CN109005034B - Multi-tenant quantum key supply method and device - Google Patents

Multi-tenant quantum key supply method and device Download PDF

Info

Publication number
CN109005034B
CN109005034B CN201811094174.3A CN201811094174A CN109005034B CN 109005034 B CN109005034 B CN 109005034B CN 201811094174 A CN201811094174 A CN 201811094174A CN 109005034 B CN109005034 B CN 109005034B
Authority
CN
China
Prior art keywords
quantum key
tenant
pair
distribution nodes
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811094174.3A
Other languages
Chinese (zh)
Other versions
CN109005034A (en
Inventor
赵永利
曹原
郁小松
刘枫
齐维孔
张�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
China Academy of Space Technology CAST
Original Assignee
Beijing University of Posts and Telecommunications
China Academy of Space Technology CAST
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications, China Academy of Space Technology CAST filed Critical Beijing University of Posts and Telecommunications
Priority to CN201811094174.3A priority Critical patent/CN109005034B/en
Publication of CN109005034A publication Critical patent/CN109005034A/en
Application granted granted Critical
Publication of CN109005034B publication Critical patent/CN109005034B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multi-tenant quantum key supply method and device. The method comprises the following steps: acquiring parameter information of a quantum key distribution network; after receiving a plurality of tenant requests, recording parameter information of each tenant request and inquiring quantum key information associated with the tenant requests; and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request. The scheme provided by the invention can improve the configuration flexibility of the multi-tenant quantum key and the supply efficiency of the quantum key in the quantum key distribution network.

Description

Multi-tenant quantum key supply method and device
Technical Field
The invention relates to the technical field of communication, in particular to a multi-tenant quantum key supply method and device.
Background
Information network security and confidentiality are important in the information age. The QKD (Quantum key distribution) technique can provide a theoretically "unconditionally secure" Quantum key for a user with high security requirements, thereby ensuring secure communication between the user's secret and sensitive data. The QKD network can serve as a support network for secure communications of users, but the QKD network is currently expensive and difficult to deploy, and proprietary QKD networks are difficult to deploy for some institutions with high security requirements (e.g., financial institutions, government agencies, etc.). The QKD network can continuously generate and store quantum keys, and a plurality of tenants (one tenant corresponds to one mechanism with high security requirements) can rent the same QKD network and obtain the required quantum keys from the QKD network to guarantee secure communication. The quantum keys acquired by a plurality of tenants are different from each other, and the quantum keys are destroyed after being used once.
In the QKD network, multiple tenants dynamically arrive and leave, and each tenant is unknown before arriving, it becomes critical how to achieve efficient supply-demand matching of the quantum keys supplied by the QKD network and the quantum keys demanded by the dynamic multi-tenants. An efficient dynamic multi-tenant quantum key supply method is lacked in the existing QKD network, and quantum key supply and configuration of multiple tenants are completed one by one mainly by adopting a manual method in the related technology, so that efficient supply and demand matching of quantum keys supplied by the QKD network and quantum keys required by the dynamic multi-tenant is difficult to realize, and the problems that the configuration of the multiple tenants in the existing QKD network is inflexible and the supply efficiency of quantum key resources is low are caused.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for providing a multi-tenant quantum key, which can improve the configuration flexibility of the multi-tenant and the quantum key providing efficiency.
According to an aspect of the present invention, there is provided a multi-tenant quantum key provisioning method, including:
acquiring parameter information of a quantum key distribution network;
after receiving a plurality of tenant requests, recording parameter information of each tenant request and inquiring quantum key information associated with the tenant requests;
and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request.
Preferably, the obtaining parameter information of the quantum key distribution network includes:
acquiring topological information of a quantum key distribution network;
and acquiring the quantum key generation rate, the quantum key storage amount threshold and the quantum key reserved storage amount between each pair of distribution nodes.
Preferably, the recording the parameter information requested by each tenant includes:
recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
the querying quantum key information associated with the tenant request comprises:
and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
Preferably, the determining a quantum key supplied to each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request includes:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
Preferably, the determining, according to a comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, an amount of quantum keys available between each pair of distribution nodes includes:
when the theoretical quantum key storage amount is larger than the quantum key storage amount threshold value, determining the available quantum key amount between each pair of distribution nodes and selecting the quantum key storage amount threshold value;
and when the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold value, determining the quantum key amount available between each pair of distribution nodes and selecting the theoretical quantum key storage amount.
Preferably, the determining the quantum key provisioned for each tenant according to the comparison result between the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes includes:
and when the quantity of the quantum keys available between each pair of the distribution nodes is larger than or equal to the quantity of the required quantum keys between each pair of the distribution nodes, selecting the quantity of the required quantum keys from the corresponding distribution nodes and supplying the quantity of the required quantum keys to the nodes corresponding to the tenant request.
Preferably, the method further comprises:
and monitoring and updating the real-time residual quantum key amount between each pair of distribution nodes in the quantum key distribution network.
According to another aspect of the present invention, there is provided a multi-tenant quantum key provisioning apparatus including:
the network information acquisition module is used for acquiring parameter information of the quantum key distribution network;
the system comprises a tenant recording and querying module, a processing module and a processing module, wherein the tenant recording and querying module is used for recording parameter information of each tenant request and querying quantum key information related to the tenant request after receiving a plurality of tenant requests;
and the quantum key supply module is used for determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module, the parameter information of each tenant request recorded by the tenant recording and query module and the queried quantum key information associated with the tenant request.
Preferably, the network information obtaining module includes:
the topological information acquisition module is used for acquiring topological information of the quantum key distribution network;
the rate information acquisition module is used for acquiring the quantum key generation rate between each pair of distribution nodes;
the storage information acquisition module is used for acquiring a quantum key storage amount threshold value between each pair of distribution nodes;
and the reserved information acquisition module is used for acquiring the reserved storage capacity of the quantum key between each pair of distribution nodes.
Preferably, the tenant recording and querying module includes:
the node recording module is used for recording a node set requested by each tenant;
the time recording module is used for recording the arrival time and the duration of each tenant request;
the demand recording module is used for recording the quantum key demand between each pair of distribution nodes in the node set requested by each tenant;
and the query module is used for querying the previous tenant request information for completing quantum key supply between each pair of distribution nodes and the quantum key amount remained after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
Preferably, the quantum key provisioning module includes:
the calculation module is used for determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request; determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
the judgment module is used for judging whether the theoretical quantum key storage capacity is larger than the quantum key storage capacity threshold value or not and judging whether the quantum key quantity available between each pair of distribution nodes is larger than or equal to the required quantum key quantity between each pair of distribution nodes or not;
the decision module is used for determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module;
and the execution module is used for determining the quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module and the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the judgment module.
Preferably, the quantum key provisioning module further comprises:
and the monitoring module is used for monitoring and updating the quantum key amount remained in real time between each pair of distribution nodes in the quantum key distribution network.
In summary, according to the technical solution of the embodiment of the present invention, parameter information of a quantum key distribution network can be obtained, after receiving a plurality of tenant requests, parameter information of each tenant request is recorded and quantum key information associated with the tenant request is queried, and then a quantum key supplied to each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
FIG. 1 is a schematic diagram of a quantum key distribution network;
fig. 2 is a schematic flow diagram of a multi-tenant quantum key provisioning method in a quantum key distribution network according to one embodiment of the invention;
fig. 3 is a schematic flow chart diagram of step 201 in a method for multi-tenant quantum key provisioning in a quantum key distribution network according to an embodiment of the present invention;
fig. 4 is a schematic flow chart diagram of step 202 in a method for multi-tenant quantum key provisioning in a quantum key distribution network according to an embodiment of the present invention;
fig. 5 is a schematic flow chart diagram of step 203 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention;
FIG. 6 is a quantum key distribution network application illustration according to one embodiment of the invention;
fig. 7 is a schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to one embodiment of the present invention;
fig. 8 is another schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The invention provides a multi-tenant quantum key supply method which can improve the configuration flexibility of multi-tenant quantum keys and the supply efficiency of quantum keys in a quantum key distribution network.
The technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a quantum key distribution network.
As shown in fig. 1, the QKD network includes a node a, a node B, a node C, a node D, and a node E, where the QKD node is located at a user end node with high security requirement, and the QKD link includes a quantum channel for carrying quantum optical signals and synchronous optical signals, and a negotiation channel for carrying negotiation information such as basis vector comparison and error code check. Due to the unclonable characteristic of the quantum state, the quantum signal cannot be amplified, and a plurality of credible relay nodes can be arranged among the QKD nodes to prolong the QKD distance. The QKD node comprises a plurality of QKD transmitting ends, a plurality of QKD receiving ends, a key management server and other components. Any pair of QKD nodes in the QKD network can be communicated with the QKD transmitting end and the QKD receiving end by using a QKD link to perform quantum key distribution, so that a quantum key which is theoretically 'unconditionally safe' is generated, and the quantum key is stored in a key management server. The key management server can control the quantum key distribution sending end and the quantum key distribution receiving end to synchronously generate the quantum key, store the quantum key, supply the quantum key for a tenant with high safety requirement and destroy the quantum key after the quantum key is used once.
Fig. 2 is a schematic flow chart of a multi-tenant quantum key provisioning method in a quantum key distribution network according to one embodiment of the invention. The method can be applied to a multi-tenant quantum key provisioning device in a quantum key distribution network.
With respect to the multi-tenant of the embodiment of the present invention, a plurality of logically isolated tenants can coexist on the same underlying network to share resources in the network. The unique property of quantum key resources enables the quantum key to be continuously generated among QKD nodes and continuously consumed by multiple tenants, and the quantum key cannot be reused and can be destroyed after being used once. Each tenant request in the QKD network consists of several user end nodes with high security requirements and quantum key requirements between each corresponding pair of user end nodes. The general quantum key requirements may include both types of quantum key volume requirements and quantum key rate requirements. Multiple tenants will dynamically arrive and leave, and each tenant is not known before arriving. The invention can realize the thorough separation of QKD network infrastructure and high-security-requirement users by utilizing the idea of multi-tenancy, so that a plurality of users can obtain quantum key resources meeting the security requirements of the users in the form of renting the QKD network without paying attention to specific bottom QKD networking details (cost, difficulty and the like), thereby greatly improving the utilization rate of the quantum key resources in the QKD network.
The invention provides a dynamic multi-tenant quantum key supply method in a QKD network aiming at the defects of the prior art and the unique attributes of quantum key resources in the QKD network, and the method can realize the efficient supply and demand matching of quantum keys supplied by the QKD network and quantum keys required by dynamic multi-tenant.
Referring to fig. 2, the method includes:
step 201, obtaining parameter information of the quantum key distribution network.
The method comprises the steps of obtaining topological information of a quantum key distribution network; and acquiring the quantum key generation rate, the quantum key storage amount threshold and the quantum key reserved storage amount between each pair of distribution nodes.
Step 202, after receiving a plurality of tenant requests, recording parameter information of each tenant request and querying quantum key information associated with the tenant request.
Wherein the recording of the parameter information requested by each tenant comprises: recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
wherein the querying quantum key information associated with the tenant request comprises: and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
Step 203, determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request.
This step may include:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
According to the technical scheme of the embodiment of the invention, the parameter information of the quantum key distribution network can be obtained, after a plurality of tenant requests are received, the parameter information of each tenant request is recorded and the quantum key information associated with the tenant request is inquired, and then the quantum key supplied for each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
Fig. 3 is a schematic flow chart of step 201 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 3, this includes:
step 301, obtaining quantum key distribution network topology information.
Wherein QKD nodes in the underlying QKD network topology correspond to user end nodes with high security requirements.
Step 302, obtaining the quantum key generation rate between each pair of quantum key distribution nodes.
After each pair of quantum key distribution nodes are connected with a QKD link, quantum keys are generated continuously at a certain rate.
Step 303, obtaining quantum key storage quantity threshold value K between each pair of quantum key distribution nodesmax
And the quantum key storage amount threshold value in the key management server between each pair of quantum key distribution nodes is determined by the size of the storage space.
And step 304, acquiring the quantum key reserved storage between each pair of quantum key distribution nodes.
Before the dynamic multi-tenant request arrives, a certain quantum key storage amount is reserved between each pair of quantum key distribution nodes, and multi-tenant quantum key supply failure caused by insufficient quantum key storage amount when the QKD network starts to operate can be avoided.
It should be noted that there is no necessary order relationship between the steps 301, 302, 303, and 304.
Fig. 4 is a schematic flow chart of step 202 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 4, this includes:
in step 401, a tenant end node set with high security requirements for each tenant request is recorded.
And each node with high security requirement in the node set has a corresponding relation with the quantum key distribution node in the bottom layer quantum key distribution network.
At step 402, the arrival time and duration of each tenant request is recorded.
Wherein, the arrival time and the duration of the plurality of tenant requests can be the same or different.
And step 403, recording the quantum key requirement between each pair of nodes in the node set requested by each tenant.
The quantum key requirements can include two types of quantum key quantity requirements and quantum key rate requirements.
Step 404, querying previous tenant request information for completing quantum key provisioning between each pair of quantum key distribution nodes corresponding to each tenant request.
And 405, inquiring the quantum key amount left in real time after each pair of QKD nodes finish supplying quantum keys for the previous tenant request.
It should be noted that steps 401, 402 and 403 do not necessarily have a sequential relationship.
Fig. 5 is a schematic flow chart of step 203 in a multi-tenant quantum key provisioning method in a quantum key distribution network according to an embodiment of the present invention.
In fig. 5, this includes:
step 501, calculating a required quantum key quantity K between each pair of QKD nodes corresponding to each tenant requestr
Calculating each pair of QKD corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of nodes in the node set of each tenant requestRequired quantum key quantum K between nodesr(i.e., the amount of quantum key that needs to be supplied).
And 502, calculating theoretical quantum key storage Ks between each pair of quantum key distribution nodes.
And calculating theoretical quantum key storage Ks (namely theoretical quantum key storage) between each pair of quantum key distribution nodes in the quantum key distribution network when each tenant request arrives according to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage, the arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount left after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
Step 503, determine whether the theoretical quantum key storage amount Ks is greater than the quantum key storage amount threshold KmaxIf yes, go to step 504, otherwise, go to step 505.
Step 504, determining that the quantum key amount Kc available in real time between each pair of quantum key distribution nodes is equal to the quantum key storage amount threshold KmaxStep 506 is entered.
Step 505, determining that the quantum key amount Kc available in real time between each pair of quantum key distribution nodes is equal to the theoretical quantum key storage amount Ks, and entering step 506.
Step 506, determining whether the quantum key amount Kc available in real time between each pair of quantum key distribution nodes is greater than or equal to the quantum key amount K required between each pair of quantum key distribution nodesr(ii) a If yes, go to step 507, otherwise, go to step 508.
Step 507, selecting the required quantum key quantity K from the corresponding quantum key distribution nodes by using a first hit methodrAnd the corresponding node is requested to be supplied to the tenant, and the step 509 is entered.
The first hit method is that available resources are numbered in a front-to-back order, and then the resources are selected according to the order of the numbers from small to large. The first hit is a common method for allocating network resources, that is, each time network resources are allocated (such as key resources herein), the foremost (i.e., smallest-numbered) available resources are selected according to the numbering order for allocation.
Step 508, the quantum key requirement requested by the tenant cannot be met, the corresponding tenant will block or wait, and step 509 is entered.
And 509, monitoring and updating the quantum key amount remained in real time between each pair of quantum key distribution nodes in the quantum key distribution network.
After quantum key supply is completed, the real-time residual quantum key amount between each pair of quantum key distribution nodes in the quantum key distribution network is monitored and updated. It should be noted that, after the new tenant request arrives, steps 202 and 203 in fig. 2 are repeatedly executed in sequence.
It should be noted that steps 501 and 502 do not necessarily have a sequential relationship.
Fig. 6 is a quantum key distribution network application illustration according to an embodiment of the invention.
As shown in fig. 6, before the dynamic multi-tenant arrives, topology information of the bottom QKD network is obtained, and bottom 6 QKD nodes and QKD link information connecting the QKD nodes can be obtained; obtaining quantum key generation rate between each pair of QKD nodes, e.g. QKD nodes
Figure BDA0001805130850000101
A quantum key generation rate of
Figure BDA0001805130850000102
QKD node
Figure BDA0001805130850000103
A quantum key generation rate of
Figure BDA0001805130850000104
QKD node
Figure BDA0001805130850000105
A quantum key generation rate of
Figure BDA0001805130850000106
Obtaining quantum key memory space threshold K between each pair of QKD nodesmaxIn the embodiment of the invention, the quantum key storage amount threshold values between each pair of QKD nodes are the same; obtaining quantum key reserved storage K between each pair of QKD nodesaIn the embodiment of the invention, the reserved storage capacity of the quantum key between each pair of QKD nodes is the same.
Before the tenant 2 request arrives, the tenant 1 request has completed quantum key provisioning. When a tenant 2 request arrives, recording a node set { A, B, C } requested by the tenant 2; recording the arrival time t of tenant 2 requesta2And duration th2(ii) a Recording nodes in node set { A, B, C } requested by tenant 2
Figure BDA0001805130850000107
The quantum key rate requirement of
Figure BDA0001805130850000108
Node point
Figure BDA0001805130850000109
The quantum key quantity requirement of
Figure BDA00018051308500001010
Node point
Figure BDA00018051308500001011
The quantum key rate requirement of
Figure BDA00018051308500001012
Query tenant 1 request arrival time ta1(ii) a Querying QKD nodes
Figure BDA00018051308500001013
Quantum key amount remaining in real time after completion of supplying quantum key to tenant 1 request
Figure BDA0001805130850000111
QKD node
Figure BDA0001805130850000112
Quantum key amount remaining in real time after completion of supplying quantum key to tenant 1 request
Figure BDA0001805130850000113
QKD node
Figure BDA0001805130850000114
Quantum key amount remaining in real time after completion of supplying quantum key to tenant 1 request
Figure BDA0001805130850000115
Computing tenant 2 request corresponding QKD node
Figure BDA0001805130850000116
Quantum key quantity of interval demand
Figure BDA0001805130850000117
Tenant 2 requests a corresponding QKD node
Figure BDA0001805130850000118
Quantum key quantity of interval demand
Figure BDA0001805130850000119
Tenant 2 requests a corresponding QKD node
Figure BDA00018051308500001110
Quantum key quantity of interval demand
Figure BDA00018051308500001111
Computing tenant 2 request corresponding QKD node
Figure BDA00018051308500001112
Inter-theoretical quantum key storage
Figure BDA00018051308500001113
QKD node
Figure BDA00018051308500001114
Inter-theoretical quantum key storage
Figure BDA00018051308500001115
QKD node
Figure BDA00018051308500001116
Inter-theoretical quantum key storage
Figure BDA00018051308500001117
Wherein the content of the first and second substances,
Figure BDA00018051308500001118
Figure BDA00018051308500001119
are all less than KmaxThen QKD node
Figure BDA00018051308500001120
Quantum key quantum amount available in real time
Figure BDA00018051308500001121
QKD node
Figure BDA00018051308500001122
Quantum key quantum amount available in real time
Figure BDA00018051308500001123
QKD node
Figure BDA00018051308500001124
Quantum key quantum amount available in real time
Figure BDA00018051308500001125
Wherein the content of the first and second substances,
Figure BDA00018051308500001126
Figure BDA00018051308500001127
respectively correspond to less than
Figure BDA00018051308500001128
Selecting quantum key quantities from corresponding QKD nodes using a first hit method
Figure BDA00018051308500001129
The provisioning requests the corresponding node to tenant 2. And finally, quantum key supply requested by the tenant 2 is completed, and the real-time residual quantum key amount between each pair of QKD nodes in the bottom layer QKD network is monitored and updated.
The foregoing describes in detail a multi-tenant quantum key provisioning method in a quantum key distribution network of the present invention, and the following describes a multi-tenant quantum key provisioning apparatus in a quantum key distribution network corresponding to the present invention.
Fig. 7 is a schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to one embodiment of the present invention.
Referring to fig. 7, the multi-tenant quantum key provisioning apparatus 70 includes: a network information acquisition module 71, a tenant record and query module 72, and a quantum key provisioning module 73.
And the network information obtaining module 71 is configured to obtain parameter information of the quantum key distribution network.
The method comprises the steps of obtaining parameter information of a quantum key distribution network, wherein the step of obtaining the parameter information of the quantum key distribution network comprises the step of obtaining topological information of the quantum key distribution network; and acquiring the quantum key generation rate, the quantum key storage amount threshold value, the quantum key reserved storage amount and the like between each pair of distribution nodes.
The tenant recording and querying module 72 is configured to record parameter information of each tenant request and query quantum key information associated with the tenant request after receiving a plurality of tenant requests.
Wherein the recording of the parameter information requested by each tenant comprises: recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request; wherein the querying quantum key information associated with the tenant request comprises: and inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
A quantum key supply module 73, configured to determine a quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module 71, the parameter information of each tenant request recorded by the tenant recording and querying module 72, and the queried quantum key information associated with the tenant request.
The required quantum key amount between each pair of distribution nodes corresponding to each tenant request can be determined according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
Fig. 8 is another schematic block diagram of a multi-tenant quantum key provisioning apparatus in a quantum key distribution network according to an embodiment of the present invention.
Referring to fig. 8, the multi-tenant quantum key provisioning apparatus 80 includes: a network information acquisition module 71, a tenant record and query module 72, a quantum key provisioning module 73, and a control module 74.
The control module 74 is responsible for controlling the work of the whole device, and the network information obtaining module 71, the tenant recording and querying module 72, and the quantum key providing module 73 respectively execute different operations under the control of the control module 74.
Wherein, the network information obtaining module 71 includes: a topology information obtaining module 711, a rate information obtaining module 712, a storage information obtaining module 713, and a reservation information obtaining module 714.
And the topology information obtaining module 711 is configured to obtain topology information of the quantum key distribution network.
And a rate information obtaining module 712, configured to obtain a quantum key generation rate between each pair of distribution nodes.
A storage information obtaining module 713, configured to obtain a quantum key storage amount threshold between each pair of distribution nodes.
And a reserved information obtaining module 714, configured to obtain a reserved storage amount of the quantum key between each pair of distribution nodes.
Wherein the tenant record and query module 72 comprises: a node recording module 721, a time recording module 722, a demand recording module 723, a query module 724, and an information storage module 725.
A node record module 721, configured to record a node set with high security requirements requested by each tenant.
And a time recording module 722 for recording the arrival time and duration of each tenant request.
And the requirement recording module 723 is configured to record a quantum key requirement between each pair of distribution nodes in the node set requested by each tenant.
The query module 724 is configured to query previous tenant request information for completing quantum key supply between each pair of distribution nodes, and a quantum key amount remaining after quantum key supply is performed for the previous tenant request between each pair of distribution nodes.
The information storage module 725 is configured to store detailed information and status requested by each tenant.
Wherein the quantum key provisioning module 73 comprises: a calculation module 731, a determination module 732, a decision module 733, an execution module 734, and a monitoring module 735.
A calculating module 731, configured to determine, according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request, a required quantum key amount between each pair of distribution nodes corresponding to each tenant request; and determining the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage capacity, the arrival time and the duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key quantity left after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
The determining module 732 is configured to determine whether the theoretical quantum key storage amount is greater than the quantum key storage amount threshold, and determine whether the quantum key amount available between each pair of distribution nodes is greater than or equal to the required quantum key amount between each pair of distribution nodes.
The decision module 733 is configured to determine, according to a comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold in the determination module 732, an available quantum key amount between each pair of distribution nodes, and determine whether a quantum key requirement requested by a tenant can be met.
An executing module 734, configured to determine a quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module 733, and a comparison result between the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the determining module 732; namely, the first hit method is executed to select quantum key quantity from the corresponding QKD nodes and supply the quantum key quantity to the node corresponding to the tenant request.
And the monitoring module 735 is configured to monitor and update the quantum key amount remaining in real time between each pair of distribution nodes in the quantum key distribution network.
In summary, according to the technical solution of the embodiment of the present invention, parameter information of a quantum key distribution network can be obtained, after receiving a plurality of tenant requests, parameter information of each tenant request is recorded and quantum key information associated with the tenant request is queried, and then a quantum key supplied to each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request. Therefore, the quantum key supplied for each tenant can be automatically calculated according to the related parameter information, the quantum key supplied for each tenant can be automatically adjusted when the parameter information changes, and the supply and the configuration of the quantum keys of multiple tenants are not required to be completed one by adopting a manual method, so that the efficient supply and demand matching of the quantum keys supplied by the QKD network and the quantum keys required by the dynamic multiple tenants is realized, and the configuration flexibility of the quantum keys of multiple tenants in the quantum key distribution network and the supply efficiency of the quantum keys are improved.
The technical solution according to the present invention has been described in detail above with reference to the accompanying drawings.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
Those of ordinary skill in the art will understand that: the invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.

Claims (8)

1. A multi-tenant quantum key provisioning method, comprising:
acquiring parameter information of a quantum key distribution network, comprising: acquiring topological information of a quantum key distribution network;
acquiring quantum key generation rate, quantum key storage quantity threshold and quantum key reserved storage quantity between each pair of distribution nodes;
after receiving a plurality of tenant requests, recording parameter information of each tenant request and querying quantum key information associated with the tenant request, wherein the recording of the parameter information of each tenant request comprises:
recording a node set of each tenant request, arrival time and duration of each tenant request, and quantum key requirements between each pair of distribution nodes in the node set of each tenant request;
the querying quantum key information associated with the tenant request comprises:
inquiring previous tenant request information for completing quantum key supply between each pair of distribution nodes, and the quantum key amount remained after quantum key supply is performed for the previous tenant request between each pair of distribution nodes;
and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request.
2. The method of claim 1, wherein determining the quantum key provisioned for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request, and the quantum key information associated with the tenant request comprises:
determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold;
and determining the quantum key supplied for each tenant according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes.
3. The method of claim 2, wherein determining the amount of quantum key available between each pair of distribution nodes based on the comparison of the theoretical quantum key storage amount to the quantum key storage amount threshold comprises:
when the theoretical quantum key storage amount is larger than the quantum key storage amount threshold value, determining the available quantum key amount between each pair of distribution nodes and selecting the quantum key storage amount threshold value;
and when the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold value, determining the quantum key amount available between each pair of distribution nodes and selecting the theoretical quantum key storage amount.
4. The method of claim 3, wherein determining the quantum key provisioned for each tenant based on a comparison of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes comprises:
and when the quantity of the quantum keys available between each pair of the distribution nodes is larger than or equal to the quantity of the required quantum keys between each pair of the distribution nodes, selecting the quantity of the required quantum keys from the corresponding distribution nodes and supplying the quantity of the required quantum keys to the nodes corresponding to the tenant request.
5. The method of claim 4, further comprising:
and monitoring and updating the real-time residual quantum key amount between each pair of distribution nodes in the quantum key distribution network.
6. A multi-tenant quantum key provisioning apparatus, comprising:
the network information acquisition module is used for acquiring parameter information of the quantum key distribution network;
the system comprises a tenant recording and querying module, a processing module and a processing module, wherein the tenant recording and querying module is used for recording parameter information of each tenant request and querying quantum key information related to the tenant request after receiving a plurality of tenant requests;
the quantum key supply module is used for determining a quantum key supplied for each tenant according to the parameter information of the quantum key distribution network acquired by the network information acquisition module, the parameter information of each tenant request recorded by the tenant recording and query module, and the queried quantum key information associated with the tenant request;
the network information acquisition module comprises:
the topological information acquisition module is used for acquiring topological information of the quantum key distribution network;
the rate information acquisition module is used for acquiring the quantum key generation rate between each pair of distribution nodes;
the storage information acquisition module is used for acquiring a quantum key storage amount threshold value between each pair of distribution nodes;
the reserved information acquisition module is used for acquiring reserved storage space of the quantum key between each pair of distribution nodes;
the tenant recording and querying module comprises:
the node recording module is used for recording a node set requested by each tenant;
the time recording module is used for recording the arrival time and the duration of each tenant request;
the demand recording module is used for recording the quantum key demand between each pair of distribution nodes in the node set requested by each tenant;
and the query module is used for querying the previous tenant request information for completing quantum key supply between each pair of distribution nodes and the quantum key amount remained after the previous tenant request is supplied with the quantum key between each pair of distribution nodes.
7. The apparatus of claim 6, wherein the quantum key provisioning module comprises:
the calculation module is used for determining the required quantum key amount between each pair of distribution nodes corresponding to each tenant request according to the arrival time and the duration of each tenant request and the quantum key requirement between each pair of distribution nodes in the node set of each tenant request;
determining theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant request according to the quantum key generation rate between each pair of distribution nodes, quantum key reserved storage capacity, arrival time and duration of each tenant request, previous tenant request information for completing quantum key supply between each pair of distribution nodes, and quantum key quantity left after quantum key supply for the previous tenant request between each pair of distribution nodes;
the judgment module is used for judging whether the theoretical quantum key storage capacity is larger than the quantum key storage capacity threshold value or not and judging whether the quantum key quantity available between each pair of distribution nodes is larger than or equal to the required quantum key quantity between each pair of distribution nodes or not;
the decision module is used for determining the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module;
and the execution module is used for determining the quantum key supplied for each tenant according to the quantum key amount available between each pair of distribution nodes determined in the decision module and the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes in the judgment module.
8. The apparatus of claim 6, wherein the quantum key provisioning module further comprises: and the monitoring module is used for monitoring and updating the quantum key amount remained in real time between each pair of distribution nodes in the quantum key distribution network.
CN201811094174.3A 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device Active CN109005034B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811094174.3A CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811094174.3A CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Publications (2)

Publication Number Publication Date
CN109005034A CN109005034A (en) 2018-12-14
CN109005034B true CN109005034B (en) 2020-10-02

Family

ID=64592389

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811094174.3A Active CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Country Status (1)

Country Link
CN (1) CN109005034B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224815B (en) * 2019-05-08 2021-02-09 北京邮电大学 QKD network resource distribution method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599826A (en) * 2009-07-10 2009-12-09 陕西理工学院 Expandable multi-user quantum key distribution network system and method for distributing key thereof
CN106850204A (en) * 2017-02-27 2017-06-13 北京邮电大学 Quantum key distribution method and system
CN106961327A (en) * 2017-02-27 2017-07-18 北京邮电大学 Key management system and method based on quantum key pond
CN107302429A (en) * 2017-06-27 2017-10-27 浙江科易理想量子信息技术有限公司 A kind of network-building method for improving key generating rate
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108462573A (en) * 2018-02-09 2018-08-28 中国电子科技集团公司第三十研究所 A kind of flexible quantum safety moving communication means

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599826A (en) * 2009-07-10 2009-12-09 陕西理工学院 Expandable multi-user quantum key distribution network system and method for distributing key thereof
CN106850204A (en) * 2017-02-27 2017-06-13 北京邮电大学 Quantum key distribution method and system
CN106961327A (en) * 2017-02-27 2017-07-18 北京邮电大学 Key management system and method based on quantum key pond
CN107302429A (en) * 2017-06-27 2017-10-27 浙江科易理想量子信息技术有限公司 A kind of network-building method for improving key generating rate
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108462573A (en) * 2018-02-09 2018-08-28 中国电子科技集团公司第三十研究所 A kind of flexible quantum safety moving communication means

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Resource Allocation in Optical Networks Secured by Quantum Key Distribution";Yongli Zhao等;《IEEE》;20180814;第130-137页 *
"基于量子密钥分发的可信光网络体系架构";曹原等;《信息通信技术》;20161215;第48-54页 *

Also Published As

Publication number Publication date
CN109005034A (en) 2018-12-14

Similar Documents

Publication Publication Date Title
CN107193490B (en) Distributed data storage system and method based on block chain
CN106790112B (en) Node operating system integrating lightweight block chains and data updating method
CN111598186A (en) Decision model training method, prediction method and device based on longitudinal federal learning
IL300542A (en) Transferring cryptocurrency from a remote limited access wallet
CN104486316B (en) A kind of quantum key graduation offer method for improving electric power data transmission security
CN106330573B (en) FTTH-based method for automatically corresponding terminal and template
CN112769550B (en) Load balancing quantum key resource distribution system facing data center
CN106716968A (en) Account management method, device and account management system
CN110730081B (en) Block chain network-based certificate revocation method, related equipment and medium
CN108062243A (en) Generation method, task executing method and the device of executive plan
CN109348434A (en) A kind of sending method of scene information, sending device and terminal device
CN109005034B (en) Multi-tenant quantum key supply method and device
CN111512332A (en) Topological construction method and system for meeting partition tolerance under alliance chain consensus
CN110635894A (en) Quantum key output method and system based on frame protocol format
CN110868466B (en) Storage method, system and equipment for distributed storage network
CN105281944B (en) Method for setting network protocol address and service management system
WO2023051455A1 (en) Method and apparatus for training trust model
CN109542841A (en) The method and terminal device of data snapshot are created in cluster
CN113987475A (en) Distributed resource management system, distributed resource management method, credential information management system, and medium
CN112468350B (en) Operation parameter configuration management method and device of power Internet of things
CN108713199A (en) Right management method, system, mobile terminal, shared charging equipment and server
CN109740320A (en) A kind of identity identifying method and terminal device based on block chain
CN112241888B (en) Address management system based on public chain
CN112787864B (en) Grouping configuration method and device of power internet of things
CN116954927B (en) Distributed heterogeneous data acquisition method, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant