Device and method for performing quantum secure-based internet key exchange protocol in quantum communication system

Abstract

According to various embodiments of the present disclosure, a method performed by a first node may comprise the steps of: transmitting, to a second node, an IKE_SA_INIT request including a quantum-secure transform type and a transform identifier (ID) of a quantum key distribution (QKD); receiving, from the second node, an IKE_SA_INIT response including the quantum-secure transform type and the transform ID of the QKD; transmitting, to the second node through a quantum channel, a quantum key exchange (QKE) message including a quantum key (QK) length (QK length), a quantum key (QK) basis, and a quantum seed; and receiving, from the second node through a classical channel, a quantum bit error rate (QBER) message including a QBER associated with an initial quantum key based on the QKE message.

Description

Device and method for performing a quantum security-based internet key exchange protocol in a quantum communication system

[0001] The present disclosure relates to an apparatus and method for a quantum communication system. Specifically, the present disclosure may provide an apparatus and method for performing a quantum security-based internet key exchange protocol in a quantum communication system.

[0002]

[0003] A secure connection can be established through the Internet Key Exchange (IKE) procedure for IPSec connection setup in Network Layer Security. The Symmetric Key exchanged between peers through the IKE procedure is subsequently used as the encryption key for encrypted communication. At this time, the Diffie-Hellman key exchange procedure is used to exchange the Symmetric Key, and the Diffie-Hellman method is based on the Discrete Logarithm Problem (DLP). While the result of the computation using this Discrete Logarithm Problem is obtained relatively easily, the information used in the computation is a mathematical concept that is difficult to obtain. Therefore, when constructing a Symmetric Key, the goal is to ensure that two peers share the same key through the exchange of limited information, while preventing the inference of the Symmetric Key shared by the two peers based on that limited information.

[0004] However, due to advancements in Quantum Computers and Quantum Algorithms, systems using the aforementioned DLP may be threatened in terms of security. It is theoretically known that encryption methods based on RSA (RIVEST-SHAMIR-ADLEMAN), ECC (Elliptic Curve Cryptography), or DH (Diffie-Hellman), which are generally utilized in DLP-based security systems, can be deciphered within a valid time through the parallel operation of the Shor Algorithm. In the case of RSA 2048-bit integers, it is possible to factor them within 8 hours using 20 million noisy qubits ["How to factor 2048-bit RSA integers in 8 hours using 20 million noisy qubits" Quantum 5,433 (2021)], and a study analyzing that factoring is possible within 177 days using only 13,436 qubits based on multi-parallel quantum memory ["Factoring 2048-bit RSA Integers in 177 Days with 13,436 Qubits and a Multimode Memory" PRL, (2021)] has been published. The collapse of DLP-based encryption systems by such Quantum Algorithms poses a serious threat to security communication systems based on DLP.

[0005] To prevent such security threats, a method is required to address the threats posed by Quantum Algorithms. Although Post-Quantum Cryptography (PQC) technology has recently emerged, all systems based on computational complexity inevitably face the risk of being threatened by the appearance of new Quantum Algorithms. Furthermore, transitioning to a new security system can entail a significant technical burden to apply the new security technology across all devices. Similarly, as PQC is a security method based on computational complexity, it cannot achieve physical security. Therefore, even if real-time leakage does not occur, an attacker can subsequently perform a Plaintext Attack through a Harvest-Now-Decrypt-Later (HNDL) Attack.

[0006] The present disclosure proposes a Quantum Security-based Internet Key Exchange (IKE) procedure that achieves physical security by configuring a Quantum Key Distribution based on the No-cloning Theorem.

[0007]

[0008] To solve the aforementioned problems, the present disclosure provides an apparatus and method for performing a quantum security-based internet key exchange protocol in a quantum communication system.

[0009] The technical problems to be solved in this disclosure are not limited to those mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art to which this disclosure belongs from the description below.

[0010]

[0011] According to various embodiments of the present disclosure, a method performed by a first node comprises: transmitting an IKE_SA_INIT request to a second node comprising a transform type of quantum security and a transform identifier (transform ID) of quantum key distribution (QKD); receiving an IKE_SA_INIT response from the second node comprising the transform type of quantum security and the transform ID of the QKD; and transmitting a quantum key exchange (QKE) message to the second node via a quantum channel comprising a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed. A method is provided comprising the step of receiving a QBER message containing a quantum bit error rate (QBER) associated with an initial quantum key based on the QKE message from the second node through a classical channel.

[0012] According to various embodiments of the present disclosure, a method performed by a second node comprises: receiving an IKE_SA_INIT request from a first node comprising a transform type of quantum security and a transform identifier (transform ID) of quantum key distribution (QKD); transmitting an IKE_SA_INIT response to the first node comprising the transform type of quantum security and the transform ID of the QKD; and receiving a quantum key exchange (QKE) message from the first node via a quantum channel comprising a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed. A method is provided comprising the step of transmitting a QBER message containing a quantum bit error rate (QBER) associated with an initial quantum key based on the QKE message to the first node through a classical channel.

[0013] According to various embodiments of the present disclosure, a first node is provided, comprising: a transceiver; at least one processor; and at least one memory operably connected to the at least one processor and storing instructions for performing operations when executed by the at least one processor, wherein the operations include all steps of a method of operating the first node according to various embodiments of the present disclosure.

[0014] According to various embodiments of the present disclosure, a second node is provided, comprising: a transceiver; at least one processor; and at least one memory operably connected to the at least one processor and storing instructions for performing operations when executed by the at least one processor, wherein the operations include all steps of a method of operating the second node according to various embodiments of the present disclosure.

[0015] According to various embodiments of the present disclosure, a control device for controlling a first node comprises: at least one processor; and at least one memory operably connected to the at least one processor, wherein the at least one memory stores instructions for performing operations based on execution by the at least one processor, and the operations include all steps of a method of operating the first node according to various embodiments of the present disclosure.

[0016] According to various embodiments of the present disclosure, a control device for controlling a second node comprises: at least one processor; and at least one memory operably connected to the at least one processor, wherein the at least one memory stores instructions for performing operations based on execution by the at least one processor, and the operations include all steps of a method of operating the second node according to various embodiments of the present disclosure.

[0017] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media storing one or more instructions, wherein the one or more instructions perform operations based on execution by one or more processors, and said operations include all steps of a method of operation of a first node according to various embodiments of the present disclosure.

[0018] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media storing one or more instructions, wherein the one or more instructions perform operations based on execution by one or more processors, and said operations include all steps of a method of operation of a second node according to various embodiments of the present disclosure.

[0019]

[0020] To solve the aforementioned problems, the present disclosure may provide an apparatus and method for performing a quantum security-based internet key exchange protocol in a quantum communication system.

[0021]

[0022] The drawings attached below are intended to aid in understanding the present disclosure and may provide embodiments of the present disclosure together with the detailed description. However, the technical features of the present disclosure are not limited to specific drawings, and the features disclosed in each drawing may be combined with one another to form new embodiments. Reference numerals in each drawing may denote structural elements.

[0023] Figure 1 is a diagram illustrating physical channels used in 3GPP systems and an example of typical signal transmission.

[0024] Figure 2 is a diagram illustrating the system structure of a New Generation Radio Access Network (NG-RAN).

[0025] Figure 3 is a diagram illustrating the functional division between NG-RAN and 5GC.

[0026] Figure 4 is a diagram illustrating an example of a 5G usage scenario.

[0027] Figure 5 is a diagram illustrating an example of a communication structure that can be provided in a 6G system.

[0028] Figure 6 is a schematic diagram illustrating an example of a perceptron structure.

[0029] Figure 7 is a schematic diagram illustrating an example of a multilayer perceptron structure.

[0030] Figure 8 is a schematic diagram illustrating an example of a deep neural network.

[0031] Figure 9 is a schematic diagram illustrating an example of a convolutional neural network.

[0032] Figure 10 is a schematic diagram illustrating an example of a filter operation in a convolutional neural network.

[0033] Figure 11 is a schematic diagram illustrating an example of a neural network structure in which a recurrent loop exists.

[0034] Figure 12 is a schematic diagram illustrating an example of the operational structure of a recurrent neural network.

[0035] Figure 13 is a diagram illustrating an example of an electromagnetic spectrum.

[0036] Figure 14 is a diagram illustrating an example of a THz communication application.

[0037] FIG. 15 is a diagram illustrating an example of an electronic device-based THz wireless communication transceiver.

[0038] FIG. 16 is a diagram illustrating an example of a method for generating a THz signal based on an optical element.

[0039] FIG. 17 is a diagram illustrating an example of a THz wireless communication transceiver based on an optical element.

[0040] Figure 18 is a diagram illustrating the structure of a photon source-based transmitter.

[0041] Figure 19 is a diagram illustrating the structure of an optical modulator.

[0042] Figure 20 is a diagram illustrating an example of a general scenario of quantum communication.

[0043] FIG. 21 is a diagram illustrating an example of quantum communication for classical bits and quantum communication for quantum bits in a system applicable to the present disclosure.

[0044] FIG. 22 is a diagram illustrating an example of three basic properties of quantum information that can be used for information communication in a system applicable to the present disclosure.

[0045] FIG. 23 is a diagram illustrating an example of the DL04 QSDC protocol in a system applicable to the present disclosure.

[0046] FIG. 24 is a diagram illustrating an example of a two-step QSDC protocol in a system applicable to the present disclosure.

[0047] FIG. 25 is a diagram illustrating an example of an IKEv2 (Internet Key Exchange Version 2) procedure in a system applicable to the present disclosure.

[0048] FIG. 26 is a diagram illustrating an example of the structure of an Internet Key Exchange (IKE) header in a system applicable to the present disclosure.

[0049] FIG. 27 is a drawing illustrating an example of an IKE Notify Message in a system applicable to the present disclosure.

[0050] FIG. 28 is a diagram illustrating an example of a signal flow diagram of a 1-way QKD-based IKE system in a system applicable to the present disclosure.

[0051] FIG. 29 is a drawing illustrating an example of the structure of an IKE header in a system applicable to the present disclosure.

[0052] FIG. 30 is a drawing illustrating an example of the structure of an SA payload in a system applicable to the present disclosure.

[0053] FIG. 31 is a drawing illustrating an example of a proposed structure for a generic payload header structure in a SA payload in a system applicable to the present disclosure.

[0054] FIG. 32 is a drawing illustrating an example of a transform structure in a system applicable to the present disclosure.

[0055] FIG. 33 is a diagram illustrating an example of a Transform ID defined for Transform Type 13 (Quantum Security) in a system applicable to the present disclosure.

[0056] FIG. 34 is a drawing illustrating an example of a Transform Attributes Structure in a system applicable to the present disclosure.

[0057] FIG. 35 is a drawing illustrating an example of the structure of a KE payload in a system applicable to the present disclosure.

[0058] FIG. 36 is a drawing illustrating an example of the structure of a Nonce Payload in a system applicable to the present disclosure.

[0059] FIG. 37 is a drawing illustrating an example of the structure of a QKE header in a system applicable to the present disclosure.

[0060] FIG. 38 is a drawing illustrating an example of the structure of a QKE payload in a system applicable to the present disclosure.

[0061] FIG. 39 is a drawing illustrating an example of the structure of a QBER payload in a system applicable to the present disclosure.

[0062] FIG. 40 is a drawing illustrating an example of a QBER structure in a system applicable to the present disclosure.

[0063] FIG. 41 is a drawing illustrating an example of the structure of a Notify Payload in a system applicable to the present disclosure.

[0064] FIG. 42 is a drawing illustrating an example of Notify Message Status Types in a system applicable to the present disclosure.

[0065] FIG. 43 is a drawing illustrating an example of the structure of a QKR payload in a system applicable to the present disclosure.

[0066] FIG. 44 is a diagram illustrating an example of a procedure based on Classical IKE_SA_INT Messages and QKE Messages among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0067] FIG. 45 is a diagram illustrating an example of a QBER message-based procedure among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0068] FIG. 46 is a diagram illustrating an example of a QKR message-based procedure among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0069] FIG. 47 is a diagram illustrating an example of a 2-way QKD-based IKE Protocol in a system applicable to the present disclosure.

[0070] FIG. 48 is a diagram illustrating an example of the operation process of a first node in a system applicable to the present disclosure.

[0071] FIG. 49 is a diagram illustrating an example of the operation process of a second node in a system applicable to the present disclosure.

[0072] FIG. 50 illustrates a communication system (1) applicable to various embodiments of the present disclosure.

[0073] FIG. 51 illustrates a wireless device that can be applied to various embodiments of the present disclosure.

[0074] FIG. 52 illustrates another example of a wireless device that can be applied to various embodiments of the present disclosure.

[0075] FIG. 53 illustrates a signal processing circuit for a transmission signal.

[0076] FIG. 54 shows another example of a wireless device applicable to various embodiments of the present disclosure.

[0077] FIG. 55 illustrates a portable device applicable to various embodiments of the present disclosure.

[0078] FIG. 56 illustrates a vehicle or autonomous vehicle applicable to various embodiments of the present disclosure.

[0079] FIG. 57 illustrates a vehicle applicable to various embodiments of the present disclosure.

[0080] FIG. 58 illustrates an XR device applied to various embodiments of the present disclosure.

[0081] FIG. 59 illustrates a robot applicable to various embodiments of the present disclosure.

[0082] FIG. 60 illustrates an AI device applicable to various embodiments of the present disclosure.

[0083]

[0084] In various embodiments of the present disclosure, "A or B" may mean "only A," "only B," or "both A and B." Alternatively, in various embodiments of the present disclosure, "A or B" may be interpreted as "A and / or B." For example, in various embodiments of the present disclosure, "A, B or C" may mean "only A," "only B," "only C," or "any combination of A, B and C."

[0085] In various embodiments of the present disclosure, a slash ( / ) or a comma used may mean "and / or." For example, "A / B" may mean "A and / or B." Accordingly, "A / B" may mean "only A," "only B," or "both A and B." For example, "A, B, C" may mean "A, B or C."

[0086] In various embodiments of the present disclosure, "at least one of A and B" may mean "only A," "only B," or "both A and B." Additionally, in various embodiments of the present disclosure, the expressions "at least one of A or B" or "at least one of A and / or B" may be interpreted as synonymous with "at least one of A and B."

[0087] Additionally, in various embodiments of the present disclosure, “at least one of A, B and C” may mean “only A,” “only B,” “only C,” or “any combination of A, B and C.” Also, “at least one of A, B or C” or “at least one of A, B and / or C” may mean “at least one of A, B and C.”

[0088] Additionally, parentheses used in various embodiments of the present disclosure may mean "for example." Specifically, when indicated as "control information (PDCCH)," "PDCCH" may be proposed as an example of "control information." In other words, the "control information" of various embodiments of the present disclosure is not limited to "PDCCH," and "PDDCH" may be proposed as an example of "control information." Furthermore, even when indicated as "control information (i.e., PDCCH)," "PDCCH" may be proposed as an example of "control information."

[0089] Technical features described individually within one drawing in various embodiments of the present disclosure may be implemented individually or simultaneously.

[0090]

[0091] The following technologies can be used in various wireless access systems such as CDMA, FDMA, TDMA, OFDMA, and SC-FDMA. CDMA can be implemented using wireless technologies such as UTRA (Universal Terrestrial Radio Access) or CDMA2000. TDMA can be implemented using wireless technologies such as GSM (Global System for Mobile Communications), GPRS (General Packet Radio Service), and EDGE (Enhanced Data Rates for GSM Evolution). OFDMA can be implemented using wireless technologies such as IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802-20, and E-UTRA (Evolved UTRA). UTRA is part of the UMTS (Universal Mobile Telecommunications System). 3GPP (3rd Generation Partnership Project) LTE (Long Term Evolution) is part of E-UMTS (Evolved UMTS) using E-UTRA, and LTE-A (Advanced) / LTE-A pro is an evolved version of 3GPP LTE. 3GPP NR (New Radio or New Radio Access Technology) is an evolved version of 3GPP LTE / LTE-A / LTE-A pro. 3GPP 6G may be an evolved version of 3GPP NR.

[0092]

[0093] For clarity of explanation, the description is based on 3GPP communication systems (e.g., LTE, NR, etc.), but the technical scope of this disclosure is not limited thereto. LTE refers to technology from 3GPP TS 36.xxx Release 8 onwards. Specifically, LTE technology from 3GPP TS 36.xxx Release 10 onwards is referred to as LTE-A, and LTE technology from 3GPP TS 36.xxx Release 13 onwards is referred to as LTE-A pro. 3GPP NR refers to technology from TS 38.xxx Release 15 onwards. 3GPP 6G may refer to technology from TS Release 17 and / or Release 18 onwards. "xxx" indicates a specific standard document number. LTE / NR / 6G may be collectively referred to as 3GPP systems. Regarding background technology, terms, abbreviations, etc. used in the description of this disclosure, reference may be made to matters described in standard documents published prior to this disclosure. For example, the following documents may be referenced.

[0094]

[0095] 3GPP LTE

[0096] - 36.211: Physical channels and modulation

[0097] - 36.212: Multiplexing and channel coding

[0098] - 36.213: Physical layer procedures

[0099] - 36.300: Overall description

[0100] - 36.331: Radio Resource Control (RRC)

[0101] 3GPP NR

[0102] - 38.211: Physical channels and modulation

[0103] - 38.212: Multiplexing and channel coding

[0104] - 38.213: Physical layer procedures for control

[0105] - 38.214: Physical layer procedures for data

[0106] - 38.300: NR and NG-RAN Overall Description

[0107] - 38.331: Radio Resource Control (RRC) protocol specification

[0108]

[0109] Physical Channel and Frame Structure

[0110] Physical channels and general signal transmission

[0111] Figure 1 is a diagram illustrating physical channels used in 3GPP systems and an example of typical signal transmission.

[0112] In a wireless communication system, a terminal receives information from a base station via a downlink (DL) and transmits information to the base station via an uplink (UL). The information transmitted and received by the base station and the terminal includes data and various control information, and various physical channels exist depending on the type and purpose of the information they transmit and receive.

[0113]

[0114] When the terminal is powered on or enters a new cell, it performs an initial cell search operation, such as synchronizing with the base station (S11). To do this, the terminal receives a Primary Synchronization Signal (PSS) and a Secondary Synchronization Signal (SSS) from the base station to synchronize with the base station and obtain information such as a cell ID. After that, the terminal receives a Physical Broadcast Channel (PBCH) from the base station to obtain broadcast information within the cell. Meanwhile, during the initial cell search phase, the terminal receives a Downlink Reference Signal (DL RS) to check the downlink channel status.

[0115]

[0116] A terminal that has completed initial cell search can obtain more specific system information by receiving a Physical Downlink Control Channel (PDCCH) and a Physical Downlink Control Channel (PDSCH) according to the information carried on the PDCCH (S12).

[0117]

[0118] Meanwhile, when connecting to a base station for the first time or when there are no wireless resources available for signal transmission, the terminal may perform a Random Access Procedure (RACH) with respect to the base station (S13 to S16). To this end, the terminal transmits a specific sequence as a preamble through a Physical Random Access Channel (PRACH) (S13 and S15), and may receive a response message (RAR (Random Access Response) message) for the preamble through a PDCCH and a corresponding PDSCH. In the case of a contention-based RACH, a Contention Resolution Procedure may additionally be performed (S16).

[0119]

[0120] A terminal that has performed the procedure described above may subsequently perform PDCCH / PDSCH reception (S17) and Physical Uplink Shared Channel (PUSCH) / Physical Uplink Control Channel (PUCCH) transmission (S18) as a general uplink / downlink signal transmission procedure. In particular, the terminal may receive Downlink Control Information (DCI) through the PDCCH. Here, the DCI includes control information such as resource allocation information for the terminal, and the format may be applied differently depending on the purpose of use.

[0121]

[0122] Meanwhile, control information transmitted by the terminal to the base station via the uplink or received by the terminal from the base station may include downlink / uplink ACK / NACK signals, CQI (Channel Quality Indicator), PMI (Precoding Matrix Index), RI (Rank Indicator), etc. The terminal may transmit the control information such as the above-mentioned CQI / PMI / RI via PUSCH and / or PUCCH.

[0123]

[0124] Structure of uplink and downlink channels

[0125] Downlink Channel Structure

[0126] The base station transmits a relevant signal to the terminal through the downlink channel described below, and the terminal receives the relevant signal from the base station through the downlink channel described below.

[0127]

[0128] (1) Physical Downlink Sharing Channel (PDSCH)

[0129] PDSCH carries downlink data (e.g., DL-shared channel transport block, DL-SCH TB), and modulation methods such as QPSK (Quadrature Phase Shift Keying), 16 QAM (Quadrature Amplitude Modulation), 64 QAM, and 256 QAM are applied. Codewords are generated by encoding the TB. PDSCH can carry multiple codewords. Scrambling and modulation mapping are performed for each codeword, and the modulation symbols generated from each codeword are mapped to one or more layers (Layer mapping). Each layer is mapped to a resource along with the DMRS (Demodulation Reference Signal) to generate an OFDM symbol signal, which is then transmitted through the corresponding antenna port.

[0130]

[0131] (2) Physical Downlink Control Channel (PDCCH)

[0132] A PDCCH carries downlink control information (DCI) and applies methods such as QPSK modulation. A single PDCCH consists of 1, 2, 4, 8, or 16 Control Channel Elements (CCEs) depending on the Aggregation Level (AL). A single CCE consists of 6 Resource Element Groups (REGs). A single REG is defined by one OFDM symbol and one (P)RB.

[0133] The terminal obtains the DCI transmitted over the PDCCH by performing decoding (also known as blind decoding) on ​​a set of PDCCH candidates. The set of PDCCH candidates decoded by the terminal is defined as the PDCCH Search Space set. The Search Space set may be a common search space or a UE-specific search space. The terminal may obtain the DCI by monitoring PDCCH candidates within one or more Search Space sets configured by the MIB or upper-layer signaling.

[0134]

[0135] Uplink Channel Structure

[0136] The terminal transmits a relevant signal to the base station through the uplink channel described below, and the base station receives the relevant signal from the terminal through the uplink channel described below.

[0137] (1) Physical uplink shared channel (PUSCH)

[0138] PUSCH carries uplink data (e.g., UL-shared channel transport block, UL-SCH TB) and / or uplink control information (UCI) and is transmitted based on a CP-OFDM (Cyclic Prefix - Orthogonal Frequency Division Multiplexing) waveform, a DFT-s-OFDM (Discrete Fourier Transform - spread - Orthogonal Frequency Division Multiplexing) waveform, etc. When PUSCH is transmitted based on a DFT-s-OFDM waveform, the terminal applies transform precoding to transmit PUSCH. For example, if transform precoding is not possible (e.g., transform precoding is disabled), the terminal transmits PUSCH based on a CP-OFDM waveform, and if transform precoding is enabled (e.g., transform precoding is enabled), the terminal can transmit PUSCH based on a CP-OFDM waveform or a DFT-s-OFDM waveform. PUSCH transmissions can be dynamically scheduled by UL grants within DCI or semi-statically scheduled based on upper layer (e.g., RRC) signaling (and / or Layer 1 (L1) signaling (e.g., PDCCH)) configured grants. PUSCH transmissions can be performed in a codebook-based or non-codebook-based manner.

[0139] (2) Physical uplink control channel (PUCCH)

[0140] A PUCCH carries uplink control information, HARQ-ACK and / or scheduling request (SR), and can be divided into multiple PUCCHs depending on the PUCCH transmission length.

[0141]

[0142] The following describes new radio access technology (new RAT, NR).

[0143] As more communication devices require larger communication capacities, the need for enhanced mobile broadband communication compared to existing radio access technology (RAT) is emerging. Furthermore, Massive Machine Type Communications (MTC), which connects multiple devices and objects to provide various services anytime and anywhere, is also one of the major issues to be considered in next-generation communication. In addition, communication system designs that consider services / terminals sensitive to reliability and latency are being discussed. Thus, the introduction of next-generation radio access technology considering enhanced mobile broadband communication, massive MTC, and Ultra-Reliable and Low Latency Communication (URLLC) is being discussed, and for convenience in the various embodiments of this disclosure, such technology is referred to as new RAT or NR.

[0144]

[0145] Figure 2 is a diagram illustrating the system structure of a New Generation Radio Access Network (NG-RAN).

[0146] Referring to FIG. 2, the NG-RAN may include gNBs and / or eNBs that provide user plane and control plane protocol termination to terminals. FIG. 1 illustrates a case where only gNBs are included. The gNBs and eNBs are connected to each other via Xn interfaces. The gNBs and eNBs are connected to the 5G Core Network (5GC) via NG interfaces. More specifically, they are connected to the access and mobility management function (AMF) via NG-C interfaces and to the user plane function (UPF) via NG-U interfaces.

[0147]

[0148] Figure 3 is a diagram illustrating the functional division between NG-RAN and 5GC.

[0149] Referring to FIG. 3, the gNB can provide functions such as Inter Cell RRM, RB control, Connection Mobility Control, Radio Admission Control, Measurement Configuration & Provision, and Dynamic Resource Allocation. The AMF can provide functions such as NAS security and idle state mobility processing. The UPF can provide functions such as Mobility Anchoring and PDU processing. The SMF (Session Management Function) can provide functions such as terminal IP address allocation and PDU session control.

[0150]

[0151] Figure 4 is a diagram illustrating an example of a 5G usage scenario.

[0152] The 5G usage scenario illustrated in FIG. 4 is merely exemplary, and the technical features of various embodiments of the present disclosure may be applied to other 5G usage scenarios not illustrated in FIG. 4.

[0153] Referring to FIG. 4, the three major requirement areas of 5G include (1) enhanced mobile broadband (eMBB), (2) massive machine type communication (mMTC), and (3) ultra-reliable and low latency communications (URLLC). Some use cases may require multiple areas for optimization, while others may focus on only one key performance indicator (KPI). 5G supports these various use cases in a flexible and reliable manner.

[0154] eMBB focuses on overall improvements in data speed, latency, user density, and the capacity and coverage of mobile broadband access. eMBB aims for a throughput of approximately 10 Gbps. eMBB far surpasses basic mobile internet access and covers media and entertainment applications ranging from rich interactive tasks to cloud or augmented reality. Data is one of the core drivers of 5G, and dedicated voice services may not be seen for the first time in the 5G era. In 5G, voice is expected to be processed simply as an application using the data connection provided by the communication system. The main causes of the increased traffic volume are the growing size of content and the increase in the number of applications requiring high data transfer rates. Streaming services (audio and video), interactive video, and mobile internet connectivity will become more widely used as more devices connect to the internet. Many of these applications require always-on connectivity to push real-time information and notifications to users. Cloud storage and applications are growing rapidly on mobile communication platforms, applicable to both business and entertainment. Cloud storage is a specific use case driving the growth of uplink data transfer rates. 5G is also used for remote work in the cloud, requiring much lower end-to-end latency to maintain an excellent user experience when haptic interfaces are used. In entertainment, for example, cloud gaming and video streaming are another key factor increasing the demand for mobile broadband capabilities. Entertainment is essential on smartphones and tablets anywhere, including in highly mobile environments such as trains, cars, and airplanes. Other use cases include augmented reality for entertainment and information retrieval. Here, augmented reality requires very low latency and instantaneous data volumes.

[0155] mMTC is designed to enable communication between a large number of low-cost, battery-powered devices and is intended to support applications such as smart metering, logistics, field, and body sensors. mMTC aims for approximately 10 years of battery life and / or one million devices per square kilometer. mMTC enables seamless connectivity of embedded sensors across all sectors and is one of the most anticipated use cases for 5G. Potentially, the number of IoT devices is projected to reach 20.4 billion by 2020. Industrial IoT is one of the areas where 5G plays a key role in enabling smart cities, asset tracking, smart utilities, agriculture, and security infrastructure.

[0156] URLLC is ideal for automotive communications, industrial control, factory automation, remote operation, smart grids, and public safety applications by enabling devices and machines to communicate with high reliability, very low latency, and high availability. URLLC aims for a latency of approximately 1ms. URLLC encompasses new services that will transform industries through ultra-reliable / low-latency links, such as remote control of critical infrastructure and autonomous vehicles. Levels of reliability and latency are essential for smart grid control, industrial automation, robotics, and drone control and coordination.

[0157] Next, we will examine in more detail the multiple usage examples included within the triangle of Fig. 4.

[0158] 5G can complement Fiber-to-the-Home (FTTH) and cable-based broadband (or Docsis) as a means of providing streams rated at hundreds of megabits per second to gigabits per second. These high speeds may be required for virtual reality (VR) and augmented reality (AR), as well as for delivering TV at resolutions of 4K or higher (6K, 8K, and above). VR and AR applications include near-immersive sports matches. Certain applications may require special network configurations. For example, in the case of VR games, game companies may need to integrate core servers with the network operator's edge network servers to minimize latency.

[0159] The automotive sector is expected to become a significant new driving force for 5G, with numerous use cases for mobile communications within vehicles. For example, passenger entertainment requires both high capacity and high mobile broadband simultaneously. This is because future users will continue to expect high-quality connectivity regardless of their location or speed. Another use case in the automotive sector is the augmented reality dashboard. Through an augmented reality contrast board, drivers can identify objects in the dark overlaid on what they are seeing through the windshield. The augmented reality dashboard overlays information to inform the driver about the distance and movement of objects. In the future, wireless modules will enable communication between vehicles, information exchange between vehicles and supporting infrastructure, and information exchange between vehicles and other connected devices (e.g., devices accompanying pedestrians). Safety systems will allow drivers to drive more safely by guiding them to alternative courses of action, thereby reducing the risk of accidents. The next step will be remotely controlled vehicles or autonomous vehicles. This requires highly reliable and very fast communication between different autonomous vehicles and / or between vehicles and infrastructure. In the future, autonomous vehicles will perform all driving activities, allowing drivers to focus only on traffic anomalies that the vehicle itself cannot identify. The technical requirements for autonomous vehicles demand ultra-low latency and ultra-high reliability to increase traffic safety to a level that is unattainable by humans.

[0160] Smart cities and smart homes, referred to as a smart society, will be embedded with high-density wireless sensor networks. Distributed networks of intelligent sensors will identify conditions for maintaining the cost-effective and energy-efficient maintenance of the city or home. A similar setup can be implemented for each household. Temperature sensors, window and heating controllers, burglar alarms, and home appliances are all wirelessly connected. Many of these sensors typically require low data transmission rates, low power consumption, and low cost. However, for example, real-time HD video may be required by certain types of devices for surveillance.

[0161] The consumption and distribution of energy, including heat or gas, are becoming highly decentralized, requiring automated control of distributed sensor networks. Smart grids interconnect these sensors using digital information and communication technologies to collect information and act accordingly. Since this information may include the behavior of suppliers and consumers, smart grids can improve efficiency, reliability, economic viability, production sustainability, and the automated distribution of fuels such as electricity. Smart grids can also be viewed as other sensor networks with low latency.

[0162] The health sector possesses numerous applications that can benefit from mobile communications. Communication systems can support telemedicine, providing clinical care from remote locations. This helps reduce distance barriers and improves access to medical services that are not consistently available in remote rural areas. It is also used to save lives during critical medical care and emergencies. Mobile communication-based wireless sensor networks can provide remote monitoring and sensors for parameters such as heart rate and blood pressure.

[0163] Wireless and mobile communications are becoming increasingly important in industrial applications. Wiring involves high installation and maintenance costs. Therefore, the potential to replace cables with reconfigurable wireless links presents an attractive opportunity for many industries. However, achieving this requires wireless connections to operate with latency, reliability, and capacity comparable to cables, while also simplifying their management. Low latency and a very low probability of error are new requirements that 5G needs to meet.

[0164] Logistics and cargo tracking are important use cases for mobile communications that use location-based information systems to enable the tracking of inventory and packages anywhere. Use cases for logistics and cargo tracking typically require low data rates but may require wide coverage and reliable location information.

[0165] Hereinafter, examples of next-generation communication (e.g., 6G) that can be applied to the embodiments of various embodiments of the present disclosure will be described.

[0166]

[0167] 6G System General

[0168] The 6G (wireless communication) system aims for (i) very high data rates per device, (ii) a very large number of connected devices, (iii) global connectivity, (iv) very low latency, (v) reduced energy consumption of battery-free IoT devices, (vi) ultra-reliable connectivity, and (vii) connected intelligence with machine learning capabilities. The vision of the 6G system can be seen in four aspects: intelligent connectivity, deep connectivity, holographic connectivity, and ubiquitous connectivity, and the 6G system can satisfy the requirements shown in Table 1 below. In other words, Table 1 is a table representing an example of the requirements for a 6G system.

[0169]

[0170] Per device peak data rate1TbpsE2E latency1msMaximum spectral efficiency100bps / HzMobility supportUp to 1000km / hrSatellite integrationFullyAIFullyAutonomous vehicleFullyXRFullyHaptic CommunicationFully

[0171] 6G systems can have key factors such as enhanced mobile broadband (eMBB), ultra-reliable low latency communications (URLLC), massive machine-type communication (mMTC), AI integrated communication, tactile internet, high throughput, high network capacity, high energy efficiency, low backhaul and access network congestion, and enhanced data security.

[0172]

[0173] Figure 5 is a diagram illustrating an example of a communication structure that can be provided in a 6G system.

[0174] 6G systems are expected to have 50 times higher simultaneous wireless connectivity than 5G wireless communication systems. URLLC, a key feature of 5G, will become an even more dominant technology in 6G communication by providing end-to-end latency of less than 1ms. Unlike the frequently used area spectrum efficiency, 6G systems will exhibit significantly superior volume spectrum efficiency. 6G systems can provide very long battery life and advanced battery technologies for energy harvesting, meaning mobile devices in 6G systems will not require separate charging. New network characteristics in 6G may include the following.

[0175] - Satellite Integrated Network: 6G is expected to be integrated with satellites to provide a global mobile population. Integrating terrestrial, satellite, and airborne networks into a single wireless communication system is crucial for 6G.

[0176] - Connected Intelligence: Unlike previous generations of wireless communication systems, 6G is innovative and will update wireless evolution from "connected things" to "connected intelligence." AI can be applied at each stage of the communication process (or at each step of the signal processing described below).

[0177] - Seamless integration of wireless information and energy transfer: 6G wireless networks will transfer power to charge the batteries of devices such as smartphones and sensors. Therefore, wireless information and energy transfer (WIET) will be integrated.

[0178] - Ubiquitous Super 3D Connectivity: Connectivity to the network and core network functions of drones and very low Earth orbit satellites will create Super 3D connectivity in 6G ubiquitous.

[0179] Some general requirements regarding the new network characteristics of 6G mentioned above may be as follows.

[0180] - Small cell networks: The idea of ​​small cell networks was introduced to improve the quality of received signals in cellular systems as a result of increased throughput, energy efficiency, and spectrum efficiency. Consequently, small cell networks are an essential feature of communication systems for 5G and beyond 5G (5GB). Therefore, 6G communication systems also adopt the characteristics of small cell networks.

[0181] - Ultra-dense heterogeneous network: Ultra-dense heterogeneous networks will be another important characteristic of 6G communication systems. Multi-tier networks composed of heterogeneous networks improve overall QoS and reduce costs.

[0182] - High-capacity backhaul: Backhaul connections are characterized as high-capacity backhaul networks to support high-volume traffic. High-speed fiber optics and free-space optics (FSO) systems can be possible solutions to this problem.

[0183] - Radar technology integrated with mobile technology: High-precision localization (or location-based services) through communication is one of the functions of 6G wireless communication systems. Therefore, radar systems will be integrated with 6G networks.

[0184] - Softwarization and virtualization: Softwarization and virtualization are two important features that form the basis of the design process in 5GB networks to ensure flexibility, reconfigurability, and programmability. Additionally, billions of devices can be shared across a shared physical infrastructure.

[0185]

[0186] Core implementation technology of 6G systems

[0187]

[0188] Artificial Intelligence

[0189] The most critical and newly introduced technology for 6G systems is AI. AI was not involved in 4G systems. 5G systems will support AI partially or to a very limited extent. However, 6G systems will be supported by AI for complete automation. Advancements in machine learning will create more intelligent networks for real-time communication in 6G. Introducing AI into communications can streamline and enhance real-time data transmission. AI can determine how complex target tasks are performed using numerous analyses. In other words, AI can increase efficiency and reduce processing latency.

[0190] Time-consuming tasks such as handover, network selection, and resource scheduling can be performed instantly by using AI. AI can also play a significant role in M2M, machine-to-human, and human-to-machine communication. Furthermore, AI can enable rapid communication in Brain-Computer Interfaces (BCI). AI-based communication systems can be supported by metamaterials, intelligent structures, intelligent networks, intelligent devices, intelligent cognitive radios, self-sustaining wireless networks, and machine learning.

[0191] Recently, attempts to integrate AI with wireless communication systems have emerged, but these have primarily focused on the application layer and network layer, particularly deep learning in the field of wireless resource management and allocation. However, such research is increasingly advancing toward the MAC layer and physical layer, with attempts to combine deep learning with wireless transmission, particularly at the physical layer. AI-based physical layer transmission refers to the application of signal processing and communication mechanisms based on AI drivers rather than traditional communication frameworks in terms of fundamental signal processing and communication mechanisms. Examples include deep learning-based channel coding and decoding, deep learning-based signal estimation and detection, deep learning-based MIMO mechanisms, and AI-based resource scheduling and allocation.

[0192] Machine learning can be used for channel estimation and channel tracking, and for power allocation and interference cancellation in the physical layer of the downlink (DL). In addition, machine learning can be used for antenna selection, power control, and symbol detection in MIMO systems.

[0193] However, the application of DNNs for transmission at the physical layer may have the following problems.

[0194] Deep learning-based AI algorithms require a vast amount of training data to optimize training parameters. However, due to limitations in acquiring training data from specific channel environments, a large amount of offline training data is used. Consequently, static training on training data in specific channel environments can lead to contradictions between the dynamic characteristics and diversity of wireless channels.

[0195] Furthermore, current deep learning primarily targets real signals. However, signals at the physical layer of wireless communication are complex signals. Further research is needed on neural networks that detect complex domain signals to match the characteristics of wireless communication signals.

[0196] Below, we will take a closer look at machine learning.

[0197] Machine learning refers to a series of operations for training machines to create machines capable of performing tasks that humans can or find difficult to do. Machine learning requires data and learning models. Data learning methods in machine learning can be broadly classified into three types: supervised learning, unsupervised learning, and reinforcement learning.

[0198] The purpose of neural network training is to minimize output errors. It is a process that repeatedly inputs training data into a neural network, calculates the error between the network's output and the target for the training data, and updates the weights of each node by backpropagating the error from the output layer to the input layer in a direction that reduces the error.

[0199] Supervised learning uses training data with correct answers labeled, whereas unsupervised learning may not have correct answers labeled. That is, for example, in the case of supervised learning regarding data classification, the training data may consist of data where each training data point is labeled with a category. Labeled training data is input into a neural network, and an error can be calculated by comparing the network's output (category) with the labels of the training data. The calculated error is backpropagated within the neural network (i.e., from the output layer to the input layer), and the connection weights of each node in each layer of the neural network can be updated according to this backpropagation. The amount of change in the connection weights of each node being updated can be determined by the learning rate. The neural network's calculations on the input data and the backpropagation of the error can constitute a learning cycle (epoch). The learning rate can be applied differently depending on the number of iterations of the neural network's learning cycle. For example, efficiency can be increased by using a high learning rate in the early stages of neural network training to enable the network to quickly achieve a certain level of performance, and accuracy can be increased by using a low learning rate in the later stages of training.

[0200] The learning method may vary depending on the characteristics of the data. For example, if the goal is to accurately predict data transmitted from the transmitting end at the receiving end in a communication system, it is preferable to perform learning using supervised learning rather than unsupervised learning or reinforcement learning.

[0201] Learning models correspond to the human brain, and while the most basic linear model can be considered, a machine learning paradigm that uses highly complex neural network structures, such as artificial neural networks, as learning models is called deep learning.

[0202] The neural network cores used for learning methods are broadly classified into deep neural networks (DNN), convolutional deep neural networks (CNN), and recurrent Boltzmann machines (RNN).

[0203] An artificial neural network is an example of connecting multiple perceptrons.

[0204]

[0205] Figure 6 is a schematic diagram illustrating an example of a perceptron structure.

[0206] Referring to Fig. 6, the entire process of inputting an input vector x=(x1,x2,...,xd), multiplying each component by a weight (W1,W2,...,Wd), summing all the results, and then applying an activation function σ(·) is called a perceptron. A large artificial neural network structure can also apply input vectors to different multi-dimensional perceptrons by extending the simplified perceptron structure illustrated in Fig. 6. For convenience of explanation, input or output values ​​are referred to as nodes.

[0207] Meanwhile, the perceptron structure illustrated in Fig. 6 can be described as consisting of a total of three layers based on input and output values. An artificial neural network can be represented as shown in Fig. 7, in which there are H (d+1) dimensional perceptrons between the 1st layer and the 2nd layer, and K (H+1) dimensional perceptrons between the 2nd layer and the 3rd layer.

[0208]

[0209] Figure 7 is a schematic diagram illustrating an example of a multilayer perceptron structure.

[0210] The layer where the input vector is located is called the input layer, the layer where the final output value is located is called the output layer, and all layers located between the input and output layers are called hidden layers. Although the example in Fig. 7 shows three layers, the input layer is excluded when counting the actual number of layers in an artificial neural network, so it can be viewed as having a total of two layers. An artificial neural network is constructed by connecting perceptrons of basic blocks in a two-dimensional manner.

[0211] The aforementioned input layer, hidden layer, and output layer can be applied not only to multilayer perceptrons but also to various artificial neural network structures such as CNNs and RNNs, which will be described later. As the number of hidden layers increases, the artificial neural network becomes deeper, and the machine learning paradigm that uses a sufficiently deep artificial neural network as a learning model is called Deep Learning. In addition, the artificial neural network used for Deep Learning is called a Deep Neural Network (DNN).

[0212]

[0213] Figure 8 is a schematic diagram illustrating an example of a deep neural network.

[0214] The deep neural network illustrated in Fig. 8 is a multilayer perceptron composed of eight hidden layers plus eight output layers. The structure of the multilayer perceptron is referred to as a fully-connected neural network. In a fully-connected neural network, there are no connections between nodes located in the same layer, and connections exist only between nodes located in adjacent layers. A DNN has a fully-connected neural network structure and is composed of a combination of multiple hidden layers and activation functions, which can be usefully applied to identify correlation characteristics between inputs and outputs. Here, correlation characteristics may refer to the joint probability of the input and output.

[0215] Meanwhile, depending on how multiple perceptrons are connected to each other, various artificial neural network structures different from the aforementioned DNN can be formed.

[0216]

[0217] Figure 9 is a schematic diagram illustrating an example of a convolutional neural network.

[0218] In a DNN, nodes located within a single layer are arranged in a one-dimensional vertical direction. However, Figure 9 assumes a case where nodes are arranged two-dimensionally, with w nodes horizontally and h nodes vertically (the convolutional neural network structure of Figure 9). In this case, since a weight is applied for each connection during the connection process from a single input node to a hidden layer, a total of hYw weights must be considered. Since there are hYw nodes in the input layer, a total of h2w2 weights are required between two adjacent layers.

[0219] The convolutional neural network of Fig. 9 has a problem in which the number of weights increases exponentially with the number of connections. Therefore, instead of considering all mode connections between adjacent layers, it is assumed that there are small filters, and weighted sum and activation function operations are performed on the parts where filters overlap, as shown in Fig. 10.

[0220]

[0221] Figure 10 is a schematic diagram illustrating an example of a filter operation in a convolutional neural network.

[0222] A single filter has weights corresponding to its size, and the weights can be trained to extract and output specific features on an image as factors. In Fig. 10, a filter of size 3Y3 is applied to the top-left 3Y3 region of the input layer, and the output value resulting from the weighted sum and activation function operation for the corresponding node is stored in z22.

[0223] The above filter performs weighted sum and activation function operations while scanning the input layer and moving by a fixed interval horizontally and vertically, and places the output value at the current filter position. This method of operation is similar to the convolution operation on images in the field of computer vision, so a deep neural network with this structure is called a convolutional neural network (CNN), and the hidden layer generated as a result of the convolution operation is called a convolutional layer. In addition, a neural network having multiple convolutional layers is called a deep convolutional neural network (DCNN).

[0224] In the convolution layer, the number of weights can be reduced by calculating a weighted sum that includes only the nodes located within the area covered by the filter, starting from the node where the current filter is located. As a result, a single filter can be utilized to focus on features of a local area. Accordingly, CNNs can be effectively applied to image data processing where physical distance in a 2D area serves as an important judgment criterion. Meanwhile, multiple filters can be applied immediately before the convolution layer in a CNN, and multiple output results can be generated through the convolution operation of each filter.

[0225] Meanwhile, depending on the data attributes, there may be data where sequence characteristics are important. A structure that applies a method to an artificial neural network in which elements of the data sequence are input one by one at each timestep, taking into account the length variability and sequence relationships of such sequence data, and the output vector (hidden vector) of the hidden layer output at a specific timestep is input along with the next element in the sequence is called a recurrent neural network structure.

[0226]

[0227] Figure 11 is a schematic diagram illustrating an example of a neural network structure in which a recurrent loop exists.

[0228] Referring to Fig. 11, the recurrent neural network (RNN) is structured such that, in the process of inputting elements (x1(t), x2(t), ..., xd(t)) of a time point t in a data sequence into a fully connected neural network, the previous time point t-1 is input along with the hidden vector (z1(t-1), z2(t-1), ..., zH(t-1)), and a weighted sum and activation function are applied. The reason for passing the hidden vector to the next time point in this manner is that the information in the input vectors from previous time points is considered to be accumulated in the hidden vector of the current time point.

[0229]

[0230] Figure 12 is a schematic diagram illustrating an example of the operational structure of a recurrent neural network.

[0231] Referring to Fig. 12, the recurrent neural network operates on the input data sequence in a predetermined time sequence.

[0232] When the input vector (x1(t), x2(t), ..., xd(t)) at time point 1 is input into the recurrent neural network, the hidden vector (z1(1), z2(1), ..., zH(1)) is input together with the input vector (x1(2), x2(2), ..., xd(2)) at time point 2, and the vector (z1(2), z2(2), ..., zH(2)) of the hidden layer is determined through a weighted sum and activation function. This process is performed repeatedly up to time point 2, time point 3, ..., time point T.

[0233] Meanwhile, when multiple hidden layers are placed within a recurrent neural network, it is called a deep recurrent neural network (DRNN). Recurrent neural networks are designed to be usefully applied to sequence data (e.g., natural language processing).

[0234] In addition to DNN, CNN, and RNN, it includes various deep learning techniques such as Restricted Boltzmann Machine (RBM), Deep Belief Networks (DBN), and Deep Q-Network as neural network cores used for learning, and can be applied in fields such as computer vision, speech recognition, natural language processing, and speech / signal processing.

[0235] Recently, attempts to integrate AI with wireless communication systems have emerged, but these have primarily focused on the application layer and network layer, particularly deep learning in the field of wireless resource management and allocation. However, such research is increasingly advancing toward the MAC layer and physical layer, with attempts to combine deep learning with wireless transmission, particularly at the physical layer. AI-based physical layer transmission refers to the application of signal processing and communication mechanisms based on AI drivers rather than traditional communication frameworks in terms of fundamental signal processing and communication mechanisms. Examples include deep learning-based channel coding and decoding, deep learning-based signal estimation and detection, deep learning-based MIMO mechanisms, and AI-based resource scheduling and allocation.

[0236] THz (Terahertz) communication

[0237] Data transmission rates can be increased by expanding bandwidth. This can be achieved by using sub-THz communication with wide bandwidth and applying advanced large-scale MIMO technology. THz waves, also known as sub-millimeter radiation, generally refer to a frequency band between 0.1 THz and 10 THz with corresponding wavelengths ranging from 0.03 mm to 3 mm. The 100 GHz–300 GHz band range (Sub-THz band) is considered the primary portion of the THz band for cellular communication. Adding the Sub-THz band to the mmWave band increases 6G cellular communication capacity. Among the defined THz bands, the 300 GHz–3 THz band is located in the far-infrared (IR) frequency band. Although the 300 GHz–3 THz band is part of the broadband, it lies at the boundary of the broadband and immediately following the RF band. Therefore, this 300 GHz–3 THz band exhibits similarities to RF.

[0238]

[0239] Figure 13 is a diagram illustrating an example of an electromagnetic spectrum.

[0240] Key characteristics of THz communication include (i) widely available bandwidth to support very high data transmission rates, and (ii) high path loss occurring at high frequencies (highly directional antennas are indispensable). The narrow beam width generated by highly directional antennas reduces interference. The small wavelength of THz signals allows a much larger number of antenna elements to be integrated into devices and BSs operating in this band. This enables the use of advanced adaptive array technologies that can overcome range limitations.

[0241] Optical wireless technology

[0242] OWC technology has been planned for 6G communication in addition to RF-based communication for all possible device-to-access networks. These networks connect to network-to-backhaul / fronthaul network connections. Although OWC technology has already been in use since 4G communication systems, it will be used more widely to meet the demands of 6G communication systems. OWC technologies such as light fidelity, visible light communication, optical camera communication, and broadband-based FSO communication are already well-known technologies. Communication based on optical radio technology can provide very high data rates, low latency, and secure communication. LiDAR can also be utilized for ultra-high resolution 4D mapping in 6G communication based on broadband.

[0243] FSO Backhaul Network

[0244] The transmitter and receiver characteristics of an FSO system are similar to those of a fiber optic network. Therefore, data transmission in an FSO system is similar to that of a fiber optic system. Consequently, FSO can be a good technology for providing backhaul connectivity in 6G systems in conjunction with fiber optic networks. Using FSO enables very long-distance communication over distances of more than 10,000 km. FSO supports high-capacity backhaul connectivity for remote and non-remote areas such as the ocean, space, underwater, and isolated islands. FSO also supports cellular backhaul connectivity.

[0245] Massive MIMO technology

[0246] One of the key technologies for improving spectrum efficiency is the application of MIMO technology. As MIMO technology improves, spectrum efficiency also improves. Therefore, large-scale MIMO technology will be important in 6G systems. Since MIMO technology utilizes multiple paths, multiplexing technology and beam generation and operation technology suitable for the THz band must also be given important consideration to enable data signals to be transmitted through one or more paths.

[0247] blockchain

[0248] Blockchain will become a critical technology for managing massive amounts of data in future communication systems. As a form of distributed ledger technology, a distributed ledger is a database distributed across numerous nodes or computing devices. Each node replicates and stores an identical copy of the ledger. Blockchain is managed via a peer-to-peer (P2P) network and can exist without being managed by a centralized authority or server. Data in a blockchain is collected together and organized into blocks. These blocks are linked together and protected using encryption. Blockchain inherently complements large-scale IoT perfectly through enhanced interoperability, security, privacy, stability, and scalability. Therefore, blockchain technology provides various capabilities such as inter-device interoperability, large-scale data traceability, autonomous interaction with other IoT systems, and the large-scale connectivity stability of 6G communication systems.

[0249] 3D Networking

[0250] 6G systems integrate terrestrial and air networks to support vertically scalable user communications. 3D BS will be provided via low-orbit satellites and UAVs. By adding new dimensions in terms of altitude and associated degrees of freedom, 3D connectivity differs significantly from existing 2D networks.

[0251] Quantum communication

[0252] Unsupervised reinforcement learning of networks is promising in the context of 6G networks. Supervised learning methods cannot label the vast amount of data generated in 6G. Unsupervised learning does not require labeling. Therefore, this technology can be used to autonomously construct representations of complex networks. Combining reinforcement learning and unsupervised learning enables the operation of networks in a truly autonomous manner.

[0253] unmanned aerial vehicles

[0254] Unmanned Aerial Vehicles (UAVs) or drones will become a critical element in 6G wireless communication. In most cases, high-speed data wireless connectivity is provided using UAV technology. BS entities are installed on UAVs to provide cellular connectivity. UAVs possess specific capabilities not found in fixed BS infrastructure, such as easy deployment, robust line-of-sight links, and controlled degrees of freedom for mobility. During emergencies, such as natural disasters, the deployment of ground communication infrastructure is not economically feasible, and sometimes services cannot be provided in volatile environments. UAVs can easily handle these situations. UAVs will become a new paradigm in the field of wireless communication. This technology facilitates the three fundamental requirements of wireless networks: eMBB, URLLC, and mMTC. UAVs can also support various purposes, such as enhancing network connectivity, fire detection, disaster emergency services, security and surveillance, pollution monitoring, parking monitoring, and accident monitoring. Therefore, UAV technology is recognized as one of the most critical technologies for 6G communication.

[0255] Cell-free Communication

[0256] The tight integration of multiple frequencies and heterogeneous communication technologies is critical to 6G systems. Consequently, users can seamlessly move from one network to another without the need for any manual configuration on their devices. The best network among available communication technologies is automatically selected. This will break the limitations of the cellular concept in wireless communication. Currently, user movement from one cell to another in high-density networks causes excessive handovers, leading to handover failures, delays, data loss, and the "ping-pong" effect. 6G cell-free communication will overcome all of these issues and provide better QoS. Cell-free communication will be achieved through multi-connectivity and multi-tier hybrid technologies, as well as different heterogeneous radios on devices.

[0257] Wireless Information and Energy Transmission Integration

[0258] WIET uses the same fields and waves as wireless communication systems. In particular, sensors and smartphones will be charged using wireless power transmission during communication. WIET is a promising technology for extending the lifespan of wireless battery charging systems. Therefore, devices without batteries will be supported in 6G communication.

[0259] Integration of Sensing and Communication

[0260] Autonomous wireless networks are capable of continuously detecting dynamically changing environmental conditions and exchanging information between different nodes. In 6G, sensing will be tightly integrated with communication to support autonomous systems.

[0261] Integration of access backhaul networks

[0262] In 6G, the density of access networks will be enormous. Each access network will be connected via backhaul connections such as fiber optics and FSO networks. To cope with a very large number of access networks, there will be tight integration between access and backhaul networks.

[0263] Holographic beam forming

[0264] Beamforming is a signal processing procedure that adjusts an antenna array to transmit wireless signals in a specific direction. It is a subset of smart antennas or advanced antenna systems. Beamforming technology offers several advantages, such as a high call-to-noise ratio, interference prevention and rejection, and high network efficiency. Holographic Beamforming (HBF) is a new beamforming method that differs significantly from MIMO systems because it utilizes software-defined antennas. HBF will be a highly effective approach for the efficient and flexible transmission and reception of signals in multi-antenna communication devices in 6G.

[0265] Big data analysis

[0266] Big data analysis is a complex process for analyzing various large-scale data sets or big data. This process ensures perfect data management by uncovering information such as hidden data, unknown correlations, and customer preferences. Big data is collected from various sources, such as video, social networks, images, and sensors. This technology is widely used to process vast amounts of data in 6G systems.

[0267] Large Intelligent Surface (LIS)

[0268] THz band signals exhibit strong directivity, which can lead to numerous dead zones caused by obstacles. Consequently, LIS technology becomes important as it allows for the expansion of communication coverage, enhanced communication stability, and the provision of additional value-added services by installing LIS near these dead zones. An LIS is an artificial surface made of electromagnetic materials capable of altering the propagation of incoming and outgoing radio waves. While LIS can be viewed as an extension of massive MIMO, it differs from massive MIMO in its array structure and operational mechanism. Furthermore, LIS offers the advantage of low power consumption because it operates as a reconfigurable reflector with passive elements—that is, by passively reflecting signals without using an active RF chain. Additionally, since each passive reflector in an LIS must independently adjust the phase shift of the incident signal, this can be advantageous for wireless communication channels. By appropriately adjusting the phase shift through the LIS controller, the reflected signal can be collected at the target receiver to boost the received signal power.

[0269]

[0270] Terahertz (THz) wireless communication general

[0271]

[0272] THz wireless communication utilizes THz waves with a frequency of approximately 0.1 to 10 THz (1 THz = 10¹² Hz) for wireless communication, and can refer to terahertz (THz) band wireless communication using very high carrier frequencies of 100 GHz or higher. THz waves are located between the RF (Radio Frequency) / millimeter (mm) and infrared bands, and (i) they penetrate non-metallic / non-polar materials well compared to visible light / infrared light, and because their wavelengths are shorter than RF / millimeter waves, they have high directivity and can be beam focused. In addition, since the photon energy of THz waves is only a few meV, they have the characteristic of being harmless to the human body. The frequency bands expected to be used for THz wireless communication may be the D-band (110 GHz–170 GHz) or H-band (220 GHz–325 GHz) bands, which have low propagation loss due to molecular absorption in the air. Standardization discussions regarding THz wireless communication are being conducted primarily by the IEEE 802.15 THz working group in addition to 3GPP, and standard documents published by the IEEE 802.15 Task Group (TG3d, TG3e) may elaborate on or supplement the contents described in the various embodiments of this disclosure. THz wireless communication can be applied to wireless cognition, sensing, imaging, wireless communication, THz navigation, etc.

[0273]

[0274] Figure 14 is a diagram illustrating an example of a THz communication application.

[0275] As illustrated in FIG. 14, THz wireless communication scenarios can be classified into macro networks, micro networks, and nanoscale networks. In macro networks, THz wireless communication can be applied to vehicle-to-vehicle connections and backhaul / fronthaul connections. In micro networks, THz wireless communication can be applied to fixed point-to-point or multi-point connections, such as indoor small cells and wireless connections in data centers, and near-field communication, such as kiosk downloading.

[0276] Table 2 below shows an example of a technology that can be used in THz waves.

[0277] Transceivers DeviceAvailable immature: UTC-PD, RTD and SBDModulation and CodingLow order modulation techniques (OOK, QPSK), LDPC, Reed Soloman, Hamming, Polar, TurboAntennaOmni and Directional, phased array with low number of antenna elementsBandwidth69GHz (or 23 GHz) at 300GHzChannel modelsPartiallyData rate100GbpsOutdoor deploymentNoFree space lossHighCoverageLowRadio Measurements300GHz indoorDevice sizeFew micrometers

[0278]

[0279] THz wireless communication can be classified based on the methods for generating and receiving THz. THz generation methods can be classified into optical or electronic device-based technologies.

[0280]

[0281] FIG. 15 is a diagram illustrating an example of an electronic device-based THz wireless communication transceiver.

[0282] Methods for generating THz using electronic components include using semiconductor devices such as Resonant Tunneling Diodes (RTDs), using local oscillators and multipliers, using Monolithic Microwave Integrated Circuits (MMICs) based on compound semiconductor High Electron Mobility Transistors (HEMTs), and using Si-CMOS based integrated circuits. In the case of Fig. 15, a doubler, tripler, or multiplier is applied to increase the frequency, and the signal passes through a subharmonic mixer and is radiated by the antenna. Since the THz band forms high frequencies, a multiplier is essential. Here, the multiplier is a circuit that produces an output frequency N times that of the input, matches it to the desired harmonic frequency, and filters out all other frequencies. Additionally, beamforming may be implemented by applying an array antenna or similar device to the antenna in Fig. 15. In Fig. 15, IF represents the intermediate frequency, tripler and multipler represent multipliers, PA represents the power amplifier, LNA represents the low noise amplifier, and PLL represents the phase-locked loop.

[0283]

[0284] FIG. 16 is a diagram illustrating an example of a method for generating a THz signal based on an optical element.

[0285] FIG. 17 is a diagram illustrating an example of a THz wireless communication transceiver based on an optical element.

[0286] Optical device-based THz wireless communication technology refers to a method of generating and modulating THz signals using optical devices. Optical device-based THz signal generation technology is a technique that generates ultra-high-speed optical signals using lasers and optical modulators, and converts them into THz signals using ultra-high-speed photodetectors. Compared to technology that uses only electronic devices, this technology makes it easier to increase the frequency, enables the generation of high-power signals, and allows for flat response characteristics over a wide frequency band. To generate optical device-based THz signals, a laser diode, a broadband optical modulator, and an ultra-high-speed photodetector are required, as shown in Fig. 16. In the case of Fig. 16, light signals from two lasers with different wavelengths are combined to generate a THz signal corresponding to the wavelength difference between the lasers. In FIG. 16, an optical coupler refers to a semiconductor device that uses light waves to transmit electrical signals in order to provide coupling with electrical isolation between circuits or systems, and a Uni-Travelling Carrier Photo-Detector (UTC-PD) is a type of photodetector that uses electrons as active carriers and reduces the electron travel time through bandgap grading. The UTC-PD is capable of photodetect at 150 GHz or higher. In FIG. 17, an Erbium-Doped Fiber Amplifier (EDFA) represents an erbium-doped fiber amplifier, a Photo Detector (PD) represents a semiconductor device capable of converting optical signals into electrical signals, an Optical Sub Assembly (OSA) represents an optical module that modularizes various optical communication functions (photoelectric conversion, electro-optical conversion, etc.) into a single component, and a Digital Storage Oscilloscope (DSO) represents a digital storage oscilloscope.

[0287]

[0288] The structure of a photoelectric converter (or photoelectric converter) is described with reference to FIGS. 18 and 19.

[0289] FIG. 18 is a diagram illustrating the structure of a photonic source-based transmitter.

[0290] Figure 19 is a diagram illustrating the structure of an optical modulator.

[0291] Generally, the phase of a signal can be changed by passing an optical source of a laser through an optical wave guide. At this time, data is carried by changing electrical characteristics through a microwave contact, etc. Therefore, the optical modulator output is formed as a modulated waveform. An O / E converter can generate THz pulses based on optical rectification by a nonlinear crystal, O / E conversion by a photoconductive antenna, and emission from a bundle of relativistic electrons. Terahertz pulses generated in the above manner can have lengths ranging from femtoseconds to picoseconds. The photoelectric converter (O / E converter) performs down-conversion by utilizing the non-linearity of the device.

[0292] When considering the usage of the terahertz spectrum, it is highly likely that multiple contiguous GHz bands will be used for fixed or mobile service applications for terahertz systems. According to outdoor scenario criteria, available bandwidth can be classified based on an oxygen attenuation of 10^2 dB / km in the spectrum up to 1 THz. Accordingly, a framework in which the available bandwidth is composed of multiple band chunks can be considered. As an example of the above framework, if the length of a terahertz pulse (THz pulse) for a single carrier is set to 50 ps, ​​the bandwidth (BW) becomes approximately 20 GHz.

[0293] Effective down-conversion from the infrared (IR) band to the terahertz (THz) band depends on how the nonlinearity of the photoelectric converter (O / E converter) is utilized. In other words, to achieve down-conversion to the desired terahertz band, it is required to design an O / E converter with the most ideal nonlinearity for transferring to that specific band. If an O / E converter that does not match the target frequency band is used, there is a high probability of errors occurring regarding the amplitude and phase of the corresponding pulse.

[0294] In a single-carrier system, a terahertz transceiver system can be implemented using a single photoelectric converter. Depending on the channel environment, in a multi-carrier system, as many photoelectric converters as there are carriers may be required. This phenomenon will be particularly pronounced in multi-carrier systems utilizing multiple broadbands according to the plans related to the aforementioned spectrum applications. In this regard, a frame structure for the multi-carrier system may be considered. A signal down-frequency converted based on a photoelectric converter can be transmitted in a specific resource region (e.g., a specific frame). The frequency domain of the specific resource region may include multiple chunks. Each chunk may consist of at least one component carrier (CC).

[0295]

[0296] Detailed description of various embodiments of the present disclosure

[0297] Various embodiments of the present disclosure will be described in more detail below.

[0298] The present disclosure relates to an apparatus and method for performing a quantum security-based internet key exchange protocol in a quantum communication system.

[0299]

[0300] Background art for various embodiments of the present disclosure

[0301] Quantum Communication

[0302] Quantum communication is a next-generation communication technology that applies quantum mechanical properties to the field of information and communications to overcome the limitations of existing technologies, such as security and ultra-high-speed computing. Quantum communication provides a means to generate, transmit, process, and store information that cannot be represented in the form of 0 and 1 based on binary bits used in conventional communication technologies, or that is difficult to represent. While conventional communication technologies utilize wavelength or amplitude for information transmission between a transmitter and a receiver, quantum communication, in contrast, utilizes photons—the smallest unit of light—for this purpose. In particular, since quantum uncertainty and quantum irreversibility can be applied to the polarization or phase difference of photons (light), quantum communication possesses the characteristic of enabling communication with guaranteed perfect security. Furthermore, under specific conditions, quantum communication may enable ultra-high-speed communication by utilizing quantum entanglement.

[0303] Quantum Communication (QC) is defined as a communication system capable of exchanging information by utilizing the quantum properties of Quantum Physics. A QC system uses wired or wireless communication environments to transmit the intended quantum information to a receiver via a quantum channel. As a foundational technology constituting the Quantum Internet, QC is utilized to transmit quantum information between quantum nodes.

[0304]

[0305] Figure 20 is a diagram illustrating an example of a general scenario of quantum communication.

[0306] In FIG. 20, the Quantum Channel can be configured via wired connections through fiber optics or wireless connections through free space, and transmits Qubit information through the direct transmission of Single / Multiple Photons formed at the transmitting end or through Quantum Teleportation between Nodes that share Entanglement Resources. The Quantum Channel serves as a medium for transmitting Qubit information in a Quantum Network composed of multiple Quantum Processors and can be configured as a single hop or multiple hop.

[0307] The technology group of Quantum Communication can be divided into Quantum Communication for Classical Bit (QC4Cbit) and Quantum Communication for Quantum Bit (QC4Qbit), which correspond to the information exchange technology group of Quantum Communication, and Quantum Network, which corresponds to the Infra Network support technology group for supporting Quantum Communication.

[0308] Information in QC includes both Bit information, the basic unit of Classical Information, and Qubit information (Quantum Bit), the basic unit of Quantum Information.

[0309]

[0310] FIG. 21 is a diagram illustrating an example of quantum communication for classical bits and quantum communication for quantum bits in a system applicable to the present disclosure.

[0311] QC can be classified into Quantum Communication for Classical Bit (QC4Cbit) and Quantum Communication for Quantum Bit (QC4Qbit) depending on the type of information to be transmitted. QC4Cbit converts the Classical Bit information to be transmitted (with or without applying reliability enhancement technologies such as Channel Encoder) into Qubit Basis (or Computation Basis) using a Quantum Encoder. In this process, the Classical Bit information 0 or 1 is Qubit Basis or It is converted into. The above Qubit Basis is logical information about the Quantum state and can be formed by a physical Quantum Basis. For example, at the transmitting and receiving ends, the Qubit Basis is formed from Horizontal Polarization and Vertical Polarization as the Quantum Basis. class It is possible to agree upon them in correspondence. The Qubit Basis generated at the transmitting end is transmitted to the receiving end via a Quantum Channel, and the Quantum Decoder at the receiving end decrypts the Qubit Basis by performing a measurement using the pre-agreed Quantum Basis. The measured Qubit Basis is then corresponded to Classical Bit information (with or without applying reliability enhancement techniques such as Channel Decoder), thereby obtaining the desired information. Assuming that the Qubit state is determined based on multiple Qubit Basis, the receiving end can obtain information deterministically or probabilistically depending on which Qubit Basis is used for the measurement. Based on these characteristics, technology groups such as Quantum Key Distribution in quantum cryptography and Quantum Secure Direct Communication in quantum direct communication can provide security between the transmitting and receiving ends.

[0312] QC4Qbit is a Qubit State generated by the transmitting end's Quantum Processor. It refers to a method in which it is transmitted to the receiver via a Quantum Channel, and the receiver uses the received Qubit State according to its purpose. In QC4Qbit, the Qubit State received by the receiver When using in a Quantum Processor, Qubit State without Measurement It can be used depending on the purpose. The Qubit State transmitted at this time It is a superposition state of Qubit Basis and generally It can be expressed as. In this case, the Qubit Basis is class and α and β are Probability Amplitudes, and It has a relationship. The method of transmitting Qubit State generated in a Quantum Processor can be by converting it into Photon and transmitting it directly, or by performing quantum teleportation based on an Entanglement Source shared between the transmitting and receiving ends in advance.

[0313] A Quantum Network is a medium that enables the exchange of quantum states between two physically separated quantum processors. The components constituting a Quantum Network include Quantum Channels, where quantum states are exchanged; Quantum Repeaters, which connect these channels; and Quantum Processors, which serve as the entities responsible for information exchange. Quantum Channels can be constructed through physical channels that transmit target Qubits based on Photons, and through Entanglements shared by two nodes. In this process, intermediate nodes, such as Quantum Repeaters or Trusted Nodes, may be introduced to transmit quantum information between nodes that do not directly share an Entanglement. The group of Quantum Network technologies, serving as infrastructure support technologies for Quantum Communication, includes Quantum Resource Allocation (QRA) technologies for forming Quantum Channels, as well as user authentication (e.g., Quantum Authentication) and data authentication (Quantum Signature) technologies that provide security between transmitting and receiving nodes.

[0314] Here, quantum cryptography refers to a communication method in which the exchange of secret cryptographic keys is securely performed between spatially separated senders and receivers, and encrypted communication is conducted between the senders and receivers using the exchanged secret keys. Additionally, direct quantum communication refers to a communication method in which classical message information to be transmitted is securely shared directly through a quantum channel. Furthermore, quantum teleportation refers to a communication method in which quantum information itself is shared through a quantum entanglement channel.

[0315] Below, we will explain the characteristics of quantum information that form the basis of quantum communication, quantum cryptography, direct quantum communication, quantum teleportation, and other technologies related to quantum communication.

[0316]

[0317] Characteristics of quantum information

[0318] Since quantum communication is a means of transmitting quantum information, this section examines the characteristics of quantum information. The quantum bit, or qubit, is used as the basic unit of information in quantum information systems. A quantum system is a linear system defined in Hilbert space, and a qubit can be represented using state vectors in Hilbert space.

[0319] (1) Superposition

[0320] A characteristic of quantum information compared to conventional digital information is that information can be superimposed. In conventional digital systems, the bit, the smallest unit for processing information, holds a value of one of two different states: '0' or '1'. On the other hand, a qubit can have multiple different states in Hilbert space and can exist in a superposition state where these different states overlap. A qubit is an orthogonally normalized basis state vector existing in Hilbert space. class It can be expressed as [Mathematical Formula 1] below using [...].

[0321]

[0322] Here, and In each case, when the qubits associated with a and b are measured, the qubit states after the measurement are respectively and It represents the probability of this occurring. As shown in the formula above, the state of information in a quantum system exists probabilistically, and even if two pieces of quantum information existing in two quantum systems of the same state are measured using the exact same method, the results may differ. In other words, since quantum information in a quantum system is composed of probabilities, the result of a measurement cannot be accurately predicted. The moment a qubit is measured, it collapses into one of its superposition states. That is, before a qubit is measured, it exists in a superposition of 0 and 1, but the moment it is measured, the qubit's state becomes fixed as either 0 or 1. Furthermore, once a qubit is measured, its state cannot return to the state prior to the measurement.

[0323] (2) Entanglement

[0324] Another characteristic of quantum information is entanglement, a property that plays a crucial role in differentiating quantum systems from classical information. Entanglement refers to a state where the results of different observations are closely related to one another. The entangled state in a quantum system acts more strongly than any correlation existing in classical mechanics. Two qubits can be represented in Hilbert space as a superposition of four fundamental quantum states. Here, the aforementioned four fundamental quantum states are It includes. The fundamental quantum states of two qubits can be represented through tensor operations on the fundamental states of individual qubits. When the states of two qubits cannot be represented by the tensor product of a single qubit, such qubit states are called entangled states. As representative examples of entangled qubits, there are four cases referred to as EPR (Einstein-Podolsky-Rosen) states, which are as shown in [Equation 2] below.

[0325]

[0326] The above EPR state is also called the Bell state, and in each qubit, the measurement result of the preceding qubit always affects the measurement of the following qubit. Furthermore, each Bell state is orthogonal to other Bell states.

[0327] (3) Non-cloning property

[0328] The non-copyable characteristic means that qubit information cannot be copied in a closed quantum information system. For example, assuming two memories capable of storing bit information in a conventional information system, the first memory stores arbitrary bit information 'a' having a value of either 0 or 1, and the second memory is initialized to '0'. In the case of a conventional information system, the state of the two memories can be changed from 'a0' to 'aa' through a copy operation. Conversely, assuming two memories capable of storing qubit information in a quantum information system, the first memory is It is initialized to, and the second memory is It is initialized to. In the case of a quantum information system, the memory state is ' 'at ' It cannot be copied. Due to this characteristic, it is impossible to implement copy-based iteration codes for error correction code design in quantum information systems.

[0329] (4) Continuity of errors

[0330] In conventional information systems, information consists of '0' and '1', and errors are represented when '0' changes to '1' or '1' changes to '0'. Qubit It can be thought of as a single point existing on the surface of a Bloch sphere; when an error occurs in a qubit in a conventional information system, it is called a bit flip error. Such an error means that the value of 'a' changes to the value of 'b', which implies that when measuring a qubit, the measurement probability has changed from the initial value due to the error. Other forms of errors different from those in conventional information systems include class There is a phase flip error in which the phase between them changes by 180 degrees. Since all points on the sphere where qubits exist exist continuously, errors in quantum information systems have a continuous nature, which means that in addition to bit flip errors and phase flip errors, the quantum state can change to any point on the sphere.

[0331] FIG. 22 is a diagram illustrating an example of three basic properties of quantum information that can be used for information communication in a system applicable to the present disclosure.

[0332] Among the characteristics of quantum information described above, the three properties of quantum information that can be used in information communication can be summarized as shown in Fig. 22.

[0333] (5) Decay of quantum information by measurement

[0334] Quantum information exists probabilistically, and at the moment of measurement, it decays into the ground state and cannot be restored to the state prior to measurement. FIG. 22 is a diagram illustrating the process of measuring quantum information by a measurement operator. In FIG. 22, the quantum information after measurement is the probability |a| 2 and |b| 2 Depending on this, it decays into one of the base states that constitute the information. The decayed information does not contain the information of 'a' or 'b' and cannot return to the state prior to measurement. From the perspective of quantum error correction codes, in order to apply quantum error correction codes in a quantum information system, codewords must be generated without measuring the information during the process of encoding and restoring the information, or without measurements that would alter the information, and the information must be restored from errors that occurred in the channel.

[0335]

[0336] quantum cryptography communication

[0337] As previously explained, quantum cryptography communication refers to a method in which secret cryptographic keys are exchanged between spatially separated senders and receivers, and encrypted communication is performed between them using the exchanged secret keys. In next-generation communication technologies, the security of information may be treated as more important than the transmission speed or efficiency of information transmission. Information protection aims to ensure that the original information cannot be identified even if it is exposed; to achieve this objective, encryption and decryption technologies, represented by encryption key generation and management technologies, are utilized, and quantum cryptography can be applied to these encryption and decryption processes. More specifically, quantum communication refers to the process of transmitting information contained in a quantum state from a sender to a receiver. In this case, the information contained in the quantum state may be binary digital information consisting of 0 or 1, or information in which 0 and 1 are superimposed. In particular, in the case of quantum communication where binary information of 0 and 1 is transmitted in a quantum state, if someone intercepts the binary information transmitted from the sender to the receiver, the receiver immediately recognizes the presence of the interceptor, and based on this immediate recognition of the interceptor, the receiver can stop the communication and take appropriate measures to avoid interception. Quantum cryptography is the application of these characteristics of quantum communication to the transmission of cryptographic keys, and reflecting the characteristic that the sender and receiver share the cryptographic key generated by applying the characteristics of quantum communication to the transmission of cryptographic keys, the above method can be referred to as Quantum Key Distribution (QKD).

[0338] Below, we will examine the protocol for quantum cryptographic key distribution and the post-processing steps for quantum key distribution.

[0339] (1) Quantum Key Distribution Protocol (QKD protocol)

[0340] Conventional cryptographic systems are based on the computational complexity of prime factorization algorithms; therefore, if an eavesdropper using a quantum computing device—which offers significantly faster processing speeds than conventional computing devices—is present, there is a risk of cryptographic keys being exposed due to eavesdropping during the key distribution process. Since quantum key distribution methods are based on the quantum uncertainty principle, the risk of cryptographic keys being intercepted by an eavesdropper can be completely eliminated. In the case of quantum information, quantum bits (qubits) are used as the unit of information, and when implementing quantum key distribution, qubits for distribution are realized using single photons. Photons have the advantage of being highly suitable for long-distance communication as they interact almost exclusively with each other.

[0341] The BB84 protocol, one of the representative quantum cryptography key distribution protocols, is constructed based on the uncertainty principle. Therefore, according to the BB84 protocol, if the information transmitted by the sender (Alice) to the receiver (Bob) during the key distribution process is intercepted by an eavesdropper (Eve), traces of the interception will remain in the information received by the receiver (Bob), and through this, the receiver (Bob) can know that the information has been intercepted.

[0342] The general operation of the BB84 protocol is as follows.

[0343] 1) The transmitting end (Alice) determines two random bit sequences related to bit information and polarizer information, respectively. At this time, the polarization results of the bits according to the polarizer are as shown in Table 3 below, and the correspondence relationship of the types of polarizers for the bits constituting the random bit sequence related to the polarizer information is as shown in Table 4. That is, referring to Table 4, when the bit at a specific position constituting the random bit sequence related to the polarizer information is 1, among the bits constituting the random bit sequence related to the bit information, the specific bit included in the random bit sequence related to the bit information corresponding to the bit at the specific position can be polarized by a diagonal polarizer.

[0344] Cross diagonal 0- / 1|\

[0345] 0 cross shape 1 diagonal

[0346] 2) Based on two determined random bit sequences, the transmitting end polarizes the bit sequence associated with the bit information onto a polarizing plate determined based on the bit sequence associated with the polarizing plate information, and transmits the acquired polarized photons to the receiving end (Bob). 3) The receiving end (Bob) measures the photons transmitted from the transmitting end (Alice) using an arbitrary polarizing plate. At this time, some of the photons transmitted by the transmitting end (Alice) may be lost due to factors such as noise in the quantum channel, and accordingly, the receiving end (Bob) may not be able to receive some of the photons.

[0347] As described above, after the process of transmitting quantum information through the quantum channel is completed, the sender (Alice) and the receiver (Bob) perform a post-processing step to share the same secret key through the public channel.

[0348] 4) The receiver (Bob) transmits information to the transmitter (Alice) about which photon it has received and also provides information about the polarizing plate at that location. At this time, the transmitter (Alice) also provides information about the polarizing plate at the location corresponding to the photon received by the receiver (Bob).

[0349] 5) Based on the polarizing plate information exchanged between them, the transmitter (Alice) and the receiver (Bob) obtain bit values ​​corresponding to bit positions where the same polarizing plate is used. The receiver (Bob) discloses only some of the obtained bit values ​​to the transmitter (Alice). If the sequence disclosed by the receiver (Bob) is the same as the bit value transmitted by the transmitter (Alice), the remaining sequence not disclosed by the receiver (Bob) is used as a secret key. Here, if the same polarizing plate is used for photon transmission by the transmitter (Alice) and photon reception by the receiver (Bob), respectively, the information transmitted by the transmitter (Alice) and the information received by the receiver (Bob) will be the same. If the information transmitted by the transmitting end (Alice) and the information received by the receiving end (Bob) differ even though the same polarizer was used for photon transmission by the transmitting end (Alice) and photon reception by the receiving end (Bob), it can be determined that eavesdropping has occurred based on the ratio of the information with different values ​​among all information for which the same polarizer was used.

[0350] (2) Post-processing of quantum key distribution

[0351] The post-processing of quantum key distribution is a process that resolves discrepancies between the sender and receiver's cryptographic keys caused by eavesdropping attacks or imperfections in the quantum channel and quantum detection device. Through this post-processing, identical key information between the sender and receiver is guaranteed, while simultaneously minimizing the correlation between exposed information and key information to prevent eavesdroppers from inferring key information from the exposed data. This post-processing consists of information reconciliation, privacy amplification, and authentication.

[0352] 1) Information correction

[0353] Information correction is a process that resolves discrepancies between a sender and receiver caused by various factors, ensuring that they possess identical information. In other words, it is identical to the error correction process in mobile communications that rectifies errors in receiver information. However, unlike conventional mobile communications where information is pre-encoded for error correction, correction is performed through additional information transmission after the encryption key transmission between the sender and receiver is completed. Since this additional information transmission takes place via a public channel with a zero error rate—similar to a typical internet environment—a problem may arise where a certain amount of information is exposed to eavesdroppers; therefore, protocols exist to address this issue. A representative example of an information correction protocol is the Cascade protocol, which consists of binary search and traceback algorithms and is characterized by being executed iteratively over multiple stages.

[0354] 2) Amplification of secrecy

[0355] Confidentiality amplification is a process that reduces the correlation between the information possessed by an eavesdropper and the cryptographic key information. As previously explained, a certain amount of information is exposed to the eavesdropper during the information correction process used to rectify errors in the cryptographic key. In other words, since an eavesdropper can obtain a certain amount of information regarding the cryptographic key, the amount of exposed information is removed from the key data to ensure perfect security. Because the additional information used to correct errors during the information correction process for the cryptographic key shared between the sender and receiver is exposed to the eavesdropper, only a portion of the key retains perfect secrecy. Therefore, confidentiality amplification can also be understood as a process of refining information so that the cryptographic key shared between the sender and receiver can maintain perfect secrecy. A representative example of confidentiality amplification is Universal Hashing, which operates based on the property that for any two different input values ​​x and y, the probability g(x) = g(y) is maximized (where m is the size of the hash function range). The characteristics of universal hashing can significantly reduce the probability that an eavesdropper can guess the encryption key.

[0356] 3) Certification

[0357] Authentication is not a process unique to quantum key distribution, but is necessary to counter man-in-the-middle attacks by eavesdroppers. A man-in-the-middle attack occurs when an eavesdropper intercepts information transmitted by a sender, alters it, and re-transmits the altered information to the receiver. Due to man-in-the-middle attacks, the receiver must verify that the received information was sent from the correct sender. To this end, a hash function is predefined between the sender and receiver, and the sender uses this hash function to generate a hash tag for the cryptographic key and transmits it to the receiver along with the key. Subsequently, the receiver inputs the received cryptographic key into its own hash function and checks if the generated hash tag matches the hash tag transmitted by the sender, thereby confirming that the sender is the legitimate sender. The authentication process is performed concurrently with all post-processing steps of key distribution; specifically, information transmission between the sender and receiver proceeds alongside authentication during the information correction and secret amplification processes.

[0358]

[0359] Quantum Direct Communication (QDC)

[0360] Quantum Direct Communication shares similarities with Quantum Key Distribution (QKD), which is used as a 4 / 5G secure communication technology, in that it is a technique for securely transmitting classical message information. However, while QKD is a method of sharing symmetric secret key information, which is necessary to securely transmit message information sent over a classical channel, between the sender and receiver via a quantum channel using the quantum mechanical property of being unclonable, QDC differs in that it is a method of sharing classical message information to be transmitted directly via a quantum channel, rather than a secret key.

[0361] Quantum secure direct communication (QSDC) is a group of QDC technologies that has the advantage of ensuring high security by not generating leakage information related to transmitted information, and can be broadly classified into DL04 QSDC and Two-step QSDC techniques that use a single photon light source and an entangled light source, respectively.

[0362] (1) DL04 QSDC protocol

[0363] FIG. 23 is a diagram illustrating an example of the DL04 QSDC protocol in a system applicable to the present disclosure.

[0364] Specifically, FIG. 23 is a diagram showing an example of the protocol of a single-photon-based DL04 QSDC technique and the overall process of operations performed in said protocol.

[0365] The single-photon-based DL04 QSDC technique is a method for directly transmitting a message (information) to be transmitted through a quantum channel, and 1 bit of classical information per photon can be transmitted. Referring to Fig. 23, the DL04 QSDC protocol in which the DL04 QSDC technique is performed can be composed of a transmitting and receiving end (Alice, Bob), a quantum channel, and a classical channel.

[0366] 1) The receiver (Bob) constructs a single-photon train based on polarization information. Each single photon included in the constructed single-photon train is It can be generated randomly as one of the four states.

[0367] Here, the generated single-photon train is used by the receiver (Bob) to transmit information about the initial quantum state to the transmitter (Alice).

[0368] 2) Next, the receiver (Bob) transmits information about the initial quantum state based on the generated single-photon train to the transmitter (Alice). At this time, some of the information about the initial quantum state can be used to estimate the Quantum bit error rate (QBER).

[0369] 3) Subsequently, the receiver (Bob) transmits position information to the transmitter (Alice) via a classical channel to be used for QBER estimation, and the transmitter (Alice) performs measurements by randomly selecting an orthogonal or diagonal basis for some of the information used for QBER estimation based on the position information among the single photons included in the received single photon train. At this time, the transmitter (Alice) transmits measurement information regarding the basis used for measurement and the value of the measured information to the receiver (Bob), and the receiver (Bob) calculates the QBER by comparing the received information with the information it initially generated, and determines whether eavesdropping has occurred, only for the information among the received information where the same basis is used. If the QBER value is higher than the threshold value for determining eavesdropping, the receiver (Bob) determines that the quantum channel is unsafe and stops communication. Conversely, the receiver (Bob) can perform subsequent operations.

[0370] 4)-5) If the transmitting end (Alice) determines, based on the QBER estimation result, that there is no eavesdropper, it encodes the message (information) to be transmitted based on the remaining single-photon sequence, excluding the single-photon used for QBER estimation from the total single-photon sequence received in step 2). Here, the encoding can be performed through an identity operation denoted by I, which causes no change, when the information contained in the message is 0, and through a unitary operation defined by U when the information is 1. The unitary operation It may include.

[0371] 6) Next, the transmitter (Alice) transmits the encoded single-photon sequence to the receiver (Bob). Here, the receiver (Bob) measures each single photon using the same basis information as the initial measurement basis to read a message (information) from the transmitted single-photon sequence. Some of the information from the same basis information as the initial measurement basis is used for QBER estimation, and the receiver (Bob) can receive the position of the photon and the value of the encoding bit to be used for QBER estimation from the transmitter (Alice) over a public channel.

[0372] 7)-8) The receiver (Bob) can determine the values ​​of parameters to be used for decoding based on the measured QBER value and perform decoding on the received message.

[0373] Through steps 1) to 8) above, the QSDC technique can safely transmit message information generated at the transmitting end to the receiving end through a quantum channel. That is, the transmitting end performs QBER estimation on the initial state generated by the receiving end, and based on the QBER estimation, can verify whether the initial state is safe from eavesdroppers; thus, message information can be encoded in an initial state that is guaranteed to be safe from eavesdroppers. Therefore, even if an eavesdropper exists in the backward quantum channel, an eavesdropper who does not know the value of the initial state cannot obtain meaningful message information from the encoded message even if they intercept it, and thus security can be guaranteed.

[0374] The single-photon-based QSDC technique described in Fig. 23 can enable communication with high security without using a quantum secret key, but it has limitations in that it only allows the transmission of classical information at a rate of 1 bit per photon, and the maximum data rate cannot exceed the maximum detection speed of the single photon detector (SPD) due to the dead time of the SPD. In a quantum information transmission system, the transmitter typically generates a quantum state to be transmitted based on the properties (characteristics) of the photon, attenuates the signal to the single-photon level through a signal attenuator (VOA), and transmits it to the receiver over a quantum channel. Here, the properties (characteristics) of the photon may include polarization, phase, time information, etc. The receiver detects the signal transmitted by the transmitter using a single-photon detector. At this time, information transmitted via photons may not be fully detected at the receiver due to various factors, and loss may occur. These various factors may include channel-related losses and the low measurement accuracy of the SPD. In particular, if the signal generation rate from the light source (LD) exceeds the maximum signal detection rate from the detector, the loss of the received signal may increase further. Such loss of the received signal may be caused by dead time, which is the time required for the SPD to return to a ready state to detect the next signal (photon) after detecting a signal at a specific point in time. More specifically, the dead time refers to the time during which no signal is detected by the SPD while the detector is turned off and recharged, following the occurrence of avalanche breakdown based on the generation and emission of numerous electrons and holes caused by the influx of light.

[0375] (2) Two-step QSDC protocol

[0376] FIG. 24 is a diagram illustrating an example of a two-step QSDC protocol in a system applicable to the present disclosure.

[0377] Two-step QSDC is a technique derived from super dense coding as shown in Fig. 24, which uses four types of single entangled photons (EPR-pairs) of [Equation 3] below to safely transmit 2 bits of classical information.

[0378]

[0379] Superdensity coding is a technique that enables the transmission of classical information using quantum communication. When using superdensity coding, a transmitter can send 2 bits of classical information to a distant receiver via a quantum channel using a single qubit. When using superdensity coding, it is assumed that the transmitter possesses the first qubit in the entangled state, and the receiver possesses the second qubit in the entangled state. There are four possible cases for the qubit that the transmitter intends to transmit: '00', '01', '10', and '11'. For these four cases, the transmitter performs qubit operations (expressed in the form of I, Z, X, and iY) corresponding to each of the four cases on the entangled qubit it possesses, and then transmits the information through the quantum channel. Each operation performed by the transmitter can be understood as serving to transform the entangled state shared by the transmitter and receiver into a different basis that is orthogonal to each other. The receiving end measures the received qubit and the qubit it owns (the second qubit in the entangled state) to recover the 2 bits of information transmitted by the transmitting end.

[0380] In FIG. 24, SR (Storage lines) 1 to 4 are optical delay lines that serve as quantum memory, CE (Checking Eavesdropping) 1 and 2 check for the presence of an eavesdropper, CM (Coding Message) encodes classical message information to be transmitted from the transmitter (Alice) to the receiver (Bob), EPR- source generates an entangled light source, and Bell state measurement measures entangled photon pairs.

[0381] In two-step QSDC, unlike super dense coding, entangled photon pairs are not transmitted all at once to ensure security, but are divided into two stages and transmitted through an upper quantum channel and a down quantum channel. Since eavesdropping on an entangled light source requires knowing the information from both sides of the entangled photon pair to determine the transmitted information through measurement, the two-step technique uses a method in which one side of the entangled photon pair is sent first to verify security against eavesdropping, and only when security is guaranteed is the message information to be sent coded into the remaining part of the photon pair and transmitted.

[0382] Internet Protocol Security (IPSec)

[0383] From a Network Layer perspective, a tunneling protocol called IPSec (IP Security, Internet Protocol Security) is utilized to establish a secure connection between two nodes. IPSec is an Internet Protocol suite for secure communication that encrypts and authenticates each IP packet of a communication session. This security is achieved by authenticating and encrypting individual IP packets within the communication session. IPSec includes protocols for establishing mutual authentication between agents at the start of a session or for negotiating encryption keys to be used during session formation. IPSec is used to protect data flow between a pair of hosts (Host and host), between security gateways (Network and Network), and between a security gateway and a host (Network and Host). IPSec is configured by distinguishing between Transport Mode and Tunnel Mode, which are secure connections operating based on encryption and authentication, and the Internet Key Exchange (IKE) procedure, which serves as the key exchange process for establishing an IPSec connection.

[0384] Internet Key Exchange (IKE)

[0385] FIG. 25 is a diagram illustrating an example of an IKEv2 (Internet Key Exchange Version 2) procedure in a system applicable to the present disclosure.

[0386] Internet Key Exchange (IKE) is a key exchange procedure that manages IPSec connection settings, utilizing IKEv2 (Internet Key Exchange Version 2) defined in IETF RFC 7296. IKEv2 is a Network Layer secure connection setup that enhances security while reducing the number of message exchanges compared to the IKEv1 (RFC2409) procedure. The IKEv2 procedure can be summarized and diagrammed as shown in Figure 25.

[0387] (1) Stage 1: IKE_SA_INIT Request / Response

[0388] (1-1) The Initiator sends an IKE_SA_INIT Request to the Responder to initiate negotiation for security settings.

[0389] (1-1-1) The IKE_SA_INIT request contains the IKE Header and SA1 i , KE i , Nonce i It is included and transmitted.

[0390] (1-1-2) The IKE Header consists of Initiator SPI, Responder SPI, Next Payload, Major Version, Minor Version, Exchange Type, Flags, Message ID, and Length.

[0391] FIG. 26 is a diagram illustrating an example of the structure of an Internet Key Exchange (IKE) header in a system applicable to the present disclosure.

[0392] (1-1-2-1) Initiator SPI (64 bits): A value chosen by the initiator to identify a unique IKE security association (SA).

[0393] (1-1-2-1) Responder SPI (64 bits): A value chosen by the responder to identify a unique IKE SA.

[0394] (1-1-2-1) Next Payload (8 bits): Indicates the type of the first payload in the message.

[0395] (1-1-2-1) Major Version (4 bits): Indicates the major version of IKE in use.

[0396] (1-1-2-1) Minor Version (4 bits): Indicates the minor version in use.

[0397] (1-1-2-1) Exchange Type (8 bits): Indicates the type of exchange.

[0398] (1-1-2-1) Flags (8 bits): Indicates specific options set for this IKE exchange. Three bits have been defined so far. The initiator bit indicates whether this packet is sent by the SA initiator. The version bit indicates whether the transmitter is capable of using a higher major version number than the one currently indicated. The response bit indicates whether this is a response to a message containing the same message ID.

[0399] (1-1-2-1) Message ID (32 bits): Used to control retransmission of lost packets and matching of requests and responses.

[0400] (1-1-2-1) Length (32 bits): Length of total message (header plus all payloads) in octets.

[0401] (1-1-3) SA1 iIt includes a Proposal Number, a protocol ID (AH, ESP, or IKE), an indicator of the number of transforms, and a transform substructure for negotiating security settings to be used in IPSec.

[0402] (1-1-4) KE i It includes parameters for the key exchange method to generate a Session Key.

[0403] (1-1-4-1) For example, it can be an element parameter of the Oakley, Diffie Hellman, or RSA method.

[0404] (1-1-4-2) In the case of IKEv2 Diffie Hellman, it includes the Diffie Hellman group number, public key information, and private key operation information based on a pre-agreed operation.

[0405] (1-1-5) Nonce i It contains arbitrary data to prevent replay attacks. This information is not reused.

[0406] (1-2) The Responder sends an IKE_SA_INIT Response to the Initiator to complete the negotiation for security settings.

[0407] (1-2-1) The IKE_SA_INIT Response contains the IKE Header and SA1 r , KE r Nonce r It is included and transmitted.

[0408] (1-2-2) The configuration of the IKE_SA_INIT Response is defined in a similar way to the configuration of the IKE_SA_INIT Request.

[0409] (1-2-2-1) Based on the IKE_SA_INIT Request information from the Initiator, send the security method and parameters to be used for security settings to the Initiator.

[0410] (1-2-2-2) At this stage, a CERTREQ may be transmitted depending on the situation, and a CERTREQ is a message requesting the transmission of a Certificate in the next stage.

[0411] (2) Stage 2: IKE_AUTH Request / Response

[0412] (2-1) The Initiator sends an IKE_AUTH Request to the Responder to perform user authentication.

[0413] (2-1-1) Once the IKE_SA_INIT exchange of Stage 1 is complete, subsequent procedures can be encrypted. However, since authentication of the counterparty has not yet been performed, it is used to authenticate the counterparty and create an IPSec SA.

[0414] (2-1-1-1) The IKE_AUTH request includes the IKE Header and ID i , AUTH i , SA2 i , TS i , TS r ...is included. In this case, CERT i and ID r It may be optionally included.

[0415] (2-1-1-2) The IKE Header consists of Initiator SPI, Responder SPI, Next Payload, Major Version, Minor Version, Exchange Type, Flags, Message ID, and Length.

[0416] (2-1-1-3) ID i and ID rIt is information for identification between peers, and generally includes an IPv4 or IPv6 ID Data Field.

[0417] (2-1-1-4) AUTH i It contains data for Message Authentication. Authentication Method Types used include RSA Digital Signature, Shared-key Message Integrity Code, and DSS Digital Signature.

[0418] (2-1-1-5) SA2 i It includes a Proposal Number, a protocol ID (AH, ESP, or IKE), an indicator of the number of transforms, and a transform substructure for second-negotiating security settings to be used in IPSec.

[0419] (2-1-1-6) TS i , TS r It is a payload that allows verification of the packet flow of the IPSec secure connection service, and includes the TS Type, IP protocol ID, Selector Length, Start Port, End Port, Starting Address, and Ending Address. Security configuration via IKE enables secure connections only for agreed-upon traffic types.

[0420] (2-1-1-7) CERT i is a Public Key Certificate that includes a Certificate Encoding Field and may include the following Certificate Type or related information.

[0421] (2-1-1-7-1) PKCS #7 wrapped X.509 certificate

[0422] (2-1-1-7-2) PGP certificate

[0423] (2-1-1-7-3) DNS signed key

[0424] (2-1-1-7-4)

[0425] (2-1-1-7-5) X.509 certificate-key exchange

[0426] (2-1-1-7-6) Kerberos tokens

[0427] (2-1-1-7-7) Certificate Revocation List (CRL)

[0428] (2-1-1-7-8) Authority Revocation List (ARL)

[0429] (2-1-1-7-9) SPKI certificate

[0430] (2-2) The Responder performs user authentication by sending an IKE_AUTH Response to the Initiator.

[0431] (2-2-1) The IKE_AUTH Response Message can be configured in the same way as the IKE_AUTH Request Message.

[0432] FIG. 27 is a drawing illustrating an example of an IKE Notify Message in a system applicable to the present disclosure.

[0433] In the entire above procedure, a Notify Payload may be transmitted, and the Notify Payload includes an Error in the IKE procedure or Status Information on SA Negotiation through the IKE procedure. For example, an IKE Notify Message can be organized as shown in FIG. 27.

[0434]

[0435] The symbols / abbreviations / terms used in this disclosure are as follows.

[0436] - DLP: Discrete Logarithm Problem

[0437] - RSA: RIVEST-SHAMIR-ADLEMAN

[0438] - ECC: Elliptic Curve Cryptography

[0439] - DH: Diffie-Hellman

[0440] - IPSec: Internet Protocol Security

[0441] - IKE: Internet Key Exchange

[0442] - KE: Key Exchange

[0443] - SPI: Security Parameter Index

[0444] - SA: Security Association

[0445] - DSS: Digital Signature Services

[0446] - QBER: Quantum Bit Error Rate

[0447]

[0448] Technical problem to be solved in the present disclosure

[0449] A secure connection can be established through the Internet Key Exchange (IKE) procedure for IPSec connection setup in Network Layer Security. The Symmetric Key exchanged between peers through the IKE procedure is subsequently used as the encryption key for encrypted communication. At this time, the Diffie-Hellman key exchange procedure is used to exchange the Symmetric Key, and the Diffie-Hellman method is based on the Discrete Logarithm Problem (DLP). While the result of the computation using this Discrete Logarithm Problem is obtained relatively easily, the information used in the computation is a mathematical concept that is difficult to obtain. Therefore, when constructing a Symmetric Key, the goal is to ensure that two peers share the same key through the exchange of limited information, while preventing the inference of the Symmetric Key shared by the two peers based on that limited information.

[0450] However, due to advancements in Quantum Computers and Quantum Algorithms, systems using the aforementioned DLP may be threatened in terms of security. It is theoretically known that encryption methods based on RSA (RIVEST-SHAMIR-ADLEMAN), ECC (Elliptic Curve Cryptography), or DH (Diffie-Hellman), which are generally utilized in DLP-based security systems, can be deciphered within the validity period through the parallel operation of the Shor Algorithm. In the case of RSA 2048-bit integers, it is possible to factor them within 8 hours using 20 million noisy qubits ["How to factor 2048-bit RSA integers in 8 hours using 20 million noisy qubits" Quantum 5,433 (2021)], and a study analyzing that factoring is possible within 177 days using only 13,436 qubits based on multi-parallel quantum memory ["Factoring 2048-bit RSA Integers in 177 Days with 13,436 Qubits and a Multimode Memory" PRL, (2021)] has been published. The collapse of DLP-based encryption systems by such Quantum Algorithms poses a serious threat to security communication systems based on DLP.

[0451] To prevent such security threats, a method is required to address the threats posed by Quantum Algorithms. Although Post-Quantum Cryptography (PQC) technology has recently emerged, all systems based on computational complexity inevitably face the risk of being threatened by the appearance of new Quantum Algorithms. Furthermore, transitioning to a new security system can entail a significant technical burden to apply the new security technology across all devices. Similarly, as PQC is a security method based on computational complexity, it cannot achieve physical security. Therefore, even if real-time leakage does not occur, an attacker can subsequently perform a Plaintext Attack through a Harvest-Now-Decrypt-Later (HNDL) Attack.

[0452] The present disclosure proposes a Quantum Security-based Internet Key Exchange (IKE) procedure that achieves physical security by configuring a Quantum Key Distribution based on the No-cloning Theorem.

[0453]

[0454] Composition of various embodiments of the present disclosure

[0455] The present disclosure proposes a Quantum Security system that enables physical security based on quantum properties when performing key exchange in an Internet Key Exchange (IKE) procedure for an IPSec Connection.

[0456] The purpose of the proposed technology is to: 1. be able to verify the presence or absence of an attacker through inspection of the quantum channel; 2. ensure that there is no leakage of the transmitted Key or Key components by making repeated measurement impossible through the transmission of security information via the quantum state; and 3. make it impossible for a subsequent Plaintext Attack to be performed even against an attacker's Harvest-Now-Decrypt-Later (HNDL) Attack based on the coherent time characteristics of the quantum.

[0457] In the proposed technology, Quantum Security additionally operates in the IKE procedure for IPSec Connection.

[0458]

[0459] 2.1. Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE)

[0460] FIG. 28 is a diagram illustrating an example of a signal flow diagram of a 1-way QKD-based IKE system in a system applicable to the present disclosure.

[0461] In this invention, an IKE system based on 1-way Quantum Key Distribution (QKD) is proposed among Quantum Security systems that enable physical security based on quantum characteristics when performing key exchange in the Internet Key Exchange (IKE) procedure for an IPSec Connection.

[0462] The signal flow of the proposed 1-way QKD-based IKE system is diagrammed as shown in Fig. 28.

[0463] (1) Stage 1: IKE_SA_INIT Request / Response

[0464] (1-1) The Initiator sends an IKE_SA_INIT Request to the Responder to initiate negotiation for security settings.

[0465] (1-1-1) The IKE_SA_INIT Request is transmitted with the IKE Header, SA1i, KEi, and Noncei included.

[0466] FIG. 29 is a drawing illustrating an example of the structure of an IKE header in a system applicable to the present disclosure.

[0467] (1-1-2) The IKE Header consists of Initiator SPI, Responder SPI, Next Payload, Major Version, Minor Version, Exchange Type, Flags, Message ID, and Length. The configuration of IKE is diagrammed as shown in Figure 29.

[0468] (1-1-2-1) Initiator's SPI (8 octets) - A value chosen by the initiator to identify a unique IKE security association. This value MUST NOT be zero.

[0469] (1-1-2-2) Responder's SPI (8 octets) - A value chosen by the responder to identify a unique IKE security association. This value MUST be zero in the first message of an IKE Initial Exchange (including repeats of that message including a cookie) and MUST NOT be zero in any other message.

[0470] (1-1-2-3) Next Payload (1 octets) - Indicates the type of payload that immediately follows the header.

[0471] (1-1-2-3-1) The parameters of the Next Payload are as shown in [Table 5] below. Except for the parameters in 49-51 related to Quantum Security, the parameters follow RFC 7296.

[0472] Next Payload TypeNotationValueNo Next Payload0RESERVED1-32Security AssociationSA33Key ExchangeKE34Identification-InitiatorIDi35Identification-ResponderIDr36CertificateCERT37Certificate RequestCERTREQ38AuthenticationAUTH39NonceNi,Nr40NotifyN41DeleteD42Vendor IDV43Traffic Selector-InitiatorTsi44Traffic Selector-ResponderTSr45EncryptedE46ConfigurationCP47Extensible AuthenticationEAP48Quantum Key ExchangeQKE49Quantum Bit Error RateQBER50Quantum Key RefinementQKR51RESERVED TO IANA52-127PRIVATE USE128-255

[0473] (1-1-2-3-2) Quantum Key Exchange (QKE) is added to the Payload Type for Quantum Security. The Value is 49.

[0474] (1-1-2-3-2-1) If the next payload is QKE (49), it means there is no more payload in the Classical Channel. It also means that a Quantum Key exchange is performed through the Quantum Channel.

[0475] (1-1-2-3-3) Quantum Bit Error Rate (QBER) is added to the Payload Type for Quantum Security. The value is 50.

[0476] (1-1-2-3-4) Quantum Key Refinement (QKR) is added to the Payload Type for Quantum Security. The Value is 51.

[0477] (1-1-2-3-5) As mentioned above, the Value of the Payload Type may be defined as a different number. This means that, in order to be consistent with standard documents managed by the IANA (Internet Assigned Numbers Authority), it may be defined in a different order according to the standardization sequence.

[0478] (1-1-2-4) Major Version (4 bits) - Indicates major version of IKE in use. MUST set the Major Version to 2.

[0479] (1-1-2-5) Minor Version (4 bits) - Indicates minor version in use. MUST set the Major Version to 0.

[0480] (1-1-2-6) Exchange Type (8 bits): Indicates the type of exchange.

[0481] (1-1-2-6-1) The parameters of the Exchange Type are as shown in [Table 6] below.

[0482] Exchange TypeValueReserved0-33IKE_SA_INIT34IKE_AUTH35CREATE_CHILD_SA36INFORMATIONAL37IKE_SESSION_RESUME38GSA_AUTH39GSA_REGISTRATION40GSA_REKEY41Unassigned42IKE_INTERMEDIATE43IKE_FOLLWUP_KE44Unassigned45-239Private use240-255

[0483] (1-1-2-7) Flags (1 octet): Indicates specific options set for this IKE exchange. Three bits are defined so far. The initiator bit indicates whether this packet is sent by the SA initiator. The version bit indicates whether the transmitter is capable of using a higher major version number than the one currently indicated. The response bit indicates whether this is a response to a message containing the same message ID.

[0484] (1-1-2-7-1) 예를 들어, Response(R), Version(V), Initiator(I) - X X R V I X X X 와 같은 구조로 전송될 수 있다.

[0485] (1-1-2-8) Message ID (4 octets): Message Identifier used to control retransmission of lost packets and matching of requests and responses.

[0486] (1-1-2-9) Length (4 octets): Length of total message (header plus all payloads) in octets.

[0487] FIG. 30 is a drawing illustrating an example of the structure of an SA payload in a system applicable to the present disclosure.

[0488] (1-1-3) SA1 i The payload that the initiator sends to the responder to negotiate security settings to be used in IPSec is a payload corresponding to the payload type (33) that includes a proposal for security setting negotiation based on the Generic Payload Header. The configuration of the SA payload is diagrammed as shown in FIG. 30.

[0489] FIG. 31 is a drawing illustrating an example of a proposed structure for a generic payload header structure in a SA payload in a system applicable to the present disclosure.

[0490] (1-1-3-1) The SA Payload includes a Proposal Structure in the Generic Payload Header structure. The Proposal Structure is composed of a structure as shown in Fig. 31.

[0491] (1-1-3-1-1) The Proposal Structure includes the existence of the Proposal, Proposal Length, Proposal Number, Protocol ID, SPI Size, Number of Transforms, and Transform Structure.

[0492] (1-1-3-1-1-1) 0 (last) or 2 (1 octet): Last Proposal Structure이면 0, Proposal Structure가 더 있으면 2로 표시되어 Proposal의 존재 여부를 표시한다.

[0493] (1-1-3-1-1-2) RESERVED (1 octet) - MUST be sent as zero; MUST be ignored on receipt.

[0494] (1-1-3-1-1-3) Proposal Length (2 octets) - Length of this proposal, including all transforms and attributes that follow.

[0495] (1-1-3-1-1-4) Proposal # (1 octet) - When a proposal is made, the first proposal in an SA payload MUST be #1. subsequent proposals MUST either be the same as the previous proposal (indicating an AND) or one more than the previous proposal (indicating an OR).

[0496] (1-1-3-1-1-5) Protocol ID (1 octet) - Specifies the IPsec protocol identifier for the current negotiation.

[0497] (1-1-3-1-1-6) SPI Size (1 octet) - For an initial IKE_SA negotiation, this field MUST be zero; the SPI is obtained from the outer header.

[0498] Protocol IDValueReserved0IKE1AH2ESP3RESERVED TO IANA4-200PRIVATE USE201-255

[0499] (1-1-3-1-1-6) # of Transforms (1 octet) - Specifies the number of transforms in this proposal.

[0500] FIG. 32 is a drawing illustrating an example of a transform structure in a system applicable to the present disclosure.

[0501] (1-1-3-1-2) The Transform Structure includes the existence of the Transform, Transform Length, Transform Type, Transform ID, and Transform Attributes Structure, and is configured with a structure as shown in FIG. 32.

[0502] (1-1-3-1-2-1) 0 (last) or 3 (1 octet) - 0 if it is the last Transform Structure, and 3 if there are more Transform Structures to indicate the existence of Transforms.

[0503] (1-1-3-1-2-2) RESERVED (1 octet) - MUST be sent as zero; MUST be ignored on receipt.

[0504] (1-1-3-1-2-3) Transform Length (2 octets) - The length (in octets) of the Transform Substructure including Header and Attributes.

[0505] (1-1-3-1-2-4) Transform Type (1 octet) - The type of transform being specified in this transform. Different protocols support different transform types.

[0506] Transform TypeValueUsed InRESERVED0Encryption Algorithm (ENCR)1(IKE and ESP)Pseudo-random Function (PRF)2(IKE)Integrity Algorithm (INTEG)3(IKE, AH, optional in ESP)Key Exchange Method (KE)4(IKE, optional in AH & ESP)Extended Sequence Numbers (ESN)5(AH & ESP)Additional Key Exchange 1-7 (ADDKE 1-7)6-12(optional in IKE, AH, ESP)Quantum Security (QS)13(IKE)RESERVED TO IANA14-240PRIVATE USE241-255

[0507] (1-1-3-1-2-4-1) Quantum Security (QS) is added to the Transform Type for Quantum Security. The Value is 13.

[0508] (1-1-3-1-2-4-2) In the above, the Value of the Transform Type may be defined as a different number. This means that, in order to be consistent with standard documents managed by IANA (Internet Assigned Numbers Authority), it may be defined in a different order according to the order of standardization.

[0509] FIG. 33 is a diagram illustrating an example of a Transform ID defined for Transform Type 13 (Quantum Security) in a system applicable to the present disclosure.

[0510] (1-1-3-1-2-5) Transform ID (2 octets) - The specific instance of the transform type being proposed.

[0511] (1-1-3-1-2-5-1) For Transform Type 13 (Quantum Security), the defined Transform IDs are as shown in Figure 33.

[0512] (1-1-3-1-2-5-2) For Transform Type 13, Transform ID 1 represents Quantum Key Distribution (QKD), and Transform ID 2 represents Quantum Diffie Hellman (QDH).

[0513] (1-1-3-1-2-5-3) values ​​3-1023 are reserved to IANA. Values ​​1024-65535 are for private use among mutually consenting parties.

[0514] (1-1-3-1-2-5-4) Referred to as QKD and QDH above, but their names may be changed, and an ID may be added as the QKD method is added.

[0515] FIG. 34 is a drawing illustrating an example of a Transform Attributes Structure in a system applicable to the present disclosure.

[0516] (1-1-3-1-3) Transform Attributes Structure는 Attribute Format(AF)에 따라 도 34와 같은 구조로 구성된다.

[0517] (1-1-3-1-3-1) Each transform in a Security Association payload may include attributes that modify or complete the specification of the transform. The set of valid attributes depends on the transform.

[0518] (1-1-3-1-3-2) Attribute Format (AF) (1 bit) - Indicates whether the data attribute follows the Type / Length / Value (TLV) format or a shortened Type / Value (TV) format.

[0519] (1-1-3-1-3-2-1) AF=0이면 TLV Format이고, AF=1이면 TV Format이다.

[0520] (1-1-3-1-3-3) Attribute Type (15 bits) - Unique identifier for each type of attribute

[0521] Attribute TypeValueReserved0-13Key Length (in bits)14Reserved15-17Quantum Key Length (in bits)18Quantum Key Basis19RESERVED TO IANA20-16383PRIVATE USE16384-32767

[0522] (1-1-3-1-3-3-1) Quantum Security를 위한 Attribute Type에 Quantum Key Length (in bits)가 추가된다. Value는 18이다.

[0523] (1-1-3-1-3-3-2) Quantum Security를 위한 Attribute Type에 Quantum Key Basis가 추가된다. Value는 19이다.

[0524] (1-1-3-1-3-3-3) Values 0-13 and 15-17 were used in a similar context in IKEv1, and should not be assigned except to matching values.

[0525] (1-1-3-1-3-3-4) Types 20-16383 are reserved to IANA. Values 16384-32767 are for private use among mutually consenting parties.

[0526] (1-1-3-1-3-4) Attribute Value (variable length) - Value of the attribute associated with the attribute type. If the AF bit is a zero (0), this field has a variable length defined by the Attribute Length field. If the AF bit is a one (1), the Attribute Value has a length of 2 octets

[0527] (1-1-3-1-3-4-1) When Quantum Key Length or Quantum Key Basis is indicated in the Attribute Type for Quantum Security, the values ​​for that information can be transmitted to the Attribute Value.

[0528] (1-1-4) KE i The Initiator sends a payload containing parameters of the key exchange method for generating a Session Key to the Responder.

[0529] (1-1-4-1) The Key Exchange payload, denoted KE in this document, is used to exchange Diffie-Hellman public numbers as part of a Diffie-Hellman key exchange.

[0530] (1-1-4-2) The Key Exchange payload consists of the IKE generic payload header followed by the Diffie-Hellman public value itself.

[0531] FIG. 35 is a drawing illustrating an example of the structure of a KE payload in a system applicable to the present disclosure.

[0532] (1-1-4-3) The KE Payload can be configured as shown in FIG. 35. The detailed structure follows RFC 7296.

[0533] (1-1-5) Nonce i The Initiator sends a payload containing arbitrary data to prevent replay attacks to the Responder.

[0534] (1-1-5-1) The Nonce payload, denoted as Nonce i and Nonce r for the initiator's and responder's nonce, respectively, contains random data used to guarantee liveness during an exchange and protect against replay attacks.

[0535] (1-1-5-2) Nonce Data (variable length) - Contains the random data generated by the transmitting entity.

[0536] (1-1-5-3) The size of the Nonce Data MUST be between 16 and 256 octets, inclusive. Nonce values ​​MUST NOT be reused.

[0537] FIG. 36 is a drawing illustrating an example of the structure of a Nonce Payload in a system applicable to the present disclosure.

[0538] (1-1-5-4) The Nonce Payload can be configured as shown in FIG. 36. The detailed structure follows RFC 7296.

[0539] (1-2) The Responder sends an IKE_SA_INIT Response to the Initiator to complete the negotiation for security settings.

[0540] (1-2-1) The IKE_SA_INIT Response contains the IKE Header and SA1 r , KE r , Nonce r It is included and transmitted.

[0541] (1-2-2) The configuration of the IKE_SA_INIT Response is defined in the same way as the configuration of the IKE_SA_INIT Request.

[0542] (1-2-2-1) Based on the IKE_SA_INIT Request information from the Initiator, send the security method and parameters to be used for security settings to the Initiator.

[0543] (1-2-2-2) SA1 included in the IKE_SA_INIT Request Message r , KE r , Nonce r is SA1 i , KE i , Nonce i It consists of the same payload structure as .

[0544] (1-2-2-2-1) By sending the IKE_SA_INIT Response Message, the Initiator and Responder can obtain the same Symmetric Key through the Diffie-Hellman Key Exchange. This Symmetric Key can be used for the Encryption / Decryption of the Payloads of the subsequent IKE_AUTH Request / Response.

[0545] (1-2-3) In this step, a CERTREQ may be sent depending on the situation, and the CERTREQ is a payload requesting the transmission of a Certificate in the next step. The detailed structure follows RFC 7296.

[0546] (1-3) The Initiator sends a QKE Message (QKE Header and QKE to the Responder via Quantum Channel) i Transmits the Payload.

[0547] (1-3-1) SA1 in the Initiator's IKE_SA_INIT Request Message i Among the Proposals, the Transform Type includes Quantum Security and the Transform ID is QKD, and SA1 in the Responder's IKE_SA_INIT Response Message r If the Transform Type in the Proposal includes Quantum Security and the Transform ID is QKD, the Quantum Security-related Transform Attributes are matched through SA Negotiation, and the following additional procedure is performed.

[0548] (1-3-2) IKE Header or Last Payload (e.g., Nonce) in the Initiator's IKE_SA_INIT Request Message i If the Next Payload of ) is QKE, the Initiator sends the QKE Header and QKE to the Quantum Channel.

[0549] (1-3-2-1) If the Next Payload Field indicates QKE, it means there is no Next Payload through the Classical Channel. Therefore, Nonce i The Quantum Channel's QKE (Quantum Key Exchange) message can be indicated in the Next Payload Field of the Payload.

[0550] FIG. 37 is a drawing illustrating an example of the structure of a QKE header in a system applicable to the present disclosure.

[0551] (1-3-2-2) The QKE header of a QKE message transmitted over a Quantum Channel includes QK Length, QK Basis, and Quantum Seed. (QKE Message) The structure of the QKE header can be configured as shown in FIG. 37.

[0552] (1-3-2-2-1) QK (Quantum Key) Length indicates the length of the Initial Quantum Key of the QKE Payload, and QK Basis indicates the type of Quantum Basis used in the Initial Quantum Key. The above information may be transmitted in the Transform Attributes of the SA Payload, in which case the QK Length and QK Basis of the QKE Header may not be transmitted.

[0553] (1-3-2-2-2) Quantum Key Basis (2 octets) Parameter can be defined as shown in [Table 10] below.

[0554] Quantum BasisOrderValueReserved0Time / Phase21Time / Phase42Polarization23Polarization34Polarization45RESERVED TO IANA6-15

[0555] (1-3-2-2-2-1) Quantum Key Basis is a parameter that indicates the type of Quantum Basis and the order of the Basis that constitute the Initial Quantum Key of the QKE Payload.

[0556] (1-3-2-2-3) Quantum Seed is the Nonce received from the Responder r It is configured identically to the Payload's Nonce Data.

[0557] (1-3-2-2-3-1) A Quantum Seed can be composed of a Quantum State or an Optical Signal. In this case, the Optical Signal can be a Single Photon level Optical Signal or a Field composed of Multiple Photons.

[0558] (1-3-2-2-3-2) A Quantum Seed composed of an Optical Signal is not information requiring security, and the signal can be configured in a way agreed upon in advance between the transmitting and receiving ends.

[0559] (1-3-2-2-3-3) For example, ON / Off Keying (OOK) or Phase / Amplitude / Polarization Modulation methods may be used.

[0560] FIG. 38 is a drawing illustrating an example of the structure of a QKE payload in a system applicable to the present disclosure.

[0561] (1-3-2-3) QKE of the QKE Message transmitted over the Quantum Channel i The payload includes an Initial Quantum Key Stream.

[0562] (1-3-2-3-1) QKE i The Initial Quantum Key of the Payload is a sequence of quantum states consisting of random quantum states.

[0563] (1-3-2-3-2) A Random Quantum State is generated as one of the pre-determined Quantum States.

[0564] (1-3-2-3-2-1) For example, any Quantum State is randomly generated as one of four Quantum States (Polarization Basis with Basis order of 2):

[0565]

[0566] A stream of Initial Quantum Keys composed of (1-3-2-3-3) Random Quantum States is composed of a length defined by QK Length.

[0567] (1-4) The Responder receives the QKE Message (QKE Header and QKE from the Initiator via the Quantum Channel) i Receives the Payload.

[0568] (1-4-1) The Responder [uses] the QKE through the Quantum Basis indicated in the QK Basis of the QKE Header i Measure the Initial Quantum Key.

[0569] (1-4-2) The Responder selects a Qubit for the QBER Check from the measured Initial Quantum Keys.

[0570] (1-5) The Responder sends a QBER Message to the Initiator via the Classical Channel, and the QBER Message consists of an IKE Header, QBER r It consists of , Nr Payload. (QBER Message)

[0571] (1-5-1) The Next Payload of the IKE Header indicates QBER.

[0572] (1-5-2) The QBER Payload contains the QBER Check Length, QBER Check Threshold, Measurement Basis, QBER Check Index, and QBER Check Value, which are the information required for the QBER Check.

[0573] FIG. 39 is a drawing illustrating an example of the structure of a QBER payload in a system applicable to the present disclosure.

[0574] (1-5-2-1) The QBER Payload follows the Generic Payload Header structure and transmits the QBER Field. The QBER Payload has the structure shown in Fig. 39.

[0575] FIG. 40 is a drawing illustrating an example of a QBER structure in a system applicable to the present disclosure.

[0576] (1-5-2-2) The QBER Structure of the QBER Payload includes QBER Check Length, QBER Check Threshold, Measurement Basis, QBER Check Index, and QBER Check Value, and can be configured as shown in FIG. 40.

[0577] (1-5-2-2-1) QBER Check Length: Indicates the length of the Quantum State used for the QBER Check among the Initial Quantum Keys.

[0578] (1-5-2-2-2) QBER Check Threshold: Represents the Security Threshold for determining safety through the QBER Check.

[0579] (1-5-2-2-3) Measurement Basis: Represents the Measurement Basis information for the Initial Quantum Key of the receiver.

[0580] (1-5-2-2-4) QBER Check Index: Represents the index of the Quantum State used for the QBER Check among the Initial Quantum Keys.

[0581] (1-5-2-2-5) QBER Check Value: Represents the measurement result of the Quantum State used for the QBER Check among the Initial Quantum Keys.

[0582] (1-5-3) If the Next Payload of the QBER Payload is the Notify Payload, N r The payload is transmitted.

[0583] (1-5-3-1) If the Next Payload of the QBER Payload is 0, no additional payload is transmitted through the Classical Channel.

[0584] (1-5-4) N r The payload is a Notify payload that conveys transmission status information of the IKE Protocol, and the Responder conveys information about the status of the Classical Channel and Quantum Channel to the Initiator.

[0585] (1-5-4-1) The Notify Payload contains information about the error conditions and state transitions of the payloads transmitted through the Classical Channel and Quantum Channel.

[0586] FIG. 41 is a drawing illustrating an example of the structure of a Notify Payload in a system applicable to the present disclosure.

[0587] (1-5-4-2) Notify Payload는 Generic Payload Header 구조를 따르며, Protocol ID, SPI Size, Notify Message Type, SPI, Notification Data를 포함하고, 도 41과 같은 구조를 가진다.

[0588] (1-5-4-2-1) Protocol ID (1 octet) - If this notification concerns an existing SA whose SPI is given in the SPI field, this field indicates the type of that SA. For notifications concerning Child SAs, this field MUST contain either (2) to indicate AH or (3) to indicate ESP. Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS, REKEY_SA, and CHILD_SA_NOT_FOUND. If the SPI field is empty, this field MUST be sent as zero and MUST be ignored on receipt.

[0589] (1-5-4-2-2) SPI Size (1 octet) - Length in octets of the SPI as defined by the IPsec protocol ID or zero if no SPI is applicable. For a notification concerning the IKE SA, the SPI Size MUST be zero and the field must be empty.

[0590] (1-5-4-2-3) Notify Message Type (2 octets) - Specifies the type of notification message.

[0591] (1-5-4-2-3-1) Notify Message Error Types은 다음의 [표 11]과 같이 정의될 수 있다.

[0592] ValueNotify Message Error Type0Reserved1UNSUPPORTED_CRITICAL_PAYLOAD2-3Reserved4INVALID_IKE_SPI5INVALID_MAJOR_VERSION6Reserved7INVALID_SYNTAX8Reserved9INVALID_MESSAGE_ID10Reserved11INVALID_SPI12-13Reserved14NO_PROPOSAL_CHOSEN15-16Reserved17INVALID_KE_PAYLOAD18-23Reserved24AUTHENTICATION_FAILED25-33RESERVED34SINGLE_PAIR_REQUIRED35NO_ADDITIONAL_SAS36INTERNAL_ADDRESS_FAILURE37FAILED_CP_REQUIRED38TS_UNACCEPTABLE39INVALID_SELECTORS40UNACCEPTABLE_ADDRESSES41UNEXPECTED_NAT_DETECTED42USE_ASSIGNED_HoA43TEMPORARY_FAILURE44CHILD_SA_NOT_FOUND45INVALID_GROUP_ID46AUTHORATIATION_FAILED47STATE_NOT_FOUND48TS_MAX_QUEUE49INVALID_QUANTUM_KEY50INVALID_QUANTUM_SEED51QBER_UNACCEPTABLE52FAILED_QKR53-8191Unassigned8192-16383Private use

[0593] (1-5-4-2-3-1-1) INVALID_QUANTUM_KEY is added to the Notify Message Error Type for Quantum Security. The value is 49. This is the type to notify when the Initial Quantum Key of the QKE Payload received by the Responder is invalid.

[0594] (1-5-4-2-3-1-2) INVALID_QUANTUM_SEED is added to the Notify Message Error Type for Quantum Security. The value is 50. This is the type to notify when the Quantum Seed in the QKE Header received by the Responder is invalid.

[0595] (1-5-4-2-3-1-3) QBER_UNACCESPTABLE is added to the Notify Message Error Type for Quantum Security. The value is 51. This is a type that notifies when the result of a QBER Check exceeds the QBER Threshold, indicating a security issue with the Quantum Channel.

[0596] (1-5-4-2-3-1-4) FAILD_QKR is added to the Notify Message Error Type for Quantum Security. The value is 52. This is a type that notifies when the post-processing of a Sifted Key via Quantum Key Exchange (QKE) fails.

[0597] FIG. 42 is a drawing illustrating an example of Notify Message Status Types in a system applicable to the present disclosure.

[0598] (1-5-4-2-3-2) Notify Message Status Types can be defined as shown in Fig. 42.

[0599] (1-5-4-2-3-2-1) QUANTUM_CHANNEL_CAPABILITY is added to the Notify Message Status Type for Quantum Security. The value is 16445. This is a type that notifies the status, transmission capacity, availability, etc. of a Quantum Channel.

[0600] (1-5-4-2-3-2-1-2) QUANTUM_KEY_REFINEMENT_CAPABILITY is added to the Notify Message Status Type for Quantum Security. The value is 16446. This is a type that notifies the status, support method, and availability of the post-processing of a Sifted Key through Quantum Key Exchange (QKE).

[0601] (1-5-4-2-4) SPI (variable length) - Security Parameter Index.

[0602] (1-5-4-2-5) Notification Data (variable length) - Status or error data transmitted in addition to the Notify Message Type for the classical channel and / or the quantum channel.

[0603] (1-5-4-2-5-1) If the Notify Message Type for Quantum Security is configured, Notification Data for Quantum Security is transmitted.

[0604] (1-6) The Initiator receives a QBER Message (IKE Header, QBER) from the Responder via the Classical Channel. r , N r Receives ).

[0605] (1-6-1) QBER r Based on the creation information of the Qubit corresponding to the Payload's QBER Check Index, a QBER Check is performed based on the Measurement Basis and the QBER Check Value.

[0606] (1-6-2) QBER Check Results and QBER r It determines whether the payload passes the QBER by comparing it to the QBER check threshold.

[0607] (1-7) The Initiator sends a QKR Message to the Responder via the Classical Channel, and the QKR Message consists of an IKE Header, QKR i , N i It consists of a payload.

[0608] (1-7-1) If the result of the QBER Check does not exceed the QBER Check Threshold, the Initiator sends a QKR Message to the Responder.

[0609] (1-7-1-1) If the QBER Check result exceeds the QBER Check Threshold, the Initiator Notify Payload N i Terminate the protocol by sending the Notification Type as QBER_UNACCEPTABLE to the Responder.

[0610] (1-7-2) The Next Payload of the IKE Header indicates QKR.

[0611] (1-7-3) The QKR Payload transmits Quantum Key Refinement (QKR) information, which is necessary for the post-processing of the Sifted Key obtained through QKE.

[0612] FIG. 43 is a drawing illustrating an example of the structure of a QKR payload in a system applicable to the present disclosure.

[0613] (1-7-3-1) The QKR Payload follows the Generic Payload Header structure and includes QKR Type and QKR Data. The QKR Payload has the structure shown in FIG. 43.

[0614] (1-7-3-1-1) QKR Type (1 octet) - Refers to the type of Post Processing of a Sifted Key via QKE.

[0615] (1-7-3-1-1-1) QKR Type can be defined as shown in [Table 12] below.

[0616] QKR TypeValueRESERVED0Error Correction1Information Reconciliation2Privacy Amplification3RESERVED TO IANA4-127PRIVATE USE128-255

[0617] (1-7-3-1-1-1-1) Error Correction, Information Reconciliation, and Privacy Amplification are added to the QKR Type for Key Refinement of Sifted Keys obtained via QKE. (1-7-3-1-1-1-2) Values ​​4-127 are reserved to IANA. Values ​​128-256 are for private use among mutually consenting parties.

[0618] (1-7-3-1-2) QKR Data (variable length) - Transmits information on the Post Processing procedure corresponding to the QKR Type.

[0619] (1-7-4) If the Next Payload of the QKR Payload is the Notify Payload, the Ni Payload is sent.

[0620] (If the Next Payload of the 1-7-4-1QKR Payload is 0, no additional payload is transmitted through the Classical Channel.

[0621] (1-8) When the Responder receives a QKR Message from the Initiator, it can construct and send a QKR Message to the Initiator in the same way.

[0622] (1-9) Once the QKR process is complete, the Initiator and Responder will have the same Symmetric Key through QKE. This Symmetric Key can be used to encrypt / decrypt the payloads of the subsequent IKE_AUTH Request / Response process.

[0623] (1-10) In the above procedure, the Symmetric Key through KE and the Symmetric Key through QKE are combined and can be used to encrypt / decrypt the payloads of the IKE_AUTH Request / Response in the subsequent procedure.

[0624] (1-10-1) For example, Symmetric Key 1 through KE and Symmetric Key 2 through QKE are XORed to obtain Symmetric Key 3, which can be used to encrypt / decrypt the payloads of the IKE_AUTH Request / Response in the subsequent procedure.

[0625] (2) Stage 2: IKE_AUTH Request / Response

[0626] (2-1) The Initiator sends an IKE_AUTH Request to the Responder to perform user authentication.

[0627] (2-1-1) Once the IKE_SA_INIT exchange of Stage 1 is complete, subsequent procedures can be encrypted. However, since authentication of the counterparty has not yet been performed, it is used to authenticate the counterparty and create an IPSec SA.

[0628] (2-1-2) The IKE_AUTH Request contains the IKE Header and ID i , AUTH i , SA2 i , TS i , TS r ...is included. In this case, CERT i and ID r It may be optionally included.

[0629] (2-1-3) The IKE Header consists of Initiator SPI, Responder SPI, Next Payload, Major Version, Minor Version, Exchange Type, Flags, Message ID, and Length.

[0630] (2-1-4) ID i and ID r It is information for identification between peers, and generally includes an IPv4 or IPv6 ID Data Field.

[0631] (2-1-5) AUTH i It contains data for Message Authentication. Authentication Method Types used include RSA Digital Signature, Shared-key Message Integrity Code, and DSS Digital Signature.

[0632] (2-1-6) SA2 iIt includes a Proposal Number, a protocol ID (AH, ESP, or IKE), an indicator of the number of transforms, and a transform substructure for second-negotiating security settings to be used in IPSec.

[0633] (2-1-7) TS i , TS r It is a payload that allows verification of the packet flow of the IPSec secure connection service, and includes the TS Type, IP protocol ID, Selector Length, Start Port, End Port, Starting Address, and Ending Address. Security configuration via IKE enables secure connections only for agreed-upon traffic types.

[0634] (2-1-8) CERT i is a Public Key Certificate that includes a Certificate Encoding Field and may include the following Certificate Type or related information.

[0635] (2-1-8-1) PKCS #7 wrapped X.509 certificate

[0636] (2-1-8-2) PGP certificate

[0637] (2-1-8-3) DNS signed key

[0638] (2-1-8-4)

[0639] (2-1-8-5) X.509 certificate—key exchange

[0640] (2-1-8-6) Kerberos tokens

[0641] (2-1-8-7) Certificate Revocation List (CRL)

[0642] (2-1-8-8) Authority Revocation List (ARL)

[0643] (2-1-8-9) SPKI certificate

[0644] (2-2) The Responder performs user authentication by sending an IKE_AUTH Response to the Initiator.

[0645] (2-2-1) The IKE_AUTH Response Message can be configured in the same way as the IKE_AUTH Request Message.

[0646] The 1-way QKD-based IKE Protocol described above can be summarized as follows.

[0647] (1) Stage 1: IKE_SA_INIT Request / Response

[0648] FIG. 44 is a diagram illustrating an example of a procedure based on Classical IKE_SA_INT Messages and QKE Messages among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0649] (1-1) Stage 1-1) Classical IKE_SA_INT Messages and QKE Message

[0650] (1-1-1) SA1 in the Initiator's IKE_SA_INIT Request Message i Among the Proposals, the Transform Type includes Quantum Security and the Transform ID is QKD, and SA1 in the Responder's IKE_SA_INIT Response Message rIf the Transform Type in the Proposal includes Quantum Security and the Transform ID is QKD, the Quantum Security-related Transform Attributes are matched through SA Negotiation, and the following Quantum Security procedure is additionally performed.

[0651] (1-1-2) If the IKE header or the Next Payload of the last payload in the Initiator's IKE_SA_INIT Request Message is QKE, the Responder receives the QKE header and QKE through the Quantum Channel.

[0652] (1-1-2-1) If the Next Payload of the IKE Header is QKE, it means that there is no Next Payload through the Classical Channel. Therefore, the Nonce i The Quantum Channel's QKE Message can be indicated in the Next Payload Field of the Payload.

[0653] (1-1-3) The QKE header of a QKE message transmitted over a Quantum Channel includes QK Length, QK Basis, and Quantum Seed.

[0654] (1-1-3-1) QK Length indicates the length of the Initial Quantum Key of the QKE Payload, and QK Basis indicates the type of Quantum Basis used in the Initial Quantum Key. The above information may be transmitted in the Transform Attributes of the SA Payload, in which case the QK Length and QK Basis of the QKE Header may not be transmitted.

[0655] (1-1-3-2) Quantum Seed is the Nonce received from the Responder r It is configured identically to the Payload's Nonce Data.

[0656] (1-1-3-3) A Quantum Seed can be composed of a Quantum State or an Optical Signal. In this case, the Optical Signal can be a Single Photon level Optical Signal or a Field composed of Multiple Photons.

[0657] (1-1-3-3-1) A Quantum Seed composed of an Optical Signal is not information requiring security, and the signal can be configured in a way agreed upon in advance between the transmitting and receiving ends.

[0658] FIG. 45 is a diagram illustrating an example of a QBER message-based procedure among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0659] (1-2) Stage 1-2) QBER Message

[0660]

[0661] (1-2-1) The Responder [uses] the QKE through the Quantum Basis indicated in the QK Basis of the QKE Header i Measure the Initial Quantum Key.

[0662] (1-2-1-1) The Responder selects a Qubit for the QBER Check from the measured Initial Quantum Keys.

[0663] (1-2-2) The Responder sends a QBER Message to the Initiator via the Classical Channel, and the QBER Message consists of an IKE Header, QBER r , Nr It consists of a payload.

[0664] (1-2-3) The Next Payload of the IKE Header indicates the QBER, and the QBER Payload includes the QBER Check Length, QBER Check Threshold, Measurement Basis, QBER Check Index, and QBER Check Value, which are information required for the QBER Check.

[0665] (1-2-3-1) If the Next Payload of the QBER Payload is the Notify Payload, N r The payload is transmitted.

[0666] (1-2-3-2) If the Next Payload of the QBER Payload is 0, no additional payload is transmitted through the Classical Channel.

[0667] FIG. 46 is a diagram illustrating an example of a QKR message-based procedure among the 1-way QKD-based IKE Protocols applicable to the present disclosure.

[0668] (1-3) Stage 1-3) QKR Message

[0669] (1-3-1) The Initiator performs a QBER Check based on the QBER Message received from the Responder.

[0670] (1-3-1-1) If the QBER Check result does not exceed the QBER Check Threshold, the Initiator sends a QKR Message to the Responder.

[0671] (1-3-1-2) If the result of the QBER Check exceeds the QBER Check Threshold, the Initiator sends the Notification Type of the Notify Payload Ni as QBER_UNACCEPTABLE to the Responder to terminate the Protocol.

[0672] (1-3-2) QKR Message is IKE Header, QKR i , N i It consists of a payload.

[0673] (1-3-3) The Next Payload of the IKE Header indicates the QKR, and the QKR Payload contains QKR Data, which is information necessary for Quantum Key Refinement.

[0674] (1-3-4) When the Responder receives a QKR Message, it can construct and send a QKR Message to the Initiator in the same way.

[0675] (1-3-5) If the Next Payload of the QKR Payload is the Notify Payload, N i The payload is transmitted.

[0676] (1-3-6) If the Next Payload of the QKR Payload is 0, no additional payload is transmitted through the Classical Channel.

[0677] (2) Stage 2: IKE_AUTH Request / Response

[0678] (2-1) Follow the existing RFC 7296 procedure.

[0679]

[0680] 2.2 Quantum Security based Internet Key Exchange Protocol (2-way Quantum Key Distribution based IKE)

[0681] FIG. 47 is a diagram illustrating an example of a 2-way QKD-based IKE Protocol in a system applicable to the present disclosure.

[0682] In this disclosure, we propose an IKE system based on 2-way Quantum Key Distribution (QKD) among Quantum Security systems that enable physical security based on quantum properties when performing key exchange in the Internet Key Exchange (IKE) procedure for an IPSec Connection.

[0683] The signal flow of the proposed 2-way QKD-based IKE system is diagrammed as shown in Figure 47.

[0684] (1) Stage 1: IKE_SA_INIT Request / Response

[0685] (1-1) The Initiator sends an IKE_SA_INIT Request to the Responder to initiate negotiation for security settings.

[0686] (1-1-1) The IKE_SA_INIT request contains the IKE Header and SA1 i , KE i , Nonce i It is included and transmitted.

[0687] (1-1-2) The IKE Header consists of Initiator SPI, Responder SPI, Next Payload, Major Version, Minor Version, Exchange Type, Flags, Message ID, and Length, as described in 2.1.

[0688] (1-1-3) SA1i is a payload that an initiator sends to a responder to negotiate security settings to be used in IPSec. It is a payload that includes a proposal for security settings negotiation based on a generic payload header, and the details are as described in 2.1.

[0689] (1-1-4) KE i The Initiator sends a payload containing parameters of the key exchange method for generating a Session Key to the Responder, and the details are the same as those described in Section 2.1, Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0690] (1-1-5) Nonce i The Initiator sends a payload containing arbitrary data to prevent replay attacks to the Responder, and the details are the same as those described in Section 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0691] (1-2) The Responder sends an IKE_SA_INIT Response to the Initiator to complete the negotiation for security settings.

[0692] (1-2-1) The IKE_SA_INIT Response contains the IKE Header and SA1 r , KE r , Nonce r It is included and transmitted.

[0693] (1-2-2) The configuration of the IKE_SA_INIT Response is defined in the same way as the configuration of the IKE_SA_INIT Request.

[0694] (1-2-2-1) Based on the IKE_SA_INIT Request information from the Initiator, send the security method and parameters to be used for security settings to the Initiator.

[0695] (1-2-2-2) SA1 included in the IKE_SA_INIT Request Message r , KE r , Nonce r is SA1 i , KE i , Nonce i It consists of the same payload structure as .

[0696] (1-2-2-2-1) By sending the IKE_SA_INIT Response Message, the Initiator and Responder can obtain the same Symmetric Key through the Diffie-Hellman Key Exchange. This Symmetric Key can be used for the Encryption / Decryption of the Payloads of the subsequent IKE_AUTH Request / Response.

[0697] (1-2-3) In this step, a CERTREQ may be sent depending on the situation, and the CERTREQ is a payload requesting the transmission of a Certificate in the next step. The detailed structure follows RFC 7296.

[0698] (1-3) The Initiator sends QKE to the Responder via the Quantum Channel i Message (QKE Header and QKE i The Responder transmits the Payload, and sends the QKE to the Initiator via the Quantum Channel. r Message (QKE Header and QKE r Transmits the Payload.

[0699] (1-3-1) This procedure is a bidirectional simultaneous procedure in which the Initiator and Responder can be performed simultaneously without order.

[0700] (1-3-2) SA1 in the Initiator's IKE_SA_INIT Request Message i Among the Proposals, the Transform Type includes Quantum Security and the Transform ID is QDH, and SA1 in the Responder's IKE_SA_INIT Response Message r If the Transform Type in the Proposal includes Quantum Security and the Transform ID is QDH, the Quantum Security-related Transform Attributes are matched through SA Negotiation, and the following additional procedure is performed.

[0701] (1-3-3) IKE Header or Last Payload (e.g., Nonce) in the Initiator's IKE_SA_INIT Request Message iIf the Next Payload of ) is QKE, the Initiator sends the QKE Header and QKE to the Quantum Channel. i Transmits.

[0702] (1-3-4) IKE Header or Last Payload (e.g., Nonce) in the Responder's IKE_SA_INIT Response Message r If the Next Payload of ) is QKE, the Responder sends the QKE Header and QKE to the Quantum Channel. r Transmits.

[0703] (1-3-4-1) The QKE Header of QKE Messages transmitted over the Quantum Channel includes the QK Length, QK Basis, and Quantum Seed, and the details are the same as those described in Section 2.1. Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE) above. (QKE i Message & QKE r Message)

[0704] (1-3-4-2) QKE of QKE Messages Transmitted via Quantum Channel i Payload and QKE r The payload contains an Initial Quantum Key Stream and has a set of independently generated different quantum states.

[0705] (1-3-4-2-1) The Initial Quantum Key of the QKEi Payload is a sequence of quantum states consisting of random quantum states, and the details are the same as those described in 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0706] (1-4) The Initiator receives a QKE Message (QKE Header and QKE from the Responder, and the Responder receives a QKE from the Initiator through the Quantum Channel. i Payload and QKE r Receives the Payload.

[0707] (1-4-1) The Initiator uses the Quantum Basis indicated in the QK Basis of the QKE Header received from the Responder to QKE r Measure the Initial Quantum Key.

[0708] (1-4-2) The Responder [receives] the QKE through the Quantum Basis indicated in the QK Basis of the QKE Header received from the Initiator. i Measure the Initial Quantum Key.

[0709] (1-4-3) The initiator selects a qubit for the QBER check from the measured Initial Quantum Keys.

[0710] (1-4-4) The Responder selects a Qubit for the QBER Check from the measured Initial Quantum Keys.

[0711] (1-5) The Initiator sends a QBER Message to the Responder via the Classical Channel, and the QBER Message consists of an IKE Header, QBER i , N i Consists of a Payload. (QBER i Message)

[0712] (1-5-1) The corresponding QBER i The message is QKE through the quantum channel from the Responder. r As QBER Check information for the Message, the details are the same as those described in Section 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0713] (1-6) The Responder sends a QBER Message to the Initiator via the Classical Channel, and the QBER Message consists of an IKE Header, QBER r , N r Consists of a Payload. (QBER r Message)

[0714] (1-6-1) The corresponding QBER r The message is QKE through the quantum channel from the Initiator. i As QBER Check information for the Message, the details are the same as those described in Section 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0715] (1-7) The Initiator receives a QBERr Message (IKE Header, QBER r , N r Receives ).

[0716] (1-7-1) QBER r Based on the creation information of the Qubit corresponding to the Payload's QBER Check Index, a QBER Check is performed based on the Measurement Basis and the QBER Check Value.

[0717] (1-7-2) QBER Check Results and QBER r It determines whether the payload passes the QBER by comparing it to the QBER check threshold.

[0718] (1-8) The Responder receives QBER from the Initiator through the Classical Channel i Message (IKE Header, QBER i , N i Receives ).

[0719] (1-8-1) QBER i Based on the creation information of the Qubit corresponding to the Payload's QBER Check Index, a QBER Check is performed based on the Measurement Basis and the QBER Check Value.

[0720] (1-8-2) QBER Check Results and QBER i It determines whether the payload passes the QBER by comparing it to the QBER check threshold.

[0721] (1-9) The Initiator sends a QKR Message to the Responder via the Classical Channel, and the QKR Message consists of an IKE Header, QKR i , N iIt consists of a payload.

[0722] (1-9-1) The Initiator is QKE r If the QBER Check result of the transmitted quantum channel does not exceed the QBER Check Threshold, a QKR Message is sent to the Responder.

[0723] (1-9-1-1) If the QBER Check result exceeds the QBER Check Threshold, the Initiator Notify Payload N i Terminate the protocol by sending the Notification Type as QBER_UNACCEPTABLE to the Responder.

[0724] (1-9-2) The details of the QKR Message are the same as those described in 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE).

[0725] (1-10) When the Responder receives a QKR Message from the Initiator, it can construct and send a QKR Message to the Initiator in the same way.

[0726] (1-10-1) The Responder is QKE i If the QBER Check result of the transmitted quantum channel does not exceed the QBER Check Threshold, a QKR Message is sent to the Responder.

[0727] (1-10-1-1) If the QBER Check result exceeds the QBER Check Threshold, the Responder Notifies Payload N rTerminate the protocol by sending the Notification Type as QBER_UNACCEPTABLE to the Responder.

[0728] (1-11) Once the QKR process is complete, the Initiator and Responder will have the same Symmetric Key through QKE. This Symmetric Key can be used to encrypt / decrypt the payloads of the subsequent IKE_AUTH Request / Response process.

[0729] (1-12) In the above procedure, the Symmetric Key through KE and the Symmetric Key through QKE are combined and can be used to encrypt / decrypt the payloads of the subsequent IKE_AUTH Request / Response.

[0730] (1-12-1) For example, Symmetric Key 1 through KE and Symmetric Key 2 through QKE are XORed to obtain Symmetric Key 3, which can be used to encrypt / decrypt the payloads of the IKE_AUTH Request / Response in the subsequent procedure.

[0731] (2) Stage 2: IKE_AUTH Request / Response

[0732] (2-1) The details are the same as those described in Section 2.1, Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE), above. (It follows the existing RFC 7296 procedure.)

[0733]

[0734] The procedure of the proposed 2.2 Quantum Security based Internet Key Exchange Protocol (2-way Quantum Key Distribution based IKE) above is an IKE technique that supports Quantum Security based on 2-way QKD by providing a Quantum Channel bidirectionally among the procedures of the previously described 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE) and it is obvious that it has the same configuration as the Message and Payload described in the previously described 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE). However, it is obvious that the content of the Payload transmitted from the Initiator to the Responder and the content of the Payload transmitted from the Responder to the Initiator are different.

[0735] The exact numbers of all parameters described in the Quantum Security based IKE Protocol proposed above, specifically the previously described 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE) and 2.2 Quantum Security based Internet Key Exchange Protocol (2-way Quantum Key Distribution based IKE), may be expressed differently. For example, the Payload Type may be defined by a different number according to the procedures carried out in standards managed by IANA.

[0736] It is self-evident that Quantum Security can be applied in the same way to the CREATE_CHILD_SA Request / Response used when additional child SAs are required or when one of the IKE SAs or child SAs needs to be reassigned as a key.

[0737] The 1-way QKD method described in the Quantum Security based IKE Protocol of 2.1 Quantum Security based Internet Key Exchange Protocol (1-way Quantum Key Distribution based IKE) explained above is based on the generally accepted BB84 QKD method, but it is evident that other forms of QKD methods can also be applied. If other versions of QKD methods are applied, they may be additionally reflected in the Transform ID of the SA Payload.

[0738] The 2-way QKD method described in the Quantum Security based IKE Protocol of the 2.2 Quantum Security based Internet Key Exchange Protocol (2-way Quantum Key Distribution based IKE) proposed above is based on the generally accepted Quantum Diffie-Hellman method, but it is evident that other forms of QDH methods can also be applied. If other versions of QDH methods are applied, they may be additionally reflected in the Transform ID of the SA Payload.

[0739] If the Quantum Security-based IKE Protocol proposed above is incorporated into the IKE standard procedure, indications for Quantum Security operations may be additionally defined in Network Domain Security as defined in 3GPP TS 33.210. For example, as follows.

[0740] 5.4.2 IKEv2 Profiling

[0741] The Internet Key Exchange protocol IKEv2 must be supported for IPsec SA negotiation. The following additional requirements apply.

[0742] General:

[0743] The IKEv2 configuration payload as defined in RFC 7296

[0043] should be supported.

[0744] Protocol support for High Availability as defined in RFC 6311

[0042] should be supported.

[0745] For IKE_SA_INIT exchange:

[0746] The following algorithms are listed with their names according to

[0044] .

[0747] The following algorithms must be supported:

[0748] - Confidentiality: AES-GCM, 16-octet ICV, 128-bit key length;

[0749] - Pseudo-random function: PRF_HMAC_SHA2_256;

[0750] - Integrity: AUTH_HMAC_SHA256_128; (Integrity: AUTH_HMAC_SHA256_128;)

[0751] - Diffie-Hellman group 19 (256-bit random ECP group); (Diffie-Hellman group 19 (256-bit random ECP group) ;)

[0752] It is desirable that the following algorithms be supported:

[0753] - Confidentiality: AES-GCM, 16-octet ICV, 256-bit key length;

[0754] - Pseudo-random function: PRF_HMAC_SHA2_384;

[0755] - Diffie-Hellman group 20 (384-bit random ECP group); (Diffie-Hellman group 20 (384-bit random ECP group).)

[0756] - Diffie-Hellman group 31 (Curve25519); (Diffie-Hellman group 31 (Curve25519).)

[0757] - Quantum Security: Quantum Key Distribution; (Quantum Security: Quantum Key Distribution)

[0758] - Quantum Security: Quantum Diffie Hellman

[0759] Note 1: The IANA IKEv2 registry

[0044] contains further references for the listed algorithms.

[0760] For security reasons, Diffie-Hellman MODP groups less than 2048 bits should not be supported.

[0761]

[0762] For IKE_AUTH exchange:

[0763] Authentication method 2 - Shared Key Message Integrity Code shall be supported.

[0764] IP addresses and Fully Qualified Domain Names (FQDNs) must be supported for identification.

[0765] Re-keying of IPsec SAs and IKE SAs shall be supported as specified in RFC 7296

[0043] .

[0766] In addition to the requirements defined in RFC 7296

[0043] , rekeying shall not lead to a noticeable degradation of service.

[0767] For the CREATE_CHILD_SA exchange:

[0768] A DH key exchange and Quantum key exchange (provided by Perfect Forward Secrecy) should be used, and the session keys should be changed frequently.

[0769] For reauthentication:

[0770] Reauthentication of IKE SAs as specified in RFC 7296

[0043] section 2.8.3 shall be supported.

[0771] A NE shall proactively initiate the reauthentication of IKE SAs and their child SAs, and the new SAs shall be established before the existing SAs expire.

[0772] A NE shall destroy an IKE SA and its child SAs when the authentication lifetime of the IKE SA expires.

[0773] Note 2: NE actions related to reauthentication are controlled by locally configured lifetimes according to RFC 4301

[0035] . This consists of a soft authentication lifetime that warns the implementation to initiate reauthentication, and a hard authentication lifetime when the current IKE SA and its child SAs are destroyed.

[0774] In addition to the requirements defined in RFC 7296

[0043] , reauthentication shall not lead to a noticeable degradation of service.

[0775] If the Quantum Security-based IKE Protocol proposed above is incorporated into the IKE standard procedure, a description of Quantum Security may be additionally defined within Network Domain Security as defined in 3GPP TS 33.310. For example, as follows.

[0776] 6.2.1b IKEv2 profile

[0777] In addition to the requirements specified in NDS / IP [1], the following requirements on certificate-based IKEv2 authentication shall be applied:

[0778] For the IKE_INIT_SA and IKE_AUTH exchanges:

[0779] The following algorithms must be supported:

[0780] Authentication: Method 1 - RSA Digital Signature

[0042] ; (Authentication: Method 1 - RSA Digital Signature

[0042] ;)

[0781] Implementations should support signatures that use SHA-256, should support signatures that use SHA-384, and should not support signatures that use SHA-1. Implementations should use SHA-256 as the default hash function when generating signatures.

[0782] The use of Method 1 is not recommended because it uses PKCS#1v1.5 padding.

[0783] Hash Algorithm Notification

[0043] (Hash Algorithm Notification

[0043] )

[0784] Implementations shall support SHA2-256, should support SHA2-384, and shall not support SHA1.

[0785] Authentication: Method 14 - Digital Signature

[0043] .

[0786] Implementations must support ecdsa-with-sha256 and should support ecdsa-with-sha384 and RSASSA-PSS with SHA-256. Implementations shall not support sha1WithRSAEncryption, dsa-with-sha1, ecdsa-with-sha1, RSASSA-PSS with Empty Parameters, and RSASSA-PSS with Default Parameters.

[0787] Quantum security shall be supported between the parties connected by quantum channels.

[0788] The identity of the CERT payload (including the end entity certificate) shall be used for policy checks.

[0789] Initiating / responding end entities are required to send certificate requests in the IKE_INIT_SA exchange for the responder and in the IKE_AUTH exchange for the initiator.

[0790] Cross-certificates shall not be sent by the peer end entity as they are pre-configured in the end entity.

[0791] The certificates in the certificate payload shall be encoded as type 4 (X.509 Certificate - Signature).

[0792] An end entity shall rekey the IKE SA when any used end entity certificate expires.

[0793] Note 2: Depending on the availability of DNS between peer-end entities, the following rule is applied:

[0794] Both subjectAltName and the IKEv2 policy must contain an IP address (in case DNS is not available).

[0795] Both subjectAltName and the IKEv2 policy must contain an FQDN (if DNS is available).

[0796]

[0797] Effects of various embodiments of the present disclosure

[0798] The expected effects of the various embodiments of the present disclosure are as follows.

[0799] (1) Through the configuration of IKE based on Quantum Security,

[0800] (1-1) By configuring it so that repeated measurement of security information is impossible based on Quantum Security, secure communication can be performed without leakage of the transmitted message.

[0801] (1-2) Based on the quantum coherence time characteristics, it is possible to prevent subsequent Plaintext Attacks even against an attacker's Harvest-Now-Decrypt-Later (HNDL) Attack.

[0802] (1-2-1) Even if existing security procedures collapse, there is no leakage of information that has already been communicated due to quantum security.

[0803] (1-3) Existing IKE security procedures and quantum security procedures can coexist.

[0804]

[0805] The characteristic configurations of various embodiments of the present disclosure are as follows.

[0806] (1) Quantum Security-based IKE procedures and Message, Payload configuration, IETF and 3GPP standard description

[0807] (1-1) IKE Protocol based on 1-way QKD

[0808] (1-2) IKE Protocol based on 2-way QKD

[0809] (1-3) Definition of configuration changes and content additions for IKE Header, SA Payload, and Notify Payload due to Quantum Security application

[0810] (1-4) Additional definition of QKE Header and QKE Payload of Quantum Channel due to Quantum Security application

[0811] (1-5) Additional definition of QBER Payload and QKR Payload for Classical Channel by applying Quantum Security

[0812] [Explanation regarding the 1st node claim]

[0813] The embodiments described above will be explained in detail below with reference to FIG. 48 regarding the operation of the first node. The methods described below are distinguished only for the convenience of explanation, and it is obvious that, as long as they are not mutually excluded, a part of one method may be substituted with a part of another method or combined with one another and applied.

[0814] FIG. 48 is a diagram illustrating an example of the operation process of a first node in a system applicable to the present disclosure.

[0815] According to various embodiments of the present disclosure, a method performed by a first node in a communication system is provided.

[0816] According to various embodiments of the present disclosure, each of the first node and the second node may correspond to either a terminal or a base station in a wireless communication system. According to various embodiments of the present disclosure, the first node may correspond to an initiator, and the second node may correspond to a responder.

[0817] The embodiment of FIG. 48 may further include, prior to step S4801, one or more of the steps of: the first node transmitting one or more synchronization signals to the second node; the first node transmitting system information to the second node; the first node transmitting configuration information to the second node; and the first node transmitting control information to the second node.

[0818] The embodiment of FIG. 48 may further include, prior to step S4801, one or more of the steps of: the first node receiving a random access preamble from the second node; the first node transmitting a random access response (RAR) to the second node; the first node receiving a random access message 3 from the second node; and the first node transmitting a contention resolution message to the second node. Message 3 is the first PUSCH transmission scheduled by the RAR with a RAR UL grant.

[0819] In step S4801, the first node sends an IKE_SA_INIT request to the second node, which includes the transform type of Quantum Security and the transform identifier (transform ID) of Quantum Key Distribution (QKD).

[0820] In step S4802, the first node receives an IKE_SA_INIT response from the second node that includes the transformation type of the quantum security and the transformation ID of the QKD.

[0821] In step S4803, the first node transmits a quantum key exchange (QKE) message to the second node through a quantum channel, the message including a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed.

[0822] In step S4804, the first node receives a QBER message from the second node via a classical channel, the QBER message containing a quantum bit error rate (QBER) associated with an initial quantum key based on the QKE message.

[0823]

[0824] According to various embodiments of the present disclosure, the embodiment of FIG. 48 may further include the step of transmitting a QKR (quantum key refinement) message to the second node when the result of a QBER check based on the QBER message is smaller than a QBER check threshold.

[0825] According to various embodiments of the present disclosure, the embodiment of FIG. 48 may further include the step of transmitting a QBER_UNACCEPTABLE message related to the termination of protocol to the second node when the result of a QBER check based on the QBER message is greater than a QBER check threshold.

[0826] According to various embodiments of the present disclosure, the embodiment of FIG. 48 may further include the step of receiving a notify message from the second node through the classical channel that is related to one or more of the failure of the post-processing of the quantum key exchange (QKE), the invalidity of the initial quantum key, or the occurrence of a security problem of the quantum channel.

[0827] According to various embodiments of the present disclosure, the embodiment of FIG. 48 may further include the steps of: receiving a second quantum key exchange (QKE) message from the second node through the quantum channel, the message comprising a second quantum key length (QK length), a second quantum key basis (QK basis), and a second quantum seed; and transmitting a second QBER message to the second node through the classical channel, the message comprising a second QBER (quantum bit error rate) associated with a second initial quantum key based on the second QKE message.

[0828] According to various embodiments of the present disclosure, the embodiment of FIG. 48 may further include the step of receiving a second QKR message from the second node when the result of the second QBER acknowledgment based on the second QBER message is less than the QBER acknowledgment threshold; and the step of receiving a second QBER_UNACCEPTABLE message related to the termination of the protocol from the second node when the result of the second QBER acknowledgment based on the second QBER message is greater than the QBER acknowledgment threshold.

[0829] According to various embodiments of the present disclosure, the transmission of the QKE message and the reception of the second QKE message can be performed simultaneously.2

[0830]

[0831] According to various embodiments of the present disclosure, a first node is provided in a communication system. The first node includes a transceiver and at least one processor, and the at least one processor may be configured to perform a method of operation of the first node according to FIG. 48.

[0832]

[0833] According to various embodiments of the present disclosure, an apparatus for controlling a first node in a communication system is provided. The apparatus comprises at least one processor and at least one memory operably connected to the at least one processor. The at least one memory may be configured to store instructions for performing a method of operation of the first node according to FIG. 48 based on execution by the at least one processor.

[0834]

[0835] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media (CRMs) storing one or more instructions are provided. The one or more instructions perform operations based on execution by one or more processors, and the operations may include a method of operation of a first node according to FIG. 48.

[0836]

[0837] [Explanation regarding the 2nd node claim]

[0838] The embodiments described above will be explained in detail below with reference to FIG. 49 regarding the operation of the second node. The methods described below are distinguished only for the convenience of explanation, and it is obvious that as long as they are not mutually excluded, a part of one method may be substituted with a part of another method or combined with one another and applied.

[0839] FIG. 49 is a diagram illustrating an example of the operation process of a second node in a system applicable to the present disclosure.

[0840] According to various embodiments of the present disclosure, a method performed by a second node in a communication system is provided.

[0841] According to various embodiments of the present disclosure, each of the first node and the second node may correspond to either a terminal or a base station in a wireless communication system. According to various embodiments of the present disclosure, the first node may correspond to an initiator, and the second node may correspond to a responder.

[0842] The embodiment of FIG. 49 may further include, prior to step S4901, one or more of the steps of: the second node receiving one or more synchronization signals from the first node; the second node receiving system information from the first node; the second node receiving configuration information from the first node; and the second node receiving control information from the first node.

[0843] The embodiment of FIG. 49 may further include, prior to step S4901, one or more of the steps of: the second node transmitting a random access preamble to the first node; the second node receiving a random access response (RAR) from the first node; the second node transmitting a random access message 3 to the first node; and the second node receiving a contention resolution message from the first node. Message 3 is the first PUSCH transmission scheduled by the RAR with a RAR UL grant.

[0844] In step S4901, the second node receives an IKE_SA_INIT request from the first node that includes a transform type of Quantum Security and a transform identifier (transform ID) of Quantum Key Distribution (QKD).

[0845] In step S4902, the second node transmits an IKE_SA_INIT response to the first node that includes the transformation type of the quantum security and the transformation ID of the QKD.

[0846] In step S4903, the second node receives a quantum key exchange (QKE) message from the first node through a quantum channel, the message including a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed.

[0847] In step S4903, the second node transmits a QBER message to the first node via a classical channel, the QBER message containing the initial quantum key and the QBER (quantum bit error rate) associated with the QKE message.

[0848]

[0849] According to various embodiments of the present disclosure, the embodiment of FIG. 49 may further include the step of receiving a QKR (quantum key refinement) message from the first node when the result of a QBER check based on the QBER message is smaller than a QBER check threshold.

[0850] According to various embodiments of the present disclosure, the embodiment of FIG. 49 may further include the step of receiving a QBER_UNACCEPTABLE message related to the termination of protocol from the first node when the result of a QBER check based on the QBER message is greater than a QBER check threshold.

[0851] According to various embodiments of the present disclosure, the embodiment of FIG. 49 may further include the step of transmitting a notify message to the first node through the classical channel, which is related to one or more of the failure of the post-processing of the quantum key exchange (QKE), the invalidity of the initial quantum key, and the occurrence of a security problem of the quantum channel.

[0852] According to various embodiments of the present disclosure, the embodiment of FIG. 49 may further include the steps of: transmitting a second quantum key exchange (QKE) message to the first node through the quantum channel, the message comprising a second quantum key length (QK length), a second quantum key basis (QK basis), and a second quantum seed; and receiving a second QBER message from the first node through the classical channel, the message comprising a second quantum bit error rate (QBER) associated with a second initial quantum key based on the second QKE message.

[0853] According to various embodiments of the present disclosure, the embodiment of FIG. 49 may further include the step of transmitting a second QKR message to the first node when the result of the second QBER acknowledgment based on the second QBER message is less than the QBER acknowledgment threshold; and the step of transmitting a second QBER_UNACCEPTABLE message related to the termination of the protocol to the first node when the result of the second QBER acknowledgment based on the second QBER message is greater than the QBER acknowledgment threshold.

[0854] According to various embodiments of the present disclosure, the reception of the QKE message and the transmission of the second QKE message can be performed simultaneously.

[0855]

[0856] According to various embodiments of the present disclosure, a second node is provided in a communication system. The second node includes a transceiver and at least one processor, and the at least one processor may be configured to perform the operation method of the second node according to FIG. 49.

[0857]

[0858] According to various embodiments of the present disclosure, an apparatus for controlling a first node in a communication system is provided. The apparatus comprises at least one processor and at least one memory operably connected to the at least one processor. The at least one memory may be configured to store instructions for performing a method of operating a second node according to FIG. 49 based on execution by the at least one processor.

[0859]

[0860] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media (CRMs) storing one or more instructions are provided. The one or more instructions perform operations based on execution by one or more processors, and the operations may include a method of operation of a second node according to FIG. 49.

[0861]

[0862] Communication systems applicable to the present disclosure

[0863] FIG. 50 illustrates a communication system (1) applicable to various embodiments of the present disclosure.

[0864] Referring to FIG. 50, a communication system (1) applicable to various embodiments of the present disclosure includes a wireless device, a base station, and a network. Here, the wireless device refers to a device that performs communication using wireless access technology (e.g., 5G NR (New RAT), LTE (Long Term Evolution), 6G wireless communication) and may be referred to as a communication / wireless / 5G device / 6G device. Although not limited thereto, the wireless device may include a robot (100a), a vehicle (100b-1, 100b-2), an XR (eXtended Reality) device (100c), a hand-held device (100d), a home appliance (100e), an IoT (Internet of Thing) device (100f), and an AI device / server (400). For example, the vehicle may include a vehicle equipped with wireless communication capabilities, an autonomous vehicle, a vehicle capable of performing inter-vehicle communication, etc. Here, the vehicle may include an Unmanned Aerial Vehicle (UAV) (e.g., a drone). XR devices include AR (Augmented Reality) / VR (Virtual Reality) / MR (Mixed Reality) devices and can be implemented in the form of HMDs (Head-Mounted Devices), HUDs (Head-Up Displays) equipped in vehicles, televisions, smartphones, computers, wearable devices, home appliances, digital signage, vehicles, robots, etc. Portable devices may include smartphones, smartpads, wearable devices (e.g., smartwatches, smart glasses), computers (e.g., laptops, etc.). Home appliances may include TVs, refrigerators, washing machines, etc. IoT devices may include sensors, smart meters, etc. For example, base stations and networks may be implemented as wireless devices, and a specific wireless device (200a) may operate as a base station / network node to other wireless devices.

[0865] Wireless devices (100a to 100f) can be connected to a network (300) through a base station (200). Artificial Intelligence (AI) technology may be applied to the wireless devices (100a to 100f), and wireless devices (100a to 100f) can be connected to an AI server (400) through the network (300). The network (300) can be configured using a 3G network, a 4G (e.g., LTE) network, a 5G (e.g., NR) network, or a 6G network. Wireless devices (100a to 100f) may communicate with each other through the base station (200) / network (300), but they may also communicate directly (e.g., sidelink communication) without going through the base station / network. For example, vehicles (100b-1, 100b-2) can communicate directly (e.g., V2V (Vehicle to Vehicle) / V2X (Vehicle to everything) communication). Also, IoT devices (e.g., sensors) can communicate directly with other IoT devices (e.g., sensors) or other wireless devices (100a to 100f).

[0866] Wireless communication / connection (150a, 150b, 150c) can be established between wireless devices (100a~100f) / base station (200) and base station (200) / base station (200). Here, wireless communication / connection can be achieved through various wireless access technologies (e.g., 5G NR), such as uplink / downlink communication (150a), sidelink communication (150b) (or D2D communication), and inter-base station communication (150c) (e.g., relay, IAB (Integrated Access Backhaul)). Through wireless communication / connection (150a, 150b, 150c), wireless devices and base stations / wireless devices, and base stations and base stations can transmit / receive wireless signals to / from each other. For example, wireless communication / connection (150a, 150b, 150c) can transmit / receive signals through various physical channels. To this end, based on various proposals of various embodiments of the present disclosure, at least some of the following may be performed: various configuration information setting processes for transmitting / receiving wireless signals, various signal processing processes (e.g., channel encoding / decoding, modulation / demodulation, resource mapping / demapping, etc.), resource allocation processes, etc.

[0867] Meanwhile, NR supports multiple numerologies (or subcarrier spacing (SCS)) to support various 5G services. For example, when the SCS is 15 kHz, it supports a wide area in traditional cellular bands; when the SCS is 30 kHz / 60 kHz, it supports dense-urban, lower latency, and wider carrier bandwidth; and when the SCS is 60 kHz or higher, it supports a bandwidth greater than 24.25 GHz to overcome phase noise.

[0868] The NR frequency band can be defined by two types of frequency ranges (FR1, FR2). The numerical values ​​of the frequency ranges may change, for example, the frequency ranges of the two types (FR1, FR2) may be as shown in Table 13 below. For convenience of explanation, among the frequency ranges used in the NR system, FR1 may mean "sub 6GHz range" and FR2 may mean "above 6GHz range" and may be referred to as millimeter wave (mmW).

[0869]

[0870] Frequency Range designationCorresponding frequency rangeSubcarrier SpacingFR1450MHz-6000MHz15, 30, 60kHzFR224250MHz-52600MHz60, 120, 240kHz

[0871] As described above, the numerical value of the frequency range of the NR system may change. For example, FR1 may include a band of 410 MHz to 7125 MHz as shown in Table 14 below. That is, FR1 may include a frequency band of 6 GHz (or 5850, 5900, 5925 MHz, etc.) or higher. For example, the frequency band of 6 GHz (or 5850, 5900, 5925 MHz, etc.) or higher included within FR1 may include an unlicensed band. The unlicensed band may be used for various purposes, for example, for communication for vehicles (e.g., autonomous driving).

[0872] Frequency Range designationCorresponding frequency rangeSubcarrier SpacingFR141MHz-7125MHz15, 30, 60kHzFR224250MHz-52600MHz60, 120, 240kHz

[0873] According to various embodiments of the present disclosure, the communication system (1) may support terahertz (THz) wireless communication. THz wireless communication is wireless communication using THz waves having a frequency of approximately 0.1 to 10 THz (1 THz = 10¹² Hz), and may refer to terahertz (THz) band wireless communication using a very high carrier frequency of 100 GHz or higher. The frequency band expected to be used for THz wireless communication may be a D-band (110 GHz to 170 GHz) or H-band (220 GHz to 325 GHz) band, which has low propagation loss due to molecular absorption in the air.

[0874]

[0875] Wireless devices applicable to the present disclosure

[0876] Hereinafter, examples of wireless devices to which various embodiments of the present disclosure are applied will be described.

[0877] FIG. 51 illustrates a wireless device that can be applied to various embodiments of the present disclosure.

[0878] Referring to FIG. 51, the first wireless device (100) and the second wireless device (200) can transmit and receive wireless signals through various wireless access technologies (e.g., LTE, NR). Here, {the first wireless device (100), the second wireless device (200)} may correspond to {wireless device (100x), base station (200)} and / or {wireless device (100x), wireless device (100x)} of FIG. 50.

[0879] The first wireless device (100) includes one or more processors (102) and one or more memories (104), and may additionally include one or more transceivers (106) and / or one or more antennas (108). The processor (102) controls the memory (104) and / or transceivers (106) and may be configured to implement the descriptions, functions, procedures, proposals, methods and / or operation sequences disclosed herein. For example, the processor (102) may process information within the memory (104) to generate a first information / signal and then transmit a wireless signal containing the first information / signal through the transceiver (106). Additionally, the processor (102) may receive a wireless signal containing a second information / signal through the transceiver (106) and then store information obtained from the signal processing of the second information / signal in the memory (104). The memory (104) may be connected to the processor (102) and may store various information related to the operation of the processor (102). For example, the memory (104) may store software code containing instructions for performing some or all of the processes controlled by the processor (102) or for performing the descriptions, functions, procedures, proposals, methods, and / or operation sequence diagrams disclosed in this document. Here, the processor (102) and the memory (104) may be part of a communication modem / circuit / chip designed to implement wireless communication technology (e.g., LTE, NR). The transceiver (106) may be connected to the processor (102) and may transmit and / or receive wireless signals through one or more antennas (108). The transceiver (106) may include a transmitter and / or receiver. The transceiver (106) may be combined with an RF (Radio Frequency) unit. In various embodiments of the present disclosure, the wireless device may refer to a communication modem / circuit / chip.

[0880] The second wireless device (200) includes one or more processors (202) and one or more memories (204), and may additionally include one or more transceivers (206) and / or one or more antennas (208). The processor (202) controls the memory (204) and / or transceivers (206) and may be configured to implement the descriptions, functions, procedures, proposals, methods and / or operation sequences disclosed in this document. For example, the processor (202) may process information within the memory (204) to generate a third information / signal and then transmit a wireless signal containing the third information / signal through the transceiver (206). Additionally, the processor (202) may receive a wireless signal containing a fourth information / signal through the transceiver (206) and then store information obtained from the signal processing of the fourth information / signal in the memory (204). Memory (204) may be connected to the processor (202) and may store various information related to the operation of the processor (202). For example, memory (204) may store software code containing instructions for performing some or all of the processes controlled by the processor (202) or for performing the descriptions, functions, procedures, proposals, methods, and / or sequences of operation disclosed in this document. Here, the processor (202) and memory (204) may be part of a communication modem / circuit / chip designed to implement wireless communication technology (e.g., LTE, NR). A transceiver (206) may be connected to the processor (202) and may transmit and / or receive wireless signals through one or more antennas (208). The transceiver (206) may include a transmitter and / or receiver. The transceiver (206) may be interchangeable with an RF unit. In various embodiments of this disclosure, a wireless device may refer to a communication modem / circuit / chip.

[0881] Hereinafter, hardware elements of the wireless device (100, 200) will be described in more detail. Although not limited thereto, one or more protocol layers may be implemented by one or more processors (102, 202). For example, one or more processors (102, 202) may implement one or more layers (e.g., functional layers such as PHY, MAC, RLC, PDCP, RRC, SDAP). One or more processors (102, 202) may generate one or more Protocol Data Units (PDUs) and / or Service Data Units (SDUs) according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document. One or more processors (102, 202) may generate messages, control information, data, or information according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document. One or more processors (102, 202) may generate a signal (e.g., baseband signal) containing a PDU, SDU, message, control information, data, or information according to the functions, procedures, proposals, and / or methods disclosed in this document and provide it to one or more transceivers (106, 206). One or more processors (102, 202) may receive a signal (e.g., baseband signal) from one or more transceivers (106, 206) and may obtain a PDU, SDU, message, control information, data, or information according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts disclosed in this document.

[0882] One or more processors (102, 202) may be referred to as a controller, microcontroller, microprocessor, or microcomputer. One or more processors (102, 202) may be implemented by hardware, firmware, software, or a combination thereof. For example, one or more Application Specific Integrated Circuits (ASICs), one or more Digital Signal Processors (DSPs), one or more Digital Signal Processing Devices (DSPDs), one or more Programmable Logic Devices (PLDs), or one or more Field Programmable Gate Arrays (FPGAs) may be included in one or more processors (102, 202). The descriptions, functions, procedures, proposals, methods, and / or flowcharts disclosed in this document may be implemented using firmware or software, and the firmware or software may be implemented to include modules, procedures, functions, etc. Firmware or software configured to perform the descriptions, functions, procedures, proposals, methods, and / or operation sequences disclosed in this document may be contained in one or more processors (102, 202) or stored in one or more memories (104, 204) and driven by one or more processors (102, 202). The descriptions, functions, procedures, proposals, methods, and / or operation sequences disclosed in this document may be implemented using firmware or software in the form of code, instructions, and / or sets of instructions.

[0883] One or more memories (104, 204) may be connected to one or more processors (102, 202) and may store various forms of data, signals, messages, information, programs, code, instructions, and / or commands. One or more memories (104, 204) may be composed of ROM, RAM, EPROM, flash memory, hard drive, registers, cache memory, computer read storage media, and / or combinations thereof. One or more memories (104, 204) may be located inside and / or outside of one or more processors (102, 202). Additionally, one or more memories (104, 204) may be connected to one or more processors (102, 202) through various technologies such as wired or wireless connections.

[0884] One or more transceivers (106, 206) may transmit user data, control information, wireless signals / channels, etc., as mentioned in the methods and / or operation flowcharts, etc., of this document to one or more other devices. One or more transceivers (106, 206) may receive user data, control information, wireless signals / channels, etc., as mentioned in the descriptions, functions, procedures, proposals, methods and / or operation flowcharts, etc., disclosed in this document from one or more other devices. For example, one or more transceivers (106, 206) may be connected to one or more processors (102, 202) and may transmit and receive wireless signals. For example, one or more processors (102, 202) may control one or more transceivers (106, 206) to transmit user data, control information, or wireless signals to one or more other devices. Additionally, one or more processors (102, 202) may control one or more transceivers (106, 206) to receive user data, control information, or wireless signals from one or more other devices. Additionally, one or more transceivers (106, 206) may be connected to one or more antennas (108, 208), and one or more transceivers (106, 206) may be configured to transmit and receive user data, control information, wireless signals / channels, etc., as described in the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document through one or more antennas (108, 208). In this document, one or more antennas may be multiple physical antennas or multiple logical antennas (e.g., antenna ports). One or more transceivers (106, 206) can convert the received wireless signal / channel, etc. from an RF band signal to a baseband signal in order to process the received user data, control information, wireless signal / channel, etc. using one or more processors (102, 202).One or more transceivers (106, 206) can convert user data, control information, wireless signals / channels, etc. processed using one or more processors (102, 202) from baseband signals to RF band signals. To this end, one or more transceivers (106, 206) may include (analog) oscillators and / or filters.

[0885] FIG. 52 illustrates another example of a wireless device that can be applied to various embodiments of the present disclosure.

[0886] According to FIG. 52, the wireless device may include at least one processor (102, 202), at least one memory (104, 204), at least one transceiver (106, 206), and one or more antennas (108, 208).

[0887] The difference between the example of the wireless device described in FIG. 51 and the example of the wireless device in FIG. 52 is that in FIG. 51, the processor (102, 202) and the memory (104, 204) are separated, whereas in the example of FIG. 52, the memory (104, 204) is included in the processor (102, 202).

[0888] Here, since the specific descriptions of the processor (102, 202), memory (104, 204), transceiver (106, 206), and one or more antennas (108, 208) are as described above, the descriptions of the repeated descriptions will be omitted to avoid unnecessary repetition of descriptions.

[0889] Hereinafter, examples of signal processing circuits to which various embodiments of the present disclosure are applied are described.

[0890] FIG. 53 illustrates a signal processing circuit for a transmission signal.

[0891] Referring to FIG. 53, the signal processing circuit (1000) may include a scrambler (1010), a modulator (1020), a layer mapper (1030), a precoder (1040), a resource mapper (1050), and a signal generator (1060). Although not limited thereto, the operation / function of FIG. 53 may be performed in the processor (102, 202) and / or transceiver (106, 206) of FIG. 51. The hardware elements of FIG. 53 may be implemented in the processor (102, 202) and / or transceiver (106, 206) of FIG. 51. For example, blocks 1010 through 1060 may be implemented in the processor (102, 202) of FIG. 51. Additionally, blocks 1010 to 1050 may be implemented in the processor (102, 202) of FIG. 51, and block 1060 may be implemented in the transceiver (106, 206) of FIG. 51.

[0892] The codeword can be converted into a wireless signal through the signal processing circuit (1000) of FIG. 53. Here, the codeword is an encoded bit sequence of an information block. The information block may include a transmission block (e.g., UL-SCH transmission block, DL-SCH transmission block). The wireless signal can be transmitted through various physical channels (e.g., PUSCH, PDSCH).

[0893] Specifically, a codeword can be converted into a scrambled bit sequence by a scrambler (1010). The scrambled sequence used for scrambling is generated based on an initialization value, which may include ID information of a wireless device, etc. The scrambled bit sequence can be modulated into a modulation symbol sequence by a modulator (1020). The modulation method may include pi / 2-BPSK (pi / 2-Binary Phase Shift Keying), m-PSK (m-Phase Shift Keying), m-QAM (m-Quadrature Amplitude Modulation), etc. The complex modulation symbol sequence can be mapped to one or more transmission layers by a layer mapper (1030). The modulation symbols of each transmission layer can be mapped to the corresponding antenna port(s) by a precoder (1040) (precoding). The output z of the precoder (1040) can be obtained by multiplying the output y of the layer mapper (1030) by an N*M precoding matrix W. Here, N is the number of antenna ports and M is the number of transmission layers. Here, the precoder (1040) can perform precoding after performing transform precoding (e.g., DFT transform) on the complex modulation symbols. Additionally, the precoder (1040) can perform precoding without performing transform precoding.

[0894] A resource mapper (1050) can map the modulation symbols of each antenna port to a time-frequency resource. The time-frequency resource may include multiple symbols (e.g., CP-OFDMA symbols, DFT-s-OFDMA symbols) in the time domain and multiple subcarriers in the frequency domain. A signal generator (1060) generates a radio signal from the mapped modulation symbols, and the generated radio signal can be transmitted to another device through each antenna. To this end, the signal generator (1060) may include an Inverse Fast Fourier Transform (IFFT) module, a Cyclic Prefix (CP) inserter, a Digital-to-Analog Converter (DAC), a frequency uplink converter, etc.

[0895] The signal processing process for a received signal in a wireless device can be configured as the inverse of the signal processing process (1010–1060) of FIG. 53. For example, a wireless device (e.g., 100, 200 in FIG. 51) can receive a wireless signal from the outside through an antenna port / transceiver. The received wireless signal can be converted into a baseband signal through a signal restorer. To this end, the signal restorer may include a frequency downlink converter, an analog-to-digital converter (ADC), a CP remover, and a Fast Fourier Transform (FFT) module. Subsequently, the baseband signal can be restored into a codeword through a resource de-mapper process, a postcoding process, a demodulation process, and a de-scrambling process. The codeword can be restored into the original information block through decoding. Accordingly, a signal processing circuit (not shown) for a received signal may include a signal restorer, a resource de-mapper, a postcoder, a demodulator, a de-scrambler, and a decoder.

[0896] Hereinafter, examples of wireless device applications to which various embodiments of the present disclosure are applied will be described.

[0897] FIG. 54 illustrates another example of a wireless device applicable to various embodiments of the present disclosure. The wireless device may be implemented in various forms depending on the use-example / service (see FIG. 50).

[0898] Referring to FIG. 54, the wireless device (100, 200) corresponds to the wireless device (100, 200) of FIG. 51 and may be composed of various elements, components, units / parts, and / or modules. For example, the wireless device (100, 200) may include a communication unit (110), a control unit (120), a memory unit (130), and additional elements (140). The communication unit may include a communication circuit (112) and transceiver(s) (114). For example, the communication circuit (112) may include one or more processors (102, 202) and / or one or more memories (104, 204) of FIG. 51. For example, the transceiver(s) (114) may include one or more transceivers (106, 206) and / or one or more antennas (108, 208) of FIG. 51. The control unit (120) is electrically connected to the communication unit (110), the memory unit (130), and additional elements (140) and controls the general operation of the wireless device. For example, the control unit (120) may control the electrical / mechanical operation of the wireless device based on a program / code / command / information stored in the memory unit (130). Additionally, the control unit (120) may transmit information stored in the memory unit (130) to an external (e.g., another communication device) via a wireless / wired interface through the communication unit (110), or store information received from an external (e.g., another communication device) via a wireless / wired interface through the communication unit (110) in the memory unit (130).

[0899] The additional element (140) can be configured in various ways depending on the type of wireless device. For example, the additional element (140) may include at least one of a power unit / battery, an input / output unit (I / O unit), a driving unit, and a computing unit. Although not limited thereto, the wireless device may be implemented in the form of a robot (Fig. 50, 100a), a vehicle (Fig. 50, 100b-1, 100b-2), an XR device (Fig. 50, 100c), a portable device (Fig. 50, 100d), a home appliance (Fig. 50, 100e), an IoT device (Fig. 50, 100f), a digital broadcasting terminal, a hologram device, a public safety device, an MTC device, a medical device, a fintech device (or financial device), a security device, a climate / environment device, an AI server / device (Fig. 50, 400), a base station (Fig. 50, 200), a network node, etc. Wireless devices can be used in a movable or fixed location depending on the use—e.g., service.

[0900] In FIG. 54, various elements, components, units / parts, and / or modules within the wireless device (100, 200) may be entirely interconnected via a wired interface, or at least partially connected via a communication unit (110). For example, within the wireless device (100, 200), the control unit (120) and the communication unit (110) may be connected via a wire, and the control unit (120) and the first unit (e.g., 130, 140) may be connected wirelessly via the communication unit (110). Additionally, each element, component, unit / part, and / or module within the wireless device (100, 200) may include one or more additional elements. For example, the control unit (120) may be composed of one or more sets of processors. For example, the control unit (120) may be composed of a set of a communication control processor, an application processor, an Electronic Control Unit (ECU), a graphics processing processor, a memory control processor, etc. As another example, the memory unit (130) may be composed of RAM (Random Access Memory), DRAM (Dynamic RAM), ROM (Read Only Memory), flash memory, volatile memory, non-volatile memory and / or a combination thereof.

[0901] Hereinafter, an implementation example of FIG. 54 will be described in more detail with reference to the drawings.

[0902] FIG. 55 illustrates a portable device applicable to various embodiments of the present disclosure. The portable device may include a smartphone, a smartpad, a wearable device (e.g., a smartwatch, smart glasses), a portable computer (e.g., a laptop, etc.). The portable device may be referred to as an MS (Mobile Station), UT (user terminal), MSS (Mobile Subscriber Station), SS (Subscriber Station), AMS (Advanced Mobile Station), or WT (Wireless terminal).

[0903] Referring to FIG. 55, the portable device (100) may include an antenna unit (108), a communication unit (110), a control unit (120), a memory unit (130), a power supply unit (140a), an interface unit (140b), and an input / output unit (140c). The antenna unit (108) may be configured as part of the communication unit (110). Blocks 110 to 130 / 140a to 140c each correspond to blocks 110 to 130 / 140 of FIG. 54.

[0904] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with other wireless devices and base stations. The control unit (120) can control the components of the portable device (100) to perform various operations. The control unit (120) may include an AP (Application Processor). The memory unit (130) can store data / parameters / programs / code / commands required for the operation of the portable device (100). Additionally, the memory unit (130) can store input / output data / information, etc. The power supply unit (140a) supplies power to the portable device (100) and may include wired / wireless charging circuits, batteries, etc. The interface unit (140b) can support the connection between the portable device (100) and other external devices. The interface unit (140b) may include various ports (e.g., audio input / output ports, video input / output ports) for connection with external devices. The input / output unit (140c) can receive or output video information / signals, audio information / signals, data, and / or information input by a user. The input / output unit (140c) may include a camera, a microphone, a user input unit, a display unit (140d), a speaker and / or a haptic module, etc.

[0905] For example, in the case of data communication, the input / output unit (140c) acquires information / signals (e.g., touch, text, voice, image, video) input from the user, and the acquired information / signals can be stored in the memory unit (130). The communication unit (110) converts the information / signals stored in the memory into wireless signals and can directly transmit the converted wireless signals to another wireless device or to a base station. Additionally, the communication unit (110) can receive wireless signals from another wireless device or base station and then restore the received wireless signals to their original information / signals. The restored information / signals can be stored in the memory unit (130) and then output in various forms (e.g., text, voice, image, video, haptic) through the input / output unit (140c).

[0906] FIG. 56 illustrates a vehicle or autonomous vehicle applicable to various embodiments of the present disclosure.

[0907] Vehicles or autonomous vehicles can be implemented as mobile robots, vehicles, trains, manned or unmanned aerial vehicles (AVs), ships, etc.

[0908] Referring to FIG. 56, a vehicle or autonomous vehicle (100) may include an antenna unit (108), a communication unit (110), a control unit (120), a driving unit (140a), a power supply unit (140b), a sensor unit (140c), and an autonomous driving unit (140d). The antenna unit (108) may be configured as part of the communication unit (110). Blocks 110 / 130 / 140a to 140d correspond to blocks 110 / 130 / 140 of FIG. 54, respectively.

[0909] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with external devices such as other vehicles, base stations (e.g., base stations, roadside base stations (Roadside units), etc.), and servers. The control unit (120) can perform various operations by controlling elements of the vehicle or autonomous vehicle (100). The control unit (120) may include an Electronic Control Unit (ECU). The driving unit (140a) can drive the vehicle or autonomous vehicle (100) on the ground. The driving unit (140a) may include an engine, motor, power train, wheels, brakes, steering device, etc. The power supply unit (140b) supplies power to the vehicle or autonomous vehicle (100) and may include wired / wireless charging circuits, batteries, etc. The sensor unit (140c) can obtain vehicle status, surrounding environment information, user information, etc. The sensor unit (140c) may include an IMU (inertial measurement unit) sensor, a collision sensor, a wheel sensor, a speed sensor, an inclination sensor, a weight detection sensor, a heading sensor, a position module, a vehicle forward / reverse sensor, a battery sensor, a fuel sensor, a tire sensor, a steering sensor, a temperature sensor, a humidity sensor, an ultrasonic sensor, an illuminance sensor, a pedal position sensor, etc. The autonomous driving unit (140d) may implement technologies such as maintaining the driving lane, technologies for automatically adjusting speed such as adaptive cruise control, technologies for automatically driving along a predetermined path, and technologies for automatically setting a path and driving when a destination is set.

[0910] For example, the communication unit (110) can receive map data, traffic information data, etc. from an external server. The autonomous driving unit (140d) can generate an autonomous driving path and a driving plan based on the acquired data. The control unit (120) can control the drive unit (140a) so that the vehicle or the autonomous vehicle (100) moves along the autonomous driving path according to the driving plan (e.g., speed / direction control). During autonomous driving, the communication unit (110) can acquire the latest traffic information data from an external server non-periodically and can acquire surrounding traffic information data from surrounding vehicles. Additionally, during autonomous driving, the sensor unit (140c) can acquire vehicle status and surrounding environment information. The autonomous driving unit (140d) can update the autonomous driving path and the driving plan based on the newly acquired data / information. The communication unit (110) can transmit information regarding the vehicle location, autonomous driving path, driving plan, etc. to an external server. An external server can predict traffic information data in advance using AI technology, etc., based on information collected from vehicles or autonomous vehicles, and can provide the predicted traffic information data to vehicles or autonomous vehicles.

[0911] FIG. 57 illustrates a vehicle applicable to various embodiments of the present disclosure. The vehicle may also be implemented as a means of transport, a train, an aircraft, a ship, etc.

[0912] Referring to FIG. 57, the vehicle (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), and a position measurement unit (140b). Here, blocks 110 to 130 / 140a to 140b correspond to blocks 110 to 130 / 140 of FIG. 54, respectively.

[0913] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with external devices such as other vehicles or base stations. The control unit (120) can control the components of the vehicle (100) to perform various operations. The memory unit (130) can store data / parameters / programs / codes / commands that support various functions of the vehicle (100). The input / output unit (140a) can output AR / VR objects based on information within the memory unit (130). The input / output unit (140a) may include a HUD. The position measurement unit (140b) can acquire position information of the vehicle (100). The position information may include absolute position information of the vehicle (100), position information within the driving line, acceleration information, position information relative to surrounding vehicles, etc. The position measurement unit (140b) may include GPS and various sensors.

[0914] For example, the communication unit (110) of the vehicle (100) can receive map information, traffic information, etc. from an external server and store it in the memory unit (130). The location measurement unit (140b) can acquire vehicle location information through GPS and various sensors and store it in the memory unit (130). The control unit (120) creates a virtual object based on map information, traffic information, and vehicle location information, etc., and the input / output unit (140a) can display the created virtual object on the glass window inside the vehicle (1410, 1420). In addition, the control unit (120) can determine whether the vehicle (100) is operating normally within the driving line based on the vehicle location information. If the vehicle (100) deviates abnormally from the driving line, the control unit (120) can display a warning on the glass window inside the vehicle through the input / output unit (140a). Additionally, the control unit (120) can broadcast a warning message regarding a driving abnormality to surrounding vehicles through the communication unit (110). Depending on the situation, the control unit (120) can transmit the vehicle's location information and information regarding the driving / vehicle abnormality to relevant authorities through the communication unit (110).

[0915] FIG. 58 illustrates an XR device applicable to various embodiments of the present disclosure. The XR device may be implemented as an HMD, a Head-Up Display (HUD) equipped in a vehicle, a television, a smartphone, a computer, a wearable device, a home appliance, digital signage, a vehicle, a robot, etc.

[0916] Referring to FIG. 58, the XR device (100a) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), a sensor unit (140b), and a power supply unit (140c). Here, blocks 110 to 130 / 140a to 140c correspond to blocks 110 to 130 / 140 of FIG. 54, respectively.

[0917] The communication unit (110) can transmit and receive signals (e.g., media data, control signals, etc.) with external devices such as other wireless devices, mobile devices, or media servers. The media data may include video, images, sound, etc. The control unit (120) can perform various operations by controlling the components of the XR device (100a). For example, the control unit (120) may be configured to control and / or perform procedures such as video / image acquisition, (video / image) encoding, metadata generation, and processing. The memory unit (130) may store data / parameters / programs / codes / commands required for driving the XR device (100a) or creating an XR object. The input / output unit (140a) acquires control information, data, etc. from the outside and can output the created XR object. The input / output unit (140a) may include a camera, microphone, user input unit, display unit, speaker and / or haptic module, etc. The sensor unit (140b) can obtain XR device status, surrounding environment information, user information, etc. The sensor unit (140b) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an RGB sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone and / or radar, etc. The power supply unit (140c) supplies power to the XR device (100a) and may include a wired / wireless charging circuit, a battery, etc.

[0918] For example, the memory unit (130) of the XR device (100a) may contain information (e.g., data, etc.) necessary for creating an XR object (e.g., AR / VR / MR object). The input / output unit (140a) may receive a command to operate the XR device (100a) from the user, and the control unit (120) may operate the XR device (100a) according to the user's operation command. For example, if the user intends to watch movies, news, etc. through the XR device (100a), the control unit (120) may transmit content request information to another device (e.g., mobile device (100b)) or a media server through the communication unit (130). The communication unit (130) may download / stream content such as movies, news, etc. from another device (e.g., mobile device (100b)) or a media server to the memory unit (130). The control unit (120) controls and / or performs procedures such as video / image acquisition, (video / image) encoding, and metadata generation / processing for the content, and can generate / output an XR object based on information about the surrounding space or real object acquired through the input / output unit (140a) / sensor unit (140b).

[0919] Additionally, the XR device (100a) is wirelessly connected to the mobile device (100b) through the communication unit (110), and the operation of the XR device (100a) can be controlled by the mobile device (100b). For example, the mobile device (100b) can act as a controller for the XR device (100a). To this end, the XR device (100a) can acquire three-dimensional position information of the mobile device (100b), and then generate and output an XR object corresponding to the mobile device (100b).

[0920] FIG. 59 illustrates a robot applicable to various embodiments of the present disclosure. Robots may be classified into industrial, medical, domestic, military, etc., depending on the purpose or field of use.

[0921] Referring to FIG. 59, the robot (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), a sensor unit (140b), and a driving unit (140c). Here, blocks 110 to 130 / 140a to 140c correspond to blocks 110 to 130 / 140 of FIG. 54, respectively.

[0922] The communication unit (110) can transmit and receive signals (e.g., driving information, control signals, etc.) with external devices such as other wireless devices, other robots, or control servers. The control unit (120) can control the components of the robot (100) to perform various operations. The memory unit (130) can store data / parameters / programs / codes / commands that support various functions of the robot (100). The input / output unit (140a) can acquire information from outside the robot (100) and output information to outside the robot (100). The input / output unit (140a) may include a camera, microphone, user input unit, display unit, speaker and / or haptic module, etc. The sensor unit (140b) can obtain internal information of the robot (100), surrounding environment information, user information, etc. The sensor unit (140b) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone, a radar, etc. The driving unit (140c) may perform various physical movements, such as moving robot joints. Additionally, the driving unit (140c) may enable the robot (100) to travel on the ground or fly in the air. The driving unit (140c) may include an actuator, a motor, a wheel, a brake, a propeller, etc.

[0923] FIG. 60 illustrates an AI device applicable to various embodiments of the present disclosure.

[0924] AI devices can be implemented as stationary devices or mobile devices, such as TVs, projectors, smartphones, PCs, laptops, digital broadcasting terminals, tablet PCs, wearable devices, set-top boxes (STBs), radios, washing machines, refrigerators, digital signage, robots, vehicles, etc.

[0925] Referring to FIG. 60, the AI ​​device (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a / 140b), a learning processor unit (140c), and a sensor unit (140d). Blocks 110 to 130 / 140a to 140d each correspond to blocks 110 to 130 / 140 of FIG. 54.

[0926] The communication unit (110) can transmit and receive wired and wireless signals (e.g., sensor information, user input, learning model, control signal, etc.) with external devices such as other AI devices (e.g., f. W1, 100x, 200, 400) or an AI server (200) using wired and wireless communication technology. To do this, the communication unit (110) can transmit information within the memory unit (130) to an external device or transmit signals received from an external device to the memory unit (130).

[0927] The control unit (120) can determine at least one executable operation of the AI ​​device (100) based on information determined or generated using a data analysis algorithm or a machine learning algorithm. The control unit (120) can perform the determined operation by controlling the components of the AI ​​device (100). For example, the control unit (120) can request, search, receive, or utilize data from the learning processor unit (140c) or the memory unit (130), and can control the components of the AI ​​device (100) to execute a predicted operation or an operation determined to be desirable among at least one executable operation. Additionally, the control unit (120) can collect historical information, including the operation content of the AI ​​device (100) or user feedback regarding the operation, and store it in the memory unit (130) or the learning processor unit (140c), or transmit it to an external device such as an AI server (Fig. W1, 400). The collected historical information can be used to update the learning model.

[0928] The memory unit (130) can store data that supports various functions of the AI ​​device (100). For example, the memory unit (130) can store data obtained from the input unit (140a), data obtained from the communication unit (110), output data from the learning processor unit (140c), and data obtained from the sensing unit (140). Additionally, the memory unit (130) can store control information and / or software code required for the operation / execution of the control unit (120).

[0929] The input unit (140a) can acquire various types of data from outside the AI ​​device (100). For example, the input unit (120) can acquire training data for model training and input data to which the training model is applied. The input unit (140a) may include a camera, a microphone and / or a user input unit, etc. The output unit (140b) can generate output related to visual, auditory, or tactile senses, etc. The output unit (140b) may include a display unit, a speaker and / or a haptic module, etc. The sensing unit (140) can obtain at least one of internal information of the AI ​​device (100), surrounding environment information of the AI ​​device (100), and user information using various sensors. The sensing unit (140) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an RGB sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone and / or radar, etc.

[0930] The learning processor unit (140c) can train a model composed of an artificial neural network using training data. The learning processor unit (140c) can perform AI processing together with the learning processor unit of the AI ​​server (Fig. W1, 400). The learning processor unit (140c) can process information received from an external device through the communication unit (110) and / or information stored in the memory unit (130). Additionally, the output value of the learning processor unit (140c) can be transmitted to an external device through the communication unit (110) and / or stored in the memory unit (130).

[0931] The claims described in various embodiments of the present disclosure may be combined in various ways. For example, the technical features of the method claims of various embodiments of the present disclosure may be combined to be implemented as a device, and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a method. Furthermore, the technical features of the method claims and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a device, and the technical features of the method claims and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a method.

Claims

1. In a method performed by the first node, A step of transmitting an IKE_SA_INIT request to a second node, including a transform type of Quantum Security and a transform identifier (transform ID) of Quantum Key Distribution (QKD); A step of receiving an IKE_SA_INIT response from the second node that includes the transformation type of the quantum security and the transformation ID of the QKD; A step of transmitting a quantum key exchange (QKE) message to the second node through a quantum channel, the message including a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed; and A method comprising the step of receiving a QBER message containing a QBER (quantum bit error rate) associated with an initial quantum key based on the QKE message from the second node via a classical channel, method.

2. In Paragraph 1, The method further includes the step of transmitting a QKR (quantum key refinement) message to the second node when the result of a QBER check based on the above QBER message is smaller than a QBER check threshold. method.

3. In Paragraph 1, The method further includes the step of transmitting a QBER_UNACCEPTABLE message related to the termination of the protocol to the second node when the result of a QBER check based on the above QBER message is greater than the QBER check threshold. method.

4. In Paragraph 1, The method further comprises the step of receiving a notify message from the second node via the classical channel that relates to one or more of the following: failure of the post-processing of the quantum key exchange (QKE), invalidity of the initial quantum key, or occurrence of a security issue with the quantum channel. method.

5. In Paragraph 1, A step of receiving a second quantum key exchange (QKE) message from the second node through the quantum channel, the message comprising a second quantum key length (QK length), a second quantum key basis (QK basis), and a second quantum seed; and The method further comprises the step of transmitting a second QBER message, which includes a second QBER (quantum bit error rate) associated with a second initial quantum key based on the second QKE message, to the second node through the classical channel. method.

6. In Paragraph 5, If the result of the second QBER verification based on the second QBER message is smaller than the QBER verification threshold, the step of receiving a second QKR message from the second node; The method further comprises the step of receiving a second QBER_UNACCEPTABLE message related to the termination of the protocol from the second node when the result of the second QBER acknowledgment based on the second QBER message is greater than the QBER acknowledgment threshold value. method.

7. In Paragraph 5, The transmission of the above QKE message and the reception of the above second QKE message are performed simultaneously. method.

8. In a method performed by the second node, A step of receiving an IKE_SA_INIT request from a first node that includes a transform type of Quantum Security and a transform identifier (transform ID) of Quantum Key Distribution (QKD); A step of transmitting an IKE_SA_INIT response to the first node, the IKE_SA_INIT response including the transformation type of the quantum security and the transformation ID of the QKD; A step of receiving a quantum key exchange (QKE) message from the first node through a quantum channel, the message including a quantum key length (QK length), a quantum key basis (QK basis), and a quantum seed; and A method comprising the step of transmitting a QBER message containing a quantum bit error rate (QBER) associated with an initial quantum key based on the QKE message to the first node via a classical channel, method.

9. In Paragraph 8, If the result of a QBER check based on the above QBER message is smaller than a QBER check threshold, the method further includes the step of receiving a QKR (quantum key refinement) message from the first node. method.

10. In Paragraph 8, The method further includes the step of receiving a QBER_UNACCEPTABLE message related to the termination of the protocol from the first node when the result of a QBER check based on the above QBER message is greater than a QBER check threshold. method.

11. In Paragraph 8, The method further includes the step of transmitting a notify message to the first node via the classical channel, the notification being related to one or more of the following: failure of the post-processing of the quantum key exchange (QKE), invalidity of the initial quantum key, or occurrence of a security issue with the quantum channel. method.

12. In Paragraph 8, A step of transmitting a second quantum key exchange (QKE) message to the first node through the quantum channel, the message comprising a second quantum key length (QK length), a second quantum key basis (QK basis), and a second quantum seed; and The method further comprises the step of receiving a second QBER message containing a second QBER (quantum bit error rate) associated with a second initial quantum key based on the second QKE message from the first node through the classical channel. method.

13. In Paragraph 12, If the result of the second QBER verification based on the second QBER message is smaller than the QBER verification threshold, the step of transmitting a second QKR message to the first node; The method further includes the step of transmitting a second QBER_UNACCEPTABLE message related to the termination of the protocol to the first node when the result of the second QBER acknowledgment based on the second QBER message is greater than the QBER acknowledgment threshold. method.

14. In Paragraph 12, The reception of the above QKE message and the transmission of the above second QKE message are performed simultaneously. method.

15. In the first node, Transmitter / Receiver; At least one processor; and It includes at least one memory that is operablely connectable to the at least one processor and stores instructions for performing operations when executed by the at least one processor. The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, Node 1.

16. In the second node, Transmitter / Receiver; At least one processor; and It includes at least one memory that is operablely connectable to the at least one processor and stores instructions for performing operations when executed by the at least one processor. The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, Node 2.

17. In a control device for controlling a first node, At least one processor; and It includes at least one memory operably connected to the above at least one processor, and The above at least one memory stores instructions for performing operations based on execution by the above at least one processor, and The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, controller.

18. In a control device for controlling a second node, At least one processor; and It includes at least one memory operably connected to the above at least one processor, and The above at least one memory stores instructions for performing operations based on execution by the above at least one processor, and The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, controller.

19. In one or more non-transitory computer-readable media storing one or more instructions, The above one or more instructions perform operations based on being executed by one or more processors, and The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, Computer-readable media.

20. In one or more non-transitory computer-readable media storing one or more instructions, The above one or more instructions perform operations based on being executed by one or more processors, and The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, Computer-readable media.

Images