores the decrypted quantum key in the key pool of the IoT device.

7. The quantum key distribution system according to claim 6, characterized in that, The encryption algorithm is either SM4 or AES.

8. The quantum key distribution system according to claim 1, characterized in that, Also includes: The situational awareness module is used to perform anomaly analysis on the daily behavior of IoT devices using artificial intelligence methods, based on the key distribution logs established by the server for IoT devices.

9. The quantum key distribution system according to claim 8, characterized in that, The step of using artificial intelligence methods to perform anomaly analysis on the daily behavior of IoT devices based on the key distribution logs established by the server for IoT devices includes: Based on the key distribution log established by the server for IoT devices, an IoT device behavior log table is created, including the amount of keys requested by IoT devices, the request time, the number of requests, and whether the IoT devices have completed access authentication. The IoT device behavior log table is compared and analyzed with the standard behavior table using artificial intelligence methods. If any behavior does not conform to the standard, it indicates that an anomaly has occurred.

10. The quantum key distribution system according to claim 9, characterized in that, If an anomaly occurs, report it to the system administrator and interrupt key transmission.