CN111049645A - Internet of things system and quantum key distribution method and device thereof - Google Patents

Internet of things system and quantum key distribution method and device thereof Download PDF

Info

Publication number
CN111049645A
CN111049645A CN201911143585.1A CN201911143585A CN111049645A CN 111049645 A CN111049645 A CN 111049645A CN 201911143585 A CN201911143585 A CN 201911143585A CN 111049645 A CN111049645 A CN 111049645A
Authority
CN
China
Prior art keywords
key
quantum
edge gateway
quantum key
edge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911143585.1A
Other languages
Chinese (zh)
Inventor
赵永利
孟祥宇
郁小松
李亚杰
张�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201911143585.1A priority Critical patent/CN111049645A/en
Publication of CN111049645A publication Critical patent/CN111049645A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Optical Communication System (AREA)

Abstract

The invention provides an Internet of things system and a quantum key distribution method and device thereof, wherein the Internet of things system comprises: the system comprises an application layer, a perception layer, a network layer and a quantum key management center; the quantum key management center is used for analyzing a key request device and a target device from a quantum key request forwarded by an edge gateway of a perception layer and then judging whether the key request device and the target device belong to the same edge gateway or not; if yes, indicating the edge gateway to distribute the quantum key in the key pool to the key request device and the target device; otherwise, indicating the two edge gateways to which the key request device and the destination device belong respectively to distribute the quantum keys in the key pool to the key request device and the destination device respectively. The invention can distribute quantum keys to the equipment in the Internet of things system, and improve the communication safety in the Internet of things system.

Description

Internet of things system and quantum key distribution method and device thereof
Technical Field
The invention relates to the technical field of quantum keys, in particular to an Internet of things system and a quantum key distribution method and device thereof.
Background
The internet of things system can be regarded as an internet which is a kind of information data cognition and communication between a wide area network/local area network, a person and a target needing cognition in a broad sense. The internet of things is the internet connected with objects, and comprises two layers of meanings: firstly, the internet of things is an extension and expansion on the basis of the internet; and secondly, the user end extends and expands between any object and any object. In the face of various physical entities in the real world, the intelligent terminal equipment helps the Internet of things system, and the sensing, acquisition and timely or delayed analysis and processing work of information data is realized. The internet of things is coming to ordinary consumers in a cheap and popular posture, and the application of the internet of things is going to the aspect of life in the near future. However, the security threat and the consequences caused by the security accident in the application of the internet of things are much more serious than those in the internet era. At present, a plurality of immature places exist in the technology of the internet of things system, and the situation that data information is directly transmitted in the internet of things system without being encrypted and authenticated generally exists. Therefore, security issues have become an important factor hindering further development of the internet of things.
Although the existing internet of things adopts various encryption technologies to protect data privacy, most of the existing data encryption technologies are classical cryptography technologies based on complex mathematical methods, and the methods face the risk of being cracked by a quantum computer, so that the communication security cannot be guaranteed in the near future.
Disclosure of Invention
In view of this, the present invention provides an internet of things system and a quantum key distribution method and device thereof, which can distribute a quantum key to devices in the internet of things system, so that information transmitted between the devices can be encrypted by the safer quantum key, and communication security in the internet of things system is improved.
Based on the above purpose, the present invention provides an internet of things system, including: the application layer further comprises: the system comprises a perception layer, a network layer and a quantum key management center; wherein the content of the first and second substances,
the edge gateway in the perception layer is used for forwarding a quantum key request sent by the intelligent terminal in the perception layer to the quantum key management center;
the quantum key management center is used for analyzing a key request device and a target device from the quantum key request and then judging whether the key request device and the target device belong to devices under the same edge gateway or not; if yes, sending a quantum key distribution notice to the edge gateway, indicating the edge gateway, and distributing the quantum key in a key pool between an OLT (optical line terminal) connected with the edge gateway in the network layer and the edge gateway to the key request device and the destination device; otherwise, sending quantum key distribution notification to two edge gateways to which the key request device and the destination device belong respectively, and instructing the two edge gateways to distribute quantum keys in a key pool between the two edge gateways to the key request device and the destination device respectively;
and the edge gateway is also used for acquiring the quantum key from the key pool indicated by the quantum key distribution notice after receiving the quantum key distribution notice, and distributing the quantum key to the key distribution object indicated by the quantum key distribution notice.
The quantum key management center specifically includes:
the quantum key request analysis module is used for receiving the quantum key request forwarded by the edge gateway and then analyzing key request equipment and target equipment;
the device position judging module is used for judging whether the key request device and the target device belong to devices under the same edge gateway or not;
a key distribution control module, configured to, when the determination result of the device location determination module is yes, distribute, through the edge gateway, a quantum key in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, distributing the quantum key in the key pool between the two edge gateways to the key request device and the target device through the two edge gateways to which the key request device and the target device respectively belong.
The invention also provides a quantum key distribution method in the Internet of things system, which comprises the following steps:
analyzing a key request device and a target device from the quantum key request forwarded by the edge gateway;
judging whether the key request equipment and the target equipment belong to equipment under the same edge gateway or not;
if yes, distributing quantum keys in a key pool between an OLT (optical line terminal) connected with the edge gateway and the edge gateway in the Internet of things system to the key request device and the target device through the edge gateway;
otherwise, distributing the quantum key in the key pool between the two edge gateways to the key request device and the destination device respectively through the two edge gateways to which the key request device and the destination device belong respectively.
The quantum key in the key pool between the two edge gateways is generated in advance according to the following method:
for the condition that the two edge gateways belong to the same metro network quantum node, the two edge gateways generate quantum keys in the key pool by taking the connected OLT as a relay;
and for the condition that the two edge gateways belong to two metro network quantum nodes respectively, the two edge gateways generate the quantum keys in the key pool by taking the OLT connected with the two edge gateways and the two metro network quantum nodes as relays.
Preferably, the allocating a quantum key in a key pool between the OLT connected to the edge gateway in the internet of things system and the edge gateway to the key requesting device and the destination device specifically includes:
for the condition that the key request device/destination device is a mobile intelligent terminal, the edge gateway encrypts the quantum key acquired from the key pool by adopting an encryption mechanism based on wireless physical layer security and then sends the encrypted quantum key to the key request device/destination device;
and for the condition that the key request device/target device is a fixed intelligent terminal, the edge gateway encrypts the quantum key acquired from the key pool based on an encryption mechanism of the physical layer security of the optical fiber channel and then transmits the encrypted quantum key to the key request device/target device.
Preferably, the allocating the quantum key in the key pool between the two edge gateways to the key request device and the destination device respectively includes:
the first edge gateway acquires a quantum key from a key pool between the first edge gateway and the second edge gateway indicated in the first quantum key distribution notice according to the received first quantum key distribution notice, and sends the quantum key to the key request device;
the second edge gateway acquires the quantum key from the key pool between the first edge gateway and the second edge gateway indicated in the second quantum key distribution notice according to the received second quantum key distribution notice, and sends the quantum key to the destination device;
the first and second edge gateways are the edge gateways to which the key request device and the destination device belong, respectively.
Preferably, the first edge gateway obtains the quantum key from the key pool between the first edge gateway and the second edge gateway indicated in the first quantum key distribution notification according to the received first quantum key distribution notification, and sends the quantum key to the key request device, and the method specifically includes:
if the key request device is a mobile intelligent terminal, the first edge gateway sends the acquired quantum key to the key request device by adopting a first key distribution mechanism;
if the key request device is a fixed intelligent terminal, the first edge gateway sends the acquired quantum key to the key request device by adopting a second key distribution mechanism;
in the first key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object by adopting an encryption mechanism based on wireless physical layer security;
in the second key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object based on an encryption mechanism of the physical layer security of the fiber channel.
Preferably, the second edge gateway obtains the quantum key from the key pool between the first edge gateway and the second edge gateway indicated in the second quantum key distribution notification according to the received second quantum key distribution notification, and sends the quantum key to the destination device, and specifically includes:
if the destination device is a mobile intelligent terminal, the second edge gateway sends the acquired quantum key to the destination device by adopting a first key distribution mechanism;
if the destination device is a fixed intelligent terminal, the second edge gateway sends the acquired quantum key to the destination device by adopting a second key distribution mechanism;
in the first key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object by adopting an encryption mechanism based on wireless physical layer security;
in the second key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object based on an encryption mechanism of the physical layer security of the fiber channel.
The invention also provides a quantum key distribution device in the internet of things system, which comprises:
the quantum key request analysis module is used for receiving the quantum key request forwarded by the edge gateway and then analyzing key request equipment and target equipment;
the device position judging module is used for judging whether the key request device and the target device belong to devices under the same edge gateway or not;
a key distribution control module, configured to, when the determination result of the device location determination module is yes, distribute, through the edge gateway, a quantum key in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, respectively distributing the quantum keys in the key pool between the two edge gateways to the key request device and the target device through the two edge gateways to which the key request device and the target device respectively belong.
In the Internet of things system provided by the invention, a quantum key management center analyzes a key request device and a target device from a quantum key request forwarded by an edge gateway; judging whether the key request equipment and the target equipment belong to equipment under the same edge gateway or not; if yes, distributing quantum keys in a key pool between an OLT (optical line terminal) connected with the edge gateway and the edge gateway in the Internet of things system to the key request device and the target device through the edge gateway; otherwise, distributing the quantum key in the key pool between the two edge gateways to the key request device and the destination device respectively through the two edge gateways to which the key request device and the destination device belong respectively. Therefore, quantum keys are distributed to the equipment in the Internet of things system, information transmitted among the equipment can be encrypted by the safer quantum keys, and the communication safety in the Internet of things system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of an architecture of an internet of things system according to an embodiment of the present invention;
fig. 2a and 2b are flowcharts of a quantum key distribution method in an internet of things system according to an embodiment of the present invention;
fig. 3a is a schematic diagram of key distribution when a key requesting device and a destination device under the same edge gateway are both mobile intelligent terminals according to an embodiment of the present invention;
fig. 3b is a schematic diagram of key distribution when both the key requesting device and the destination device under the same edge gateway are fixed intelligent terminals according to the embodiment of the present invention;
fig. 4a is a schematic diagram of key distribution when the key requesting device and the destination device under different edge gateways are both mobile intelligent terminals according to the embodiment of the present invention;
fig. 4b is a schematic diagram of key distribution when the key requesting device and the destination device under different edge gateways are both fixed intelligent terminals according to the embodiment of the present invention;
fig. 4c is a schematic diagram of key distribution when the key requesting device is a mobile intelligent terminal and the destination device is a fixed intelligent terminal according to the embodiment of the present invention;
fig. 4d is a schematic diagram of key distribution when the key requesting device is a fixed intelligent terminal and the destination device is a mobile intelligent terminal according to the embodiment of the present invention;
fig. 5 is a block diagram of an internal structure of a quantum key distribution device in an internet of things system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The present inventors consider that quantum key distribution techniques allow spatially separated users to share unconditionally secure keys, which is a task that classical communication cannot accomplish, and therefore quantum key distribution techniques are always an important direction of quantum communication, existing practical quantum cryptography (quantum key distribution) systems mainly employ the BB84 protocol, proposed by Bennett and Brassard in 1984, unlike the classical cryptosystem, the security of quantum key distribution is based on the basic principle of quantum mechanics, even if an eavesdropper controls a channel line, the quantum key distribution technique allows spatially separated users to share a secure key as long as the eavesdropper does not attack a side channel inside a legitimate user device, and the academic community refers to such security as "unconditional security", which means the security of having strict mathematical proof, but with the assumption that ① eavesdropper does not attack a side channel inside a legitimate user device, the basis on which ② relies on the principle of quantum physics, i.e. the principle that quantum eavesdropper is required to not possess a quantum violating the quantum physics technique, but can possess any technique that is not violating the principle of any physics, such as the principle of computing a computer, and therefore, the computational complexity of computing the security of the computation of the principle is not affected by any counter-factor.
Therefore, in the technical scheme of the invention, the quantum key generated in advance is distributed to the equipment in the Internet of things system, so that the equipment can communicate by using the distributed quantum key, and the communication safety in the Internet of things system is improved.
The technical solution of the embodiments of the present invention is described in detail below with reference to the accompanying drawings.
The internet of things system provided by the embodiment of the invention is configured as shown in fig. 1, and comprises: a perception layer 101, a network layer 102, an application layer 103, a quantum key management center 104;
the application layer 103 includes internet of things middleware and internet of things applications, and has a main function of completing security management and processing of data and combining the data with applications of various industries. The Internet of things middleware is independent system software or service program, and uniformly encapsulates a plurality of public capacities such as communication management, equipment control, positioning and the like, so that the development efficiency of the Internet of things application is improved. The internet of things application is various applications directly used by users, and comprises home internet of things applications, such as household appliance intelligent control, home security and the like, and also comprises a plurality of enterprise and industry applications, such as petroleum monitoring applications, vehicle-mounted applications, remote medical applications and the like.
The network layer 102 may include a quantum backbone 110, a metropolitan area network 111, and an access network 112. The quantum backbone network 110 is mainly used for realizing long-distance quantum secret communication of the internet of things; the metropolitan area network 111 comprises a node added with a Quantum Key Distribution (QKD) device, called a metropolitan area network quantum node 120, and can realize quantum secret communication of the internet of things in the metropolitan area; the access network 112 selects a quantum passive Optical network, including an OLT (Optical Line Terminal) 121; OLT121 may implement quantum key distribution of metro quantum nodes 120 to edge gateway 122 of aware layer 101. To secure information between OLT121 and edge gateway 122, QKD devices may be placed at OLT121 and edge gateway 122, and may include: QKD transmitters, receivers, trusted/quantum relays, key pools, etc., for generating and storing quantum keys. A key pool may be placed between the edge gateways 122 and between the interconnected OLT121 and edge gateways 122 for storing the generated quantum keys.
Preferably, for quickly providing the key for the whole network, a key pool can be placed between the metro network quantum nodes, between the metro network quantum nodes as access nodes and the OLT (i.e. between the metro network quantum nodes and the OLT which are connected with each other), between the OLT and the edge gateway which are connected with each other, and between the two edge gateways for storing the generated key.
The sensing layer 101 includes an intelligent terminal 123 embedded with quantum key service and an edge gateway 122, where the intelligent terminal 123 mainly collects and uploads data to the edge gateway 122, and the edge gateway 122 distributes quantum keys from the edge gateway to the intelligent terminal 123. The equipment types of the intelligent terminal are as follows: mobile intelligent terminal equipment and fixed intelligent terminal equipment. According to the equipment type of the intelligent terminal, two schemes can be adopted: (a) a quantum key distribution mechanism from the edge gateway to the mobile intelligent terminal, namely a first key distribution mechanism; (b) and the quantum key distribution mechanism from the edge gateway to the fixed intelligent terminal is a second key distribution mechanism.
Smart terminal 123 in aware layer 101 may send a quantum key request to edge gateway 122 in aware layer 101 when there is a need for quantum key services.
After receiving the quantum key request sent by the intelligent terminal 123, the edge gateway 122 forwards the quantum key request to the quantum key management center 104;
the quantum key management center 104 performs a quantum key distribution method in the internet of things system, and after resolving a key request device and a target device from a quantum key request forwarded by the edge gateway 122, determines whether the key request device and the target device belong to devices under the same edge gateway; if yes, sending a quantum key distribution notice to the edge gateway, indicating the edge gateway, and distributing the quantum key in a key pool between an OLT (optical line terminal) connected with the edge gateway in the Internet of things system and the edge gateway to the key request device and the target device; otherwise, sending quantum key distribution notification to two edge gateways to which the key request device and the destination device belong respectively, and instructing the two edge gateways to distribute quantum keys in a key pool between the two edge gateways to the key request device and the destination device respectively;
the edge gateway 122 is further configured to, after receiving the quantum key distribution notification, obtain the quantum key from the key pool indicated by the quantum key distribution notification, and distribute the quantum key to the key distribution object indicated by the quantum key distribution notification.
The specific method flow of quantum key distribution in the internet of things system is shown in fig. 2a and 2b, and includes the following steps:
step S201: intelligent terminal 123 in aware layer 101 sends a quantum key request to one edge gateway 122 in aware layer 101.
Specifically, the intelligent terminal 123 in the sensing layer 101 sends a quantum key request to the edge gateway 122 to which the intelligent terminal belongs. Generally, the intelligent terminal 123 sending the quantum key request is a key request device in the quantum key request; for the convenience of the following description, the edge gateway 122 to which the smart terminal belongs, i.e. the edge gateway 122 that receives the quantum key request, is referred to as a first edge gateway.
Step S202: after receiving the quantum key request sent by intelligent terminal 123, edge gateway 122 forwards the quantum key request to quantum key management center 104.
Step S203: quantum key management center 104 parses the key request device and the destination device from the quantum key request forwarded by edge gateway 122.
Step S204: the quantum key management center 104 determines whether the key request device and the destination device belong to devices under the same edge gateway; if yes, the following step S205 is executed in the flow shown in fig. 2 a; otherwise, the following step S210 is performed as in the flow shown in fig. 2 b.
Step S205: quantum key management center 104 sends a quantum key distribution notification to edge gateway 122 that forwarded the quantum key request.
Specifically, the key pool indicated in the quantum key distribution notification sent by the quantum key management center 104 to the first edge gateway forwarding the quantum key request is a key pool between the OLT connected to the edge gateway and the edge gateway, that is, a key pool between the first edge gateway and the OLT connected to the first edge gateway; the key distribution object indicated in the quantum key distribution notification includes the key requesting device and the destination device.
Step S206: the edge gateway 122 performs quantum key distribution to the intelligent terminal 123 according to the received quantum key distribution notification, and completes the quantum key service.
Specifically, the first edge gateway obtains a pair of quantum keys from a key pool between an OLT connected to the edge gateway and the edge gateway according to the key pool indicated in the quantum key distribution notification; the process of obtaining the quantum key can adopt a quantum key encryption transmission mode.
And the first edge gateway respectively sends the acquired pair of quantum keys to the key request device and the destination device.
Specifically, for the case where both the key requesting device and the destination device are mobile intelligent terminals, as shown in fig. 3a, the first edge gateway adopts a first key distribution mechanism to respectively distribute keys indicated in the notification to the quantum keys to be distributed: and the key request device and the destination device send quantum keys. The first key distribution mechanism is specifically: and the edge gateway encrypts the quantum key acquired from the key pool by adopting an encryption mechanism based on the security of a wireless physical layer and then sends the encrypted quantum key to the key distribution object.
The existing encryption mechanism based on wireless physical layer security utilizes the natural characteristics of a wireless channel, does not need key distribution and management, and provides a lightweight encryption communication scheme. Based on the characteristics of time-varying property, reciprocity and spatial uniqueness of a wireless channel, both legal communication parties can generate a shared key by using extracted wireless channel characteristics so as to carry out encrypted communication. In an actual communication system, the extracted radio channel characteristics are not completely the same due to the influence of communication delay, hardware difference, and the like between both parties of communication. Therefore, in order to obtain a symmetric key, after channel feature extraction and channel feature value quantization, an information reconciliation process needs to be introduced, and key agreement is performed by interacting reconciliation information, so as to obtain a consistent key. However, during the reconciliation process, the two communication parties tend to cause the leakage of information about the channel characteristics due to mutual information. In order to solve the problem that information leakage in the information reconciliation process affects the generation of the symmetric key, the two communication parties further need to finally realize the security and the randomness of the generated key through a privacy amplification process. The mechanism can successfully realize the security of quantum key transmission from the edge gateway to the mobile intelligent terminal.
For the case that the key requesting device/destination device is a fixed smart terminal, as shown in fig. 3b, the first edge gateway allocates quantum keys to the key requesting device and the destination device respectively by using a second key allocation mechanism. The second key distribution mechanism is specifically: and the edge gateway encrypts the quantum key acquired from the key pool and sends the encrypted quantum key to the key distribution object based on an encryption mechanism of the physical layer security of the optical fiber channel. Here, the key distribution object may be the key requesting device or the destination device.
The existing encryption mechanism based on the fiber channel physical layer security provides an internal source type information protection by a system self and does not depend on an independent external key distribution channel. By utilizing the phenomenon that after the multi-system signal is subjected to noise interference, a part of states are completely covered by noise, noise transmission is subjected to interference, and the encrypted optical communication function based on the optical fiber channel physical layer safety is realized on the basis of the channel. The scheme is characterized by noise transmission, can effectively solve the difficult problem of integration of communication and secret, and has the functional characteristics of self-synchronization negotiation, self-authentication communication, self-adaption safety, strong noise correlation, strong bit correlation and strong position correlation. The mechanism can realize the security of quantum key transmission from the edge gateway to the fixed intelligent terminal.
Step S210: the quantum key management center 104 sends a quantum key distribution notification to the two edge gateways to which the key request device and the destination device belong, respectively.
Specifically, the quantum key management center 104 sends a first quantum key distribution notification to the first edge gateway to which the key request device belongs; the key pool indicated in the first quantum key distribution notice is a key pool between the two edge gateways, namely a key pool between the first edge gateway and the second edge gateway; the key allocation object indicated in the first quantum key allocation notification is the key requesting device.
Quantum key management center 104 also sends a second quantum key distribution notification to the second edge gateway; wherein, the second edge gateway is the edge gateway to which the destination device belongs; the key pool indicated in the second quantum key distribution notification is a key pool between the two edge gateways, namely a key pool between the first edge gateway and the second edge gateway; and the key distribution object indicated in the second quantum key distribution notice is the destination device.
The quantum key in the key pool between the two edge gateways is generated in advance according to the following method:
for the condition that two edge gateways belong to the same metro network quantum node, the two edge gateways use the connected OLT as a relay to form a quantum key in the key pool;
and for the condition that the two edge gateways belong to two metro network quantum nodes respectively, the two edge gateways generate the quantum keys in the key pool by taking the OLT connected with the two edge gateways and the two metro network quantum nodes as relays.
Step S211: the edge gateway 122 performs quantum key distribution to the intelligent terminal 123 according to the received quantum key distribution notification, and completes the quantum key service.
Specifically, the first edge gateway obtains the quantum key from the key pool indicated in the first quantum key distribution notification, that is, the key pool between the first edge gateway and the second edge gateway, according to the received first quantum key distribution notification, and sends the quantum key to the key request device.
And the second edge gateway acquires the quantum key from the key pool indicated in the second quantum key distribution notice, namely the key pool between the first edge gateway and the second edge gateway according to the received second quantum key distribution notice, and sends the quantum key to the destination device.
If the key request device and the destination device are both mobile intelligent terminals, as shown in fig. 4a, the first edge gateway and the second edge gateway both use the first key distribution mechanism to send the obtained quantum keys to the key request device and the destination device, respectively.
If the key request device and the destination device are both fixed intelligent terminals, as shown in fig. 4b, the first edge gateway and the second edge gateway both use the second key distribution mechanism to send the obtained quantum keys to the key request device and the destination device, respectively.
If the key request device is a mobile intelligent terminal and the destination device is a fixed intelligent terminal, as shown in fig. 4c, the first edge gateway sends the obtained quantum key to the key request device by using the first key distribution mechanism; and the second edge gateway sends the acquired quantum key to the destination device by adopting the second key distribution mechanism.
If the key request device is a fixed intelligent terminal and the destination device is a mobile intelligent terminal, as shown in fig. 4d, the first edge gateway sends the obtained quantum key to the key request device by using the second key distribution mechanism; and the second edge gateway sends the acquired quantum key to the destination device by adopting the first key distribution mechanism.
It should be noted that the method of the embodiment of the present invention may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In the case of such a distributed scenario, one of the multiple devices may only perform one or more steps of the method according to the embodiment of the present invention, and the multiple devices interact with each other to complete the method.
The quantum key distribution device in the internet of things system, which is provided in the quantum key management center 104 in the embodiment of the present invention, can implement the quantum key distribution method in the corresponding internet of things system in the quantum key management center 104, and as shown in fig. 5, an internal structure block diagram of the device includes: quantum key request analysis module 501, device location determination module 502, and key distribution control module 503.
The quantum key request analysis module 501 is configured to receive a quantum key request forwarded by an edge gateway and then analyze a key request device and a destination device;
the device location determining module 502 is configured to determine whether the key requesting device and the destination device belong to devices under the same edge gateway;
the key distribution control module 503 is configured to, if the determination result of the device location determination module 502 is yes, distribute, through the edge gateway, a quantum key in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, respectively distributing the quantum keys in the key pool between the two edge gateways to the key request device and the target device through the two edge gateways to which the key request device and the target device respectively belong.
Specifically, when the determination result of the device location determining module 502 is yes, the key allocation control module 503 sends a quantum key allocation notification to the first edge gateway, where a key pool indicated in the quantum key allocation notification is a key pool between the first edge gateway and an OLT connected to the first edge gateway; the key distribution object indicated in the quantum key distribution notice comprises the key request device and the destination device; and the key distribution control module 503 sends a first quantum key distribution notification to the first edge gateway when the determination result of the device location determination module 502 is negative; sending a second quantum key distribution notification to a second edge gateway;
the first edge gateway and the second edge gateway are respectively an edge gateway to which the key request equipment and the target equipment belong; the key pool indicated in the first and second quantum key distribution notices is the key pool between the first and second edge gateways; the key distribution objects indicated in the first and second quantum key distribution notifications are the key request device and the destination device, respectively.
In the Internet of things system provided by the invention, a quantum key management center analyzes a key request device and a target device from a quantum key request forwarded by an edge gateway; judging whether the key request equipment and the target equipment belong to equipment under the same edge gateway or not; if yes, distributing quantum keys in a key pool between an OLT (optical line terminal) connected with the edge gateway and the edge gateway in the Internet of things system to the key request device and the target device through the edge gateway; otherwise, distributing the quantum key in the key pool between the two edge gateways to the key request device and the destination device respectively through the two edge gateways to which the key request device and the destination device belong respectively. Therefore, quantum keys are distributed to the devices in the Internet of things system, information transmitted among the devices can be encrypted through the safer quantum keys, and the communication safety in the Internet of things system is improved.
Computer-or server-readable media of the embodiments, including non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (10)

1. An internet of things system, comprising: the application layer is characterized by further comprising: the system comprises a perception layer, a network layer and a quantum key management center; wherein the content of the first and second substances,
the edge gateway in the perception layer is used for forwarding a quantum key request sent by the intelligent terminal in the perception layer to the quantum key management center;
the quantum key management center is used for analyzing a key request device and a target device from the quantum key request and then judging whether the key request device and the target device belong to devices under the same edge gateway or not; if yes, sending a quantum key distribution notice to the edge gateway, indicating the edge gateway, and distributing the quantum key in a key pool between an OLT (optical line terminal) connected with the edge gateway in the network layer and the edge gateway to the key request device and the destination device; otherwise, sending quantum key distribution notification to two edge gateways to which the key request device and the destination device belong respectively, and instructing the two edge gateways to distribute quantum keys in a key pool between the two edge gateways to the key request device and the destination device respectively;
and the edge gateway is also used for acquiring the quantum key from the key pool indicated by the quantum key distribution notice after receiving the quantum key distribution notice, and distributing the quantum key to the key distribution object indicated by the quantum key distribution notice.
2. The internet of things system of claim 1, wherein the quantum key management center specifically comprises:
the quantum key request analysis module is used for receiving the quantum key request forwarded by the edge gateway and then analyzing key request equipment and target equipment;
the device position judging module is used for judging whether the key request device and the target device belong to devices under the same edge gateway or not;
a key distribution control module, configured to, when the determination result of the device location determination module is yes, distribute, through the edge gateway, a quantum key in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, distributing the quantum key in the key pool between the two edge gateways to the key request device and the target device through the two edge gateways to which the key request device and the target device respectively belong.
3. The IOT system of claim 1,
the key allocation control module is specifically configured to send a quantum key allocation notification to the first edge gateway when the determination result of the device location determination module is yes, where a key pool indicated in the quantum key allocation notification is a key pool between the first edge gateway and an OLT connected to the first edge gateway; the key distribution object indicated in the quantum key distribution notice comprises the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, sending a first quantum key distribution notice to a first edge gateway; sending a second quantum key distribution notification to a second edge gateway;
the first edge gateway and the second edge gateway are respectively an edge gateway to which the key request equipment and the target equipment belong; the key pool indicated in the first and second quantum key distribution notices is the key pool between the first and second edge gateways; the key distribution objects indicated in the first and second quantum key distribution notifications are the key request device and the destination device, respectively.
4. A quantum key distribution method in an Internet of things system is characterized by comprising the following steps:
analyzing a key request device and a target device from the quantum key request forwarded by the edge gateway;
judging whether the key request equipment and the target equipment belong to equipment under the same edge gateway or not;
if yes, distributing quantum keys in a key pool between an OLT (optical line terminal) connected with the edge gateway and the edge gateway in the Internet of things system to the key request device and the target device through the edge gateway;
otherwise, distributing the quantum key in the key pool between the two edge gateways to the key request device and the destination device respectively through the two edge gateways to which the key request device and the destination device belong respectively.
5. The method of claim 4, wherein the quantum keys in the key pool between the two edge gateways are pre-generated according to the following method:
for the condition that the two edge gateways belong to the same metro network quantum node, the two edge gateways generate quantum keys in the key pool by taking the connected OLT as a relay;
and for the condition that the two edge gateways belong to two metro network quantum nodes respectively, the two edge gateways generate the quantum keys in the key pool by taking the OLT connected with the two edge gateways and the two metro network quantum nodes as relays.
6. The method according to claim 4, wherein the allocating quantum keys in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key requesting device and the destination device specifically comprises:
for the condition that the key request device/destination device is a mobile intelligent terminal, the edge gateway encrypts the quantum key acquired from the key pool by adopting an encryption mechanism based on wireless physical layer security and then sends the encrypted quantum key to the key request device/destination device;
and for the condition that the key request device/target device is a fixed intelligent terminal, the edge gateway encrypts the quantum key acquired from the key pool based on an encryption mechanism of the physical layer security of the optical fiber channel and then transmits the encrypted quantum key to the key request device/target device.
7. The method according to claim 4, wherein the allocating quantum keys in the key pool between the two edge gateways to the key requesting device and the destination device respectively comprises:
the first edge gateway acquires a quantum key from a key pool between the first edge gateway and the second edge gateway indicated in the first quantum key distribution notice according to the received first quantum key distribution notice, and sends the quantum key to the key request device;
the second edge gateway acquires the quantum key from the key pool between the first edge gateway and the second edge gateway indicated in the second quantum key distribution notice according to the received second quantum key distribution notice, and sends the quantum key to the destination device;
the first and second edge gateways are the edge gateways to which the key request device and the destination device belong, respectively.
8. The method according to claim 7, wherein the first edge gateway obtains a quantum key from a key pool between the first edge gateway and the second edge gateway indicated in the first quantum key distribution notification according to the received first quantum key distribution notification, and sends the quantum key to the key request device, specifically including:
if the key request device is a mobile intelligent terminal, the first edge gateway sends the acquired quantum key to the key request device by adopting a first key distribution mechanism;
if the key request device is a fixed intelligent terminal, the first edge gateway sends the acquired quantum key to the key request device by adopting a second key distribution mechanism;
in the first key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object by adopting an encryption mechanism based on wireless physical layer security;
in the second key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object based on an encryption mechanism of the physical layer security of the fiber channel.
9. The method according to claim 7, wherein the second edge gateway obtains the quantum key from the key pool between the first edge gateway and the second edge gateway indicated in the second quantum key distribution notification according to the received second quantum key distribution notification, and sends the quantum key to the destination device, specifically including:
if the destination device is a mobile intelligent terminal, the second edge gateway sends the acquired quantum key to the destination device by adopting a first key distribution mechanism;
if the destination device is a fixed intelligent terminal, the second edge gateway sends the acquired quantum key to the destination device by adopting a second key distribution mechanism;
in the first key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object by adopting an encryption mechanism based on wireless physical layer security;
in the second key distribution mechanism, the edge gateway encrypts the quantum key obtained from the key pool and sends the encrypted quantum key to the key distribution object based on an encryption mechanism of the physical layer security of the fiber channel.
10. A quantum key distribution device in an Internet of things system is characterized by comprising:
the quantum key request analysis module is used for receiving the quantum key request forwarded by the edge gateway and then analyzing key request equipment and target equipment;
the device position judging module is used for judging whether the key request device and the target device belong to devices under the same edge gateway or not;
a key distribution control module, configured to, when the determination result of the device location determination module is yes, distribute, through the edge gateway, a quantum key in a key pool between an OLT connected to the edge gateway in the internet of things system and the edge gateway to the key request device and the destination device; and under the condition that the judgment result of the device position judgment module is negative, respectively distributing the quantum keys in the key pool between the two edge gateways to the key request device and the target device through the two edge gateways to which the key request device and the target device respectively belong.
CN201911143585.1A 2019-11-20 2019-11-20 Internet of things system and quantum key distribution method and device thereof Pending CN111049645A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911143585.1A CN111049645A (en) 2019-11-20 2019-11-20 Internet of things system and quantum key distribution method and device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911143585.1A CN111049645A (en) 2019-11-20 2019-11-20 Internet of things system and quantum key distribution method and device thereof

Publications (1)

Publication Number Publication Date
CN111049645A true CN111049645A (en) 2020-04-21

Family

ID=70232706

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911143585.1A Pending CN111049645A (en) 2019-11-20 2019-11-20 Internet of things system and quantum key distribution method and device thereof

Country Status (1)

Country Link
CN (1) CN111049645A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112910636A (en) * 2021-01-11 2021-06-04 国家电网有限公司 Quantum key distribution Internet of things publishing and subscribing system based on SDN
CN113179154A (en) * 2021-03-25 2021-07-27 北京邮电大学 Resource joint distribution method in quantum key distribution Internet of things and related equipment
CN113708929A (en) * 2021-08-26 2021-11-26 东南大学 Method for pushing quantum key at fixed time by edge gateway of Internet of things
CN114697012A (en) * 2020-12-30 2022-07-01 科大国盾量子技术股份有限公司 Real-time wide area user node quantum key secret communication method
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281136A (en) * 2011-07-28 2011-12-14 中国电力科学研究院 Quantum key distribution system for safety communication of electric vehicle intelligent charging network
CN103023579A (en) * 2012-12-07 2013-04-03 安徽问天量子科技股份有限公司 Method for conducting quantum secret key distribution on passive optical network and passive optical network
CN104703059A (en) * 2013-12-09 2015-06-10 ***通信集团设计院有限公司 Planning method and device of broadband access network
CN108696353A (en) * 2018-05-30 2018-10-23 厦门科华恒盛股份有限公司 A kind of distribution method of quantum key and system, service station
CN108737434A (en) * 2018-05-30 2018-11-02 厦门科华恒盛股份有限公司 A kind of cryptographic key distribution method and system based on quantum, service station
CN109104428A (en) * 2018-08-28 2018-12-28 南京航空航天大学 Internet of things data quantum encrypted transmission equipment and transmission method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281136A (en) * 2011-07-28 2011-12-14 中国电力科学研究院 Quantum key distribution system for safety communication of electric vehicle intelligent charging network
CN103023579A (en) * 2012-12-07 2013-04-03 安徽问天量子科技股份有限公司 Method for conducting quantum secret key distribution on passive optical network and passive optical network
CN104703059A (en) * 2013-12-09 2015-06-10 ***通信集团设计院有限公司 Planning method and device of broadband access network
CN108696353A (en) * 2018-05-30 2018-10-23 厦门科华恒盛股份有限公司 A kind of distribution method of quantum key and system, service station
CN108737434A (en) * 2018-05-30 2018-11-02 厦门科华恒盛股份有限公司 A kind of cryptographic key distribution method and system based on quantum, service station
CN109104428A (en) * 2018-08-28 2018-12-28 南京航空航天大学 Internet of things data quantum encrypted transmission equipment and transmission method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MANINDER KAUR ET AL: "《Security in IoT-Based Smart Grid Through Quantum Key Distribution》", 《ADVANCES IN INTELLIGENT SYSTEMS AND COMPUTING》 *
XIANGYU MENG ET AL: "《Residual-adaptive Key Provisioning in Quantum-Key-Distribution Enhanced Internet of Things (Q-IoT)》", 《2020 INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING (IWCMC)》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114697012A (en) * 2020-12-30 2022-07-01 科大国盾量子技术股份有限公司 Real-time wide area user node quantum key secret communication method
CN112910636A (en) * 2021-01-11 2021-06-04 国家电网有限公司 Quantum key distribution Internet of things publishing and subscribing system based on SDN
CN113179154A (en) * 2021-03-25 2021-07-27 北京邮电大学 Resource joint distribution method in quantum key distribution Internet of things and related equipment
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal
CN113708929A (en) * 2021-08-26 2021-11-26 东南大学 Method for pushing quantum key at fixed time by edge gateway of Internet of things
CN113708929B (en) * 2021-08-26 2022-07-01 东南大学 Method for regularly pushing quantum key by edge gateway of Internet of things

Similar Documents

Publication Publication Date Title
CN111049645A (en) Internet of things system and quantum key distribution method and device thereof
Liu et al. Authentication and access control in the internet of things
US20200403787A1 (en) Quantum entropy distributed via software defined perimeter connections
Basu et al. Design challenges and security issues in the Internet of Things
Bhasker Genetically derived secure cluster‐based data aggregation in wireless sensor networks
CN105530253B (en) Wireless sensor network access authentication method under Restful framework based on CA certificate
EP3570487B1 (en) Private key generation method, device and system
Mehmood et al. A comprehensive literature review of data encryption techniques in cloud computing and IoT environment
Murugesan et al. Analysis on homomorphic technique for data security in fog computing
CN107079293A (en) A kind of enhanced method of gprs system key, SGSN equipment, UE, HLR/HSS and gprs system
Singh et al. Secure layers based architecture for Internet of Things
Park et al. Inter-authentication and session key sharing procedure for secure M2M/IoT environment
CN115567210A (en) Method and system for realizing zero trust access by quantum key distribution
CN110972136A (en) Internet of things safety communication module, terminal, safety control system and authentication method
Srikanth et al. An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems
CN109995739A (en) A kind of information transferring method, client, server and storage medium
Weng et al. A lightweight anonymous authentication and secure communication scheme for fog computing services
JP2018093456A (en) Secure network communication method
US20240072996A1 (en) System and method for key establishment
Mangla et al. Secure data transmission using quantum cryptography in fog computing
US20230006993A1 (en) Authentication of an Entity
Ambili et al. A secure software defined networking based framework for IoT networks
Wang et al. Power maximisation technique for generating secret keys by exploiting physical layer security in wireless communication
CN117081741A (en) Safety processing method and system for oil-gas pipe network data
Suryadevara et al. Secured multimedia authentication system for wireless sensor network data related to Internet of Things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200421