[go: up one dir, main page]

CN109005034B - Multi-tenant quantum key supply method and device - Google Patents

Multi-tenant quantum key supply method and device Download PDF

Info

Publication number
CN109005034B
CN109005034B CN201811094174.3A CN201811094174A CN109005034B CN 109005034 B CN109005034 B CN 109005034B CN 201811094174 A CN201811094174 A CN 201811094174A CN 109005034 B CN109005034 B CN 109005034B
Authority
CN
China
Prior art keywords
quantum key
tenant
pair
quantum
distribution nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811094174.3A
Other languages
Chinese (zh)
Other versions
CN109005034A (en
Inventor
赵永利
曹原
郁小松
刘枫
齐维孔
张�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
China Academy of Space Technology CAST
Original Assignee
Beijing University of Posts and Telecommunications
China Academy of Space Technology CAST
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications, China Academy of Space Technology CAST filed Critical Beijing University of Posts and Telecommunications
Priority to CN201811094174.3A priority Critical patent/CN109005034B/en
Publication of CN109005034A publication Critical patent/CN109005034A/en
Application granted granted Critical
Publication of CN109005034B publication Critical patent/CN109005034B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multi-tenant quantum key supply method and device. The method comprises the following steps: acquiring parameter information of a quantum key distribution network; after receiving a plurality of tenant requests, recording parameter information of each tenant request and inquiring quantum key information associated with the tenant requests; and determining the quantum key supplied for each tenant according to the parameter information of the quantum key distribution network, the parameter information of each tenant request and the quantum key information associated with the tenant request. The scheme provided by the invention can improve the configuration flexibility of the multi-tenant quantum key and the supply efficiency of the quantum key in the quantum key distribution network.

Description

一种多租户量子密钥供应方法及装置A kind of multi-tenant quantum key supply method and device

技术领域technical field

本发明涉及通信技术领域,具体涉及一种多租户量子密钥供应方法及装置。The present invention relates to the field of communication technologies, in particular to a multi-tenant quantum key supply method and device.

背景技术Background technique

在信息化时代中信息网络安全性和保密性十分重要。QKD(Quantum KeyDistribution,量子密钥分发)技术可以为具有高安全需求的用户提供理论上“无条件安全”的量子密钥,从而保障用户机密与敏感数据的安全通信。QKD网络可以作为用户安全通信的支撑网络,但是当前部署QKD网络的成本高且难度大,一些具有高安全需求的机构(如金融机构、政府机关等)都难以部署专有的QKD网络。QKD网络可以不断地产生并存储量子密钥,多个租户(一个租户对应一个具有高安全需求的机构)可以租用同一个QKD网络,并从中获取所需的量子密钥保障安全通信。多个租户获取的量子密钥各不相同,量子密钥在使用一次以后即被销毁。In the information age, information network security and confidentiality are very important. QKD (Quantum Key Distribution, Quantum Key Distribution) technology can provide theoretically "unconditionally secure" quantum keys for users with high security requirements, thereby ensuring secure communication of user secrets and sensitive data. The QKD network can be used as a support network for users' secure communication, but the current deployment of the QKD network is costly and difficult, and some institutions with high security requirements (such as financial institutions, government agencies, etc.) are difficult to deploy a proprietary QKD network. The QKD network can continuously generate and store quantum keys, and multiple tenants (one tenant corresponds to an institution with high security requirements) can rent the same QKD network and obtain the required quantum keys from it to ensure secure communication. The quantum keys obtained by multiple tenants are different, and the quantum keys are destroyed after being used once.

在QKD网络中,多个租户动态地到达与离去,且每个租户到达之前均是未知的,如何实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配变得十分关键。现有QKD网络中缺少高效的动态多租户量子密钥供应方法,相关技术中主要采用人工方法逐个完成多租户的量子密钥供应与配置,因此难以实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配,从而造成现有QKD网络中多租户的配置不灵活、量子密钥资源供应效率不高的问题。In the QKD network, multiple tenants arrive and leave dynamically, and each tenant is unknown until they arrive. How to achieve efficient supply and demand matching between the quantum keys supplied by the QKD network and the quantum keys required by dynamic multi-tenancy becomes very critical. The existing QKD network lacks an efficient dynamic multi-tenant quantum key supply method. In related technologies, manual methods are mainly used to complete the multi-tenant quantum key supply and configuration one by one, so it is difficult to realize the quantum key and dynamic multi-tenancy provided by the QKD network. The efficient supply and demand matching of the required quantum keys results in the problems of inflexible configuration of multi-tenancy in the existing QKD network and inefficient supply of quantum key resources.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明的目的在于提出一种多租户量子密钥供应方法及装置,能提高多租户的配置灵活性和量子密钥的供应效率。In view of this, the purpose of the present invention is to provide a multi-tenant quantum key supply method and device, which can improve the multi-tenant configuration flexibility and the quantum key supply efficiency.

根据本发明的一个方面,提供一种多租户量子密钥供应方法,包括:According to an aspect of the present invention, a multi-tenant quantum key provisioning method is provided, comprising:

获取量子密钥分发网络的参数信息;Obtain the parameter information of the quantum key distribution network;

在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息;After receiving multiple tenant requests, record the parameter information requested by each tenant and query the quantum key information associated with the tenant request;

根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。The quantum key provided for each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request.

优选的,所述获取量子密钥分发网络的参数信息,包括:Preferably, the obtaining parameter information of the quantum key distribution network includes:

获取量子密钥分发网络的拓扑信息;Obtain the topology information of the quantum key distribution network;

获取每对分发节点间的量子密钥生成速率、量子密钥存储量阈值、量子密钥预留存储量。Obtain the quantum key generation rate, quantum key storage threshold, and quantum key reserved storage between each pair of distribution nodes.

优选的,所述记录每个租户请求的参数信息,包括:Preferably, the recording of parameter information requested by each tenant includes:

记录每个租户请求的节点集合、每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求;Record the node set requested by each tenant, the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant;

所述查询与所述租户请求关联的量子密钥信息,包括:The querying quantum key information associated with the tenant request includes:

查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。Query the information of the previous tenant's request for quantum key supply between each pair of distribution nodes, and the amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant.

优选的,所述根据量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥,包括:Preferably, the quantum key provided for each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request, including:

根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;According to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant, determine the required quantum key between each pair of distribution nodes corresponding to each tenant request quantity;

根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes . The amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and determines the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request;

根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;According to the comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes;

根据所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。According to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, the quantum key provided for each tenant is determined.

优选的,所述根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量,包括:Preferably, the amount of quantum keys available between each pair of distribution nodes is determined according to the comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, including:

当所述理论量子密钥存储量大于量子密钥存储量阈值时,确定每对分发节点间可用的量子密钥量选取量子密钥存储量阈值;When the theoretical quantum key storage volume is greater than the quantum key storage volume threshold, determine the quantum key storage volume threshold available between each pair of distribution nodes and select the quantum key storage volume threshold;

当所述理论量子密钥存储量小于或等于量子密钥存储量阈值时,确定每对分发节点间可用的量子密钥量选取理论量子密钥存储量。When the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes and select the theoretical quantum key storage amount.

优选的,所述根据每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥,包括:Preferably, the quantum key provided for each tenant is determined according to the comparison result between the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, including:

当所述每对分发节点间可用的量子密钥量大于或等于每对分发节点间的需求量子密钥量时,从对应分发节点中选取所述需求量子密钥量,供应给租户请求对应的节点。When the amount of quantum keys available between each pair of distribution nodes is greater than or equal to the required amount of quantum keys between each pair of distribution nodes, the required amount of quantum keys is selected from the corresponding distribution nodes, and supplied to the tenant to request the corresponding amount of quantum keys node.

优选的,所述方法还包括:Preferably, the method further includes:

监控并更新量子密钥分发网络中每对分发节点间实时剩余的量子密钥量。Monitor and update the real-time remaining quantum key amount between each pair of distribution nodes in the quantum key distribution network.

根据本发明的另一个方面,提供一种多租户量子密钥供应装置,包括:According to another aspect of the present invention, there is provided a multi-tenant quantum key supply device, comprising:

网络信息获取模块,用于获取量子密钥分发网络的参数信息;The network information acquisition module is used to acquire the parameter information of the quantum key distribution network;

租户记录和查询模块,用于在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息;A tenant recording and query module, configured to record the parameter information of each tenant request and query the quantum key information associated with the tenant request after receiving multiple tenant requests;

量子密钥供应模块,用于根据所述网络信息获取模块获取的量子密钥分发网络的参数信息、所述租户记录和查询模块所记录的每个租户请求的参数信息和查询的与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。The quantum key supply module is used for the parameter information of the quantum key distribution network obtained by the network information obtaining module, the parameter information requested by each tenant recorded by the tenant record and the query module, and the queried relationship with the tenant. Request the associated quantum key information to determine the quantum key provisioned for each tenant.

优选的,所述网络信息获取模块包括:Preferably, the network information acquisition module includes:

拓扑信息获取模块,用于获取量子密钥分发网络的拓扑信息;The topology information acquisition module is used to acquire the topology information of the quantum key distribution network;

速率信息获取模块,用于获取每对分发节点间的量子密钥生成速率;The rate information acquisition module is used to acquire the quantum key generation rate between each pair of distribution nodes;

存储信息获取模块,用于获取每对分发节点间的量子密钥存储量阈值;The storage information acquisition module is used to acquire the quantum key storage threshold between each pair of distribution nodes;

预留信息获取模块,用于获取每对分发节点间的量子密钥预留存储量。The reserved information acquisition module is used to acquire the reserved quantum key storage amount between each pair of distribution nodes.

优选的,所述租户记录和查询模块包括:Preferably, the tenant record and query module includes:

节点记录模块,用于记录每个租户请求的节点集合;The node record module is used to record the node set requested by each tenant;

时间记录模块,用于记录每个租户请求的到达时间和持续时间;Time recording module to record the arrival time and duration of each tenant request;

需求记录模块,用于记录每个租户请求的节点集合中每对分发节点间的量子密钥需求;The demand recording module is used to record the quantum key demand between each pair of distribution nodes in the node set requested by each tenant;

查询模块,用于查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。The query module is used to query the information of the previous tenant's request for quantum key supply between each pair of distribution nodes, and the quantum key amount remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant.

优选的,所述量子密钥供应模块包括:Preferably, the quantum key supply module includes:

计算模块,用于根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;A computing module, configured to determine the interval between each pair of distribution nodes corresponding to each tenant request according to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant According to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage, the arrival time and duration of each tenant’s request, and the completion of quantum keys between each pair of distribution nodes The supplied information of the previous tenant's request, the quantum key amount remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request is determined;

判断模块,用于判断理论量子密钥存储量是否大于所述量子密钥存储量阈值,判断每对分发节点间可用的量子密钥量是否大于或等于每对分发节点间的需求量子密钥量;The judgment module is used for judging whether the theoretical quantum key storage amount is greater than the quantum key storage amount threshold, and judging whether the quantum key amount available between each pair of distribution nodes is greater than or equal to the required quantum key amount between each pair of distribution nodes ;

决策模块,用于根据所述判断模块中所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;a decision module, configured to determine the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module;

执行模块,用于根据所述决策模块中确定的每对分发节点间可用的量子密钥量,及所述判断模块中所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。The execution module is configured to determine the amount of quantum keys available between each pair of distribution nodes in the decision module, and the amount of quantum keys available between each pair of distribution nodes in the judgment module and the amount of quantum keys available between each pair of distribution nodes. The results of the comparison of the required quantum keys amount to determine the quantum keys supplied for each tenant.

优选的,所述量子密钥供应模块还包括:Preferably, the quantum key supply module further includes:

监控模块,用于监控并更新量子密钥分发网络中每对分发节点间实时剩余的量子密钥量。The monitoring module is used to monitor and update the real-time remaining quantum key amount between each pair of distribution nodes in the quantum key distribution network.

综上所述,本发明实施例的技术方案,可以获取量子密钥分发网络的参数信息,在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息,然后根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。因此,本发明方案可以自动根据相关参数信息计算出为每个租户供应的量子密钥,在参数信息发生变化时也可以自动调整为每个租户供应的量子密钥,就无需再采用人工方法逐个完成多租户的量子密钥供应与配置,从而实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配,提升了量子密钥分发网络中多租户量子密钥的配置灵活性和量子密钥的供应效率。To sum up, the technical solutions of the embodiments of the present invention can obtain parameter information of the quantum key distribution network, and after receiving multiple tenant requests, record the parameter information requested by each tenant and query the information associated with the tenant request. quantum key information, and then determine the quantum key provided for each tenant according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request. Therefore, the solution of the present invention can automatically calculate the quantum key provided for each tenant according to the relevant parameter information, and can also automatically adjust the quantum key provided for each tenant when the parameter information changes, so there is no need to use manual methods one by one. Complete the multi-tenant quantum key supply and configuration, so as to realize the efficient supply and demand matching between the quantum keys supplied by the QKD network and the quantum keys required by dynamic multi-tenancy, and improve the flexible configuration of multi-tenant quantum keys in the quantum key distribution network. security and supply efficiency of quantum keys.

附图说明Description of drawings

通过结合附图对本公开示例性实施方式进行更详细的描述,本公开的上述以及其它目的、特征和优势将变得更加明显,其中,在本公开示例性实施方式中,相同的参考标号通常代表相同部件。The above and other objects, features and advantages of the present disclosure will become more apparent from the more detailed description of the exemplary embodiments of the present disclosure taken in conjunction with the accompanying drawings, wherein the same reference numerals generally refer to the exemplary embodiments of the present disclosure. same parts.

图1是量子密钥分发网络的示意图;Figure 1 is a schematic diagram of a quantum key distribution network;

图2是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法的示意性流程图;2 is a schematic flowchart of a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention;

图3是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤201的一示意性流程图;3 is a schematic flowchart of step 201 in a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention;

图4是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤202的一示意性流程图;4 is a schematic flowchart of step 202 in a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention;

图5是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤203的一示意性流程图;5 is a schematic flowchart of step 203 in a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention;

图6是根据本发明的一个实施例的量子密钥分发网络应用例示意图;6 is a schematic diagram of an application example of a quantum key distribution network according to an embodiment of the present invention;

图7是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应装置的示意性方框图;7 is a schematic block diagram of a multi-tenant quantum key supply device in a quantum key distribution network according to an embodiment of the present invention;

图8是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应装置的另一示意性方框图。Fig. 8 is another schematic block diagram of a multi-tenant quantum key supply apparatus in a quantum key distribution network according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明进一步详细说明。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to specific embodiments and accompanying drawings.

虽然附图中显示了本公开的优选实施方式,然而应该理解,可以以各种形式实现本公开而不应被这里阐述的实施方式所限制。相反,提供这些实施方式是为了使本公开更加透彻和完整,并且能够将本公开的范围完整地传达给本领域的技术人员。While preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

本发明提供一种多租户量子密钥供应方法,能提升量子密钥分发网络中多租户量子密钥的配置灵活性和量子密钥的供应效率。The invention provides a multi-tenant quantum key supply method, which can improve the configuration flexibility of multi-tenant quantum keys and the supply efficiency of quantum keys in a quantum key distribution network.

以下结合附图详细描述本发明实施例的技术方案。The technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.

图1是量子密钥分发网络的示意图。Figure 1 is a schematic diagram of a quantum key distribution network.

如图1所示,QKD网络中包括节点A、节点B、节点C、节点D、节点E,其中QKD节点位于具有高安全需求的用户端节点处,QKD链路包含承载量子光信号和同步光信号的量子信道以及承载基矢比对、误码校验等协商信息的协商信道。由于量子态的不可克隆特性导致量子信号不能被放大,QKD节点间可部署多个可信中继节点延长QKD距离。QKD节点中包含多个QKD发送端、多个QKD接收端、密钥管理服务器等组件。QKD网络中任意一对QKD节点间均可以利用QKD链路连通QKD发送端与QKD接收端进行量子密钥分发,产生理论上“无条件安全”的量子密钥,并将量子密钥存储在密钥管理服务器中。其中,密钥管理服务器可以控制量子密钥分发发送端和量子密钥分发接收端同步产生量子密钥,存储量子密钥,为具有高安全需求的租户供应量子密钥以及在量子密钥使用一次后销毁量子密钥。As shown in Figure 1, the QKD network includes node A, node B, node C, node D, and node E, where the QKD node is located at the user-end node with high security requirements, and the QKD link contains quantum optical signals and synchronous optical signals. The quantum channel of the signal and the negotiation channel that carries negotiation information such as basis vector comparison and bit error check. Due to the unclonable nature of quantum states, quantum signals cannot be amplified, and multiple trusted relay nodes can be deployed between QKD nodes to extend the QKD distance. The QKD node includes multiple QKD senders, multiple QKD receivers, key management servers and other components. Any pair of QKD nodes in the QKD network can use the QKD link to connect the QKD sender and the QKD receiver for quantum key distribution, generating a theoretically "unconditionally secure" quantum key, and storing the quantum key in the key in the management server. Among them, the key management server can control the quantum key distribution sender and the quantum key distribution receiver to generate quantum keys synchronously, store quantum keys, supply quantum keys for tenants with high security requirements, and use quantum keys once Then destroy the quantum key.

图2是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法的示意性流程图。该方法可以应用于量子密钥分发网络中的多租户量子密钥供应装置。FIG. 2 is a schematic flowchart of a method for supplying a multi-tenant quantum key in a quantum key distribution network according to an embodiment of the present invention. The method can be applied to a multi-tenant quantum key supply device in a quantum key distribution network.

关于本发明实施例的多租户,多个逻辑上隔离的租户可以共存在同一个底层网络上共享其网络中的资源。量子密钥资源的独特属性使得量子密钥不断在QKD节点间产生且不断被多个租户消耗,量子密钥不能重复使用且使用一次以后将会被销毁。QKD网络中每个租户请求由若干具有高安全需求的用户端节点以及对应每对用户端节点间的量子密钥需求组成。一般量子密钥需求可以包括量子密钥量需求和量子密钥速率需求两种类型。多个租户均会动态地到达与离去,且每个租户到达之前均是未知。本发明利用多租户的思想可以实现QKD网络基础设施与高安全需求用户的彻底分离,使多个用户可以通过租用QKD网络的形式获得满足其安全需求的量子密钥资源,而不用关心具体的底层QKD组网细节(成本、难度等),大大提升了QKD网络中量子密钥资源的利用率。Regarding the multi-tenancy in the embodiment of the present invention, multiple logically isolated tenants may coexist on the same underlying network and share resources in their network. The unique properties of quantum key resources make quantum keys continuously generated between QKD nodes and continuously consumed by multiple tenants. Quantum keys cannot be reused and will be destroyed after being used once. Each tenant request in the QKD network consists of several user end nodes with high security requirements and the corresponding quantum key requirements between each pair of user end nodes. General quantum key requirements can include two types of quantum key volume requirements and quantum key rate requirements. Multiple tenants arrive and leave dynamically, and each tenant is unknown until they arrive. The invention uses the idea of multi-tenancy to realize the complete separation of QKD network infrastructure and users with high security requirements, so that multiple users can obtain quantum key resources that meet their security requirements by renting the QKD network, without caring about the specific underlying layer. The QKD networking details (cost, difficulty, etc.) greatly improve the utilization of quantum key resources in the QKD network.

本发明针对现有技术的缺点和QKD网络中量子密钥资源的独特属性,提出了一种QKD网络中动态多租户量子密钥供应方法,此方法可以实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配。Aiming at the shortcomings of the prior art and the unique properties of quantum key resources in the QKD network, the present invention proposes a dynamic multi-tenant quantum key supply method in the QKD network. Efficient supply and demand matching of quantum keys required by tenants.

参照图2,所述方法包括:Referring to Figure 2, the method includes:

步骤201、获取量子密钥分发网络的参数信息。Step 201: Obtain parameter information of the quantum key distribution network.

该步骤包括获取量子密钥分发网络的拓扑信息;获取每对分发节点间的量子密钥生成速率、量子密钥存储量阈值、量子密钥预留存储量。The step includes acquiring topology information of the quantum key distribution network; acquiring the quantum key generation rate, quantum key storage threshold, and quantum key reserved storage between each pair of distribution nodes.

步骤202、在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息。Step 202: After receiving multiple tenant requests, record parameter information of each tenant request and query quantum key information associated with the tenant request.

其中所述记录每个租户请求的参数信息,包括:记录每个租户请求的节点集合、每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求;The recording of the parameter information requested by each tenant includes: recording the node set requested by each tenant, the arrival time and duration of each tenant request, and the quantum secret between each pair of distribution nodes in the node set requested by each tenant. key requirements;

其中所述查询与所述租户请求关联的量子密钥信息,包括:查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。The querying of quantum key information associated with the tenant request includes: querying the previous tenant request information for completing quantum key supply between each pair of distribution nodes, and each pair of distribution nodes requesting the supply of quantum keys for the previous tenant The amount of quantum key remaining after that.

步骤203、根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。Step 203: Determine the quantum key provided for each tenant according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request.

该步骤可以包括:This step can include:

根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;According to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant, determine the required quantum key between each pair of distribution nodes corresponding to each tenant request quantity;

根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes . The amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and determines the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request;

根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;According to the comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes;

根据所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。According to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, the quantum key provided for each tenant is determined.

本发明实施例的技术方案,可以获取量子密钥分发网络的参数信息,在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息,然后根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。因此,本发明方案可以自动根据相关参数信息计算出为每个租户供应的量子密钥,在参数信息发生变化时也可以自动调整为每个租户供应的量子密钥,就无需再采用人工方法逐个完成多租户的量子密钥供应与配置,从而实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配,提升了量子密钥分发网络中多租户量子密钥的配置灵活性和量子密钥的供应效率。The technical solution of the embodiment of the present invention can obtain the parameter information of the quantum key distribution network, after receiving multiple tenant requests, record the parameter information requested by each tenant and query the quantum key information associated with the tenant request, The quantum key provided for each tenant is then determined according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request. Therefore, the solution of the present invention can automatically calculate the quantum key provided for each tenant according to the relevant parameter information, and can also automatically adjust the quantum key provided for each tenant when the parameter information changes, so there is no need to use manual methods one by one. Complete the multi-tenant quantum key supply and configuration, so as to realize the efficient supply and demand matching between the quantum keys supplied by the QKD network and the quantum keys required by dynamic multi-tenancy, and improve the flexible configuration of multi-tenant quantum keys in the quantum key distribution network. security and supply efficiency of quantum keys.

图3是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤201的一示意性流程图。FIG. 3 is a schematic flowchart of step 201 in a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention.

在图3中包括:In Figure 3 include:

步骤301,获取量子密钥分发网络拓扑信息。Step 301: Obtain quantum key distribution network topology information.

其中,底层QKD网络拓扑中的QKD节点对应具有高安全需求的用户端节点。Among them, the QKD nodes in the underlying QKD network topology correspond to the client nodes with high security requirements.

步骤302,获取每对量子密钥分发节点间的量子密钥生成速率。Step 302: Obtain the quantum key generation rate between each pair of quantum key distribution nodes.

其中,每对量子密钥分发节点间连通QKD链路后会以一定速率源源不断地产生量子密钥。Among them, each pair of quantum key distribution nodes will continuously generate quantum keys at a certain rate after the QKD link is connected.

步骤303,获取每对量子密钥分发节点间的量子密钥存储量阈值KmaxStep 303: Obtain the quantum key storage threshold K max between each pair of quantum key distribution nodes.

其中,每对量子密钥分发节点间在密钥管理服务器中的量子密钥存储量阈值由存储空间大小决定。Among them, the quantum key storage threshold in the key management server between each pair of quantum key distribution nodes is determined by the size of the storage space.

步骤304,获取每对量子密钥分发节点间的量子密钥预留存储量。Step 304: Obtain the quantum key reserved storage amount between each pair of quantum key distribution nodes.

其中,在动态多租户请求到达之前,为每对量子密钥分发节点间预留一定的量子密钥存储量,可以避免QKD网络刚开始运营时由于量子密钥存储量不足而造成的多租户量子密钥供应失败。Among them, before the dynamic multi-tenant request arrives, a certain amount of quantum key storage is reserved between each pair of quantum key distribution nodes, which can avoid the multi-tenant quantum key storage caused by insufficient quantum key storage when the QKD network first starts to operate. Key provisioning failed.

需说明的是,步骤301、302、303、304之间没有必然的顺序关系。It should be noted that there is no necessary sequence relationship among steps 301 , 302 , 303 and 304 .

图4是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤202的一示意性流程图。FIG. 4 is a schematic flowchart of step 202 in a method for supplying multi-tenant quantum keys in a quantum key distribution network according to an embodiment of the present invention.

在图4中包括:In Figure 4 include:

步骤401,记录每个租户请求的具有高安全需求的租户端节点集合。Step 401: Record the set of tenant end nodes with high security requirements requested by each tenant.

其中,节点集合中每个具有高安全需求的节点与底层量子密钥分发网络中的量子密钥分发节点具有对应关系。Among them, each node with high security requirements in the node set has a corresponding relationship with the quantum key distribution node in the underlying quantum key distribution network.

步骤402,记录每个租户请求的到达时间和持续时间。Step 402, record the arrival time and duration of each tenant request.

其中,多个租户请求的到达时间和持续时间可以相同或不同。The arrival times and durations of multiple tenant requests may be the same or different.

步骤403,记录每个租户请求的节点集合中每对节点间的量子密钥需求。Step 403: Record the quantum key requirement between each pair of nodes in the node set requested by each tenant.

其中,量子密钥需求可以包括量子密钥量需求和量子密钥速率需求两种类型。Among them, the quantum key requirements can include two types of quantum key volume requirements and quantum key rate requirements.

步骤404,查询每个租户请求对应的每对量子密钥分发节点间完成量子密钥供应的前一个租户请求信息。Step 404 , query the information of the previous tenant request that completes quantum key supply between each pair of quantum key distribution nodes corresponding to each tenant request.

步骤405、查询每对QKD节点间完成为前一个租户请求供应量子密钥后实时剩余的量子密钥量。Step 405: Query the amount of quantum keys remaining in real time between each pair of QKD nodes after completing the request for supplying quantum keys for the previous tenant.

需说明的是,步骤401、402和403没有必然的顺序关系。It should be noted that steps 401 , 402 and 403 do not have a necessary sequence relationship.

图5是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应方法中步骤203的一示意性流程图。FIG. 5 is a schematic flowchart of step 203 in a method for supplying a multi-tenant quantum key in a quantum key distribution network according to an embodiment of the present invention.

在图5中包括:In Figure 5 include:

步骤501,计算每个租户请求对应的每对QKD节点间的需求量子密钥量KrStep 501: Calculate the required quantum key amount K r between each pair of QKD nodes corresponding to each tenant request.

根据每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对节点间的量子密钥需求,计算每个租户请求对应的每对QKD节点间的需求量子密钥量Kr(即需要供应的量子密钥量)。According to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of nodes in the node set requested by each tenant, calculate the quantum key amount K r required between each pair of QKD nodes corresponding to each tenant request (i.e. the amount of quantum keys that need to be provisioned).

步骤502,计算每对量子密钥分发节点间的理论量子密钥存储量Ks。Step 502: Calculate the theoretical quantum key storage amount Ks between each pair of quantum key distribution nodes.

根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,计算每个租户请求到达时,量子密钥分发网络中每对量子密钥分发节点间的理论量子密钥存储量Ks(即理论上的量子密钥存储量)。According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes , Between each pair of distribution nodes, the amount of quantum keys remaining after the previous tenant requests to supply quantum keys, calculate the theoretical quantum key between each pair of quantum key distribution nodes in the quantum key distribution network when each tenant's request arrives Storage amount Ks (that is, the theoretical quantum key storage amount).

步骤503,判断理论量子密钥存储量Ks是否大于量子密钥存储量阈值Kmax,若是,进入步骤504,若否,进入步骤505。Step 503 , determine whether the theoretical quantum key storage amount Ks is greater than the quantum key storage amount threshold K max , if yes, go to step 504 , if not, go to step 505 .

步骤504,确定每对量子密钥分发节点间实时可用的量子密钥量Kc等于量子密钥存储量阈值Kmax,进入步骤506。Step 504 , it is determined that the quantum key quantity Kc available in real time between each pair of quantum key distribution nodes is equal to the quantum key storage quantity threshold K max , and the process goes to step 506 .

步骤505,确定每对量子密钥分发节点间实时可用的量子密钥量Kc等于理论量子密钥存储量Ks,进入步骤506。Step 505 , it is determined that the quantum key amount Kc available in real time between each pair of quantum key distribution nodes is equal to the theoretical quantum key storage amount Ks, and the process goes to step 506 .

步骤506,判断每对量子密钥分发节点间实时可用的量子密钥量Kc是否大于或等于每对量子密钥分发节点间的需求量子密钥量Kr;若是,进入步骤507,若否,进入步骤508。Step 506, determine whether the quantum key amount Kc available in real time between each pair of quantum key distribution nodes is greater than or equal to the required quantum key amount K r between each pair of quantum key distribution nodes; if so, go to step 507, if not, Go to step 508 .

步骤507,利用首次命中方法从对应量子密钥分发节点中选择需求量子密钥量Kr供应给租户请求对应的节点,进入步骤509。Step 507 , use the first hit method to select the required quantum key amount K r from the corresponding quantum key distribution nodes to supply the node to which the tenant requests the corresponding node, and then go to step 509 .

其中,所说的首次命中方法,是指按照由前往后的顺序对可用资源进行编号,然后根据编号由小到大的顺序选择资源。首次命中是网络资源分配的常用方法,即每次分配网络资源时(如此处的密钥资源)根据编号顺序选择最前面(即编号最小)可用的资源进行分配。The first hit method refers to numbering the available resources in the order from front to back, and then selecting the resources according to the order of the numbers from small to large. The first hit is a common method of network resource allocation, that is, each time a network resource (such as the key resource here) is allocated, the first available resource (ie, the lowest number) is selected according to the number sequence for allocation.

步骤508、租户请求的量子密钥需求无法得到满足,对应租户将发生阻塞或等待,进入步骤509。Step 508 , if the quantum key requirement requested by the tenant cannot be satisfied, the corresponding tenant will be blocked or waited, and the process proceeds to step 509 .

步骤509,监控并更新量子密钥分发网络中每对量子密钥分发节点间实时剩余的量子密钥量。Step 509: Monitor and update the real-time remaining quantum key amount between each pair of quantum key distribution nodes in the quantum key distribution network.

该步骤在完成量子密钥供应后,监控并更新量子密钥分发网络中每对量子密钥分发节点间实时剩余的量子密钥量。需说明的是,在新的租户请求到达后,再按顺序重复执行图2中步骤202和203。In this step, after completing the quantum key supply, monitor and update the real-time remaining quantum key amount between each pair of quantum key distribution nodes in the quantum key distribution network. It should be noted that, after a new tenant request arrives, steps 202 and 203 in FIG. 2 are repeatedly executed in sequence.

需说明的是,步骤501和502没有必然的顺序关系。It should be noted that steps 501 and 502 do not have a necessary sequence relationship.

图6是根据本发明的一个实施例的量子密钥分发网络应用例示意图。FIG. 6 is a schematic diagram of an application example of a quantum key distribution network according to an embodiment of the present invention.

如图6所示,在动态多租户到达之前,获取底层QKD网络的拓扑信息,可获得底层6个QKD节点以及连接QKD节点的QKD链路信息;获取每对QKD节点间的量子密钥生成速率,如QKD节点

Figure BDA0001805130850000101
间的量子密钥生成速率为
Figure BDA0001805130850000102
QKD节点
Figure BDA0001805130850000103
间的量子密钥生成速率为
Figure BDA0001805130850000104
QKD节点
Figure BDA0001805130850000105
间的量子密钥生成速率为
Figure BDA0001805130850000106
获取每对QKD节点间的量子密钥存储量阈值Kmax,在本发明实施例中,每对QKD节点间的量子密钥存储量阈值相同;获取每对QKD节点间的量子密钥预留存储量Ka,在本发明实施例中每对QKD节点间的量子密钥预留存储量相同。As shown in Figure 6, before the arrival of dynamic multi-tenancy, obtain the topology information of the underlying QKD network, obtain the bottom 6 QKD nodes and the QKD link information connecting the QKD nodes; obtain the quantum key generation rate between each pair of QKD nodes , such as the QKD node
Figure BDA0001805130850000101
The quantum key generation rate between
Figure BDA0001805130850000102
QKD node
Figure BDA0001805130850000103
The quantum key generation rate between
Figure BDA0001805130850000104
QKD node
Figure BDA0001805130850000105
The quantum key generation rate between
Figure BDA0001805130850000106
Obtain the quantum key storage threshold K max between each pair of QKD nodes. In the embodiment of the present invention, the quantum key storage threshold between each pair of QKD nodes is the same; obtain the quantum key reserved storage between each pair of QKD nodes The quantum key reserved storage amount is the same between each pair of QKD nodes in the embodiment of the present invention.

在租户2请求到达之前,租户1请求已完成量子密钥供应。当租户2请求到达时,记录租户2请求的节点集合{A,B,C};记录租户2请求的到达时间ta2和持续时间th2;记录租户2请求的节点集合{A,B,C}中节点

Figure BDA0001805130850000107
的量子密钥速率需求为
Figure BDA0001805130850000108
节点
Figure BDA0001805130850000109
的量子密钥量需求为
Figure BDA00018051308500001010
节点
Figure BDA00018051308500001011
的量子密钥速率需求为
Figure BDA00018051308500001012
查询租户1请求的到达时间ta1;查询QKD节点
Figure BDA00018051308500001013
完成为租户1请求供应量子密钥后实时剩余的量子密钥量
Figure BDA0001805130850000111
QKD节点
Figure BDA0001805130850000112
完成为租户1请求供应量子密钥后实时剩余的量子密钥量
Figure BDA0001805130850000113
QKD节点
Figure BDA0001805130850000114
完成为租户1请求供应量子密钥后实时剩余的量子密钥量
Figure BDA0001805130850000115
计算租户2请求对应的QKD节点
Figure BDA0001805130850000116
间需求量子密钥量为
Figure BDA0001805130850000117
租户2请求对应的QKD节点
Figure BDA0001805130850000118
间需求量子密钥量为
Figure BDA0001805130850000119
租户2请求对应的QKD节点
Figure BDA00018051308500001110
间需求量子密钥量为
Figure BDA00018051308500001111
计算租户2请求对应的QKD节点
Figure BDA00018051308500001112
间理论量子密钥存储量
Figure BDA00018051308500001113
QKD节点
Figure BDA00018051308500001114
间理论量子密钥存储量
Figure BDA00018051308500001115
QKD节点
Figure BDA00018051308500001116
间理论量子密钥存储量
Figure BDA00018051308500001117
其中,
Figure BDA00018051308500001118
Figure BDA00018051308500001119
均小于Kmax,则QKD节点
Figure BDA00018051308500001120
间实时可用的量子密钥量
Figure BDA00018051308500001121
QKD节点
Figure BDA00018051308500001122
间实时可用的量子密钥量
Figure BDA00018051308500001123
QKD节点
Figure BDA00018051308500001124
间实时可用的量子密钥量
Figure BDA00018051308500001125
其中,
Figure BDA00018051308500001126
Figure BDA00018051308500001127
分别对应小于
Figure BDA00018051308500001128
利用首次命中方法从对应的QKD节点中选择量子密钥量
Figure BDA00018051308500001129
供应给租户2请求对应的节点。最后,完成租户2请求的量子密钥供应,监控并更新底层QKD网络中每对QKD节点间实时剩余的量子密钥量。Tenant 1 requests that quantum key provisioning has completed before tenant 2's request arrives. When the tenant 2 request arrives, record the node set {A, B, C} requested by the tenant 2; record the arrival time t a2 and the duration t h2 requested by the tenant 2; record the node set {A, B, C requested by the tenant 2 } middle node
Figure BDA0001805130850000107
The quantum key rate requirement for
Figure BDA0001805130850000108
node
Figure BDA0001805130850000109
The quantum key requirement for
Figure BDA00018051308500001010
node
Figure BDA00018051308500001011
The quantum key rate requirement for
Figure BDA00018051308500001012
Query the arrival time t a1 requested by tenant 1; query the QKD node
Figure BDA00018051308500001013
The amount of quantum keys remaining in real time after completing the request for provisioning quantum keys for Tenant 1
Figure BDA0001805130850000111
QKD node
Figure BDA0001805130850000112
The amount of quantum keys remaining in real time after completing the request for provisioning quantum keys for Tenant 1
Figure BDA0001805130850000113
QKD node
Figure BDA0001805130850000114
The amount of quantum keys remaining in real time after completing the request for provisioning quantum keys for Tenant 1
Figure BDA0001805130850000115
Calculate the QKD node corresponding to the request of tenant 2
Figure BDA0001805130850000116
The required quantum key size is
Figure BDA0001805130850000117
Tenant 2 requests the corresponding QKD node
Figure BDA0001805130850000118
The required quantum key size is
Figure BDA0001805130850000119
Tenant 2 requests the corresponding QKD node
Figure BDA00018051308500001110
The required quantum key size is
Figure BDA00018051308500001111
Calculate the QKD node corresponding to the request of tenant 2
Figure BDA00018051308500001112
Inter-theoretical quantum key storage
Figure BDA00018051308500001113
QKD node
Figure BDA00018051308500001114
Inter-theoretical quantum key storage
Figure BDA00018051308500001115
QKD node
Figure BDA00018051308500001116
Inter-theoretical quantum key storage
Figure BDA00018051308500001117
in,
Figure BDA00018051308500001118
Figure BDA00018051308500001119
are less than K max , then the QKD node
Figure BDA00018051308500001120
amount of quantum keys available in real time
Figure BDA00018051308500001121
QKD node
Figure BDA00018051308500001122
amount of quantum keys available in real time
Figure BDA00018051308500001123
QKD node
Figure BDA00018051308500001124
amount of quantum keys available in real time
Figure BDA00018051308500001125
in,
Figure BDA00018051308500001126
Figure BDA00018051308500001127
corresponding to less than
Figure BDA00018051308500001128
Select the quantum key amount from the corresponding QKD nodes using the first hit method
Figure BDA00018051308500001129
Supply to the node corresponding to the tenant 2 request. Finally, complete the quantum key supply requested by tenant 2, monitor and update the real-time remaining quantum key amount between each pair of QKD nodes in the underlying QKD network.

上述详细介绍了本发明的一种量子密钥分发网络中多租户量子密钥供应方法,以下介绍本发明对应的一种量子密钥分发网络中多租户量子密钥供应装置。The above describes in detail a multi-tenant quantum key supply method in a quantum key distribution network of the present invention, and the following introduces a multi-tenant quantum key supply device in a quantum key distribution network corresponding to the present invention.

图7是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应装置的示意性方框图。Fig. 7 is a schematic block diagram of a multi-tenant quantum key supply apparatus in a quantum key distribution network according to an embodiment of the present invention.

参照图7,在多租户量子密钥供应装置70中,包括:网络信息获取模块71、租户记录和查询模块72和量子密钥供应模块73。Referring to FIG. 7 , the multi-tenant quantum key supply device 70 includes: a network information acquisition module 71 , a tenant record and query module 72 and a quantum key supply module 73 .

网络信息获取模块71,用于获取量子密钥分发网络的参数信息。The network information acquisition module 71 is used for acquiring parameter information of the quantum key distribution network.

其中,获取量子密钥分发网络的参数信息包括获取量子密钥分发网络的拓扑信息;获取每对分发节点间的量子密钥生成速率、量子密钥存储量阈值、量子密钥预留存储量等。Wherein, obtaining the parameter information of the quantum key distribution network includes obtaining the topology information of the quantum key distribution network; obtaining the quantum key generation rate, quantum key storage threshold, quantum key reserved storage capacity, etc. between each pair of distribution nodes .

租户记录和查询模块72,用于在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息。The tenant recording and query module 72 is configured to, after receiving multiple tenant requests, record the parameter information of each tenant request and query the quantum key information associated with the tenant request.

其中所述记录每个租户请求的参数信息,包括:记录每个租户请求的节点集合、每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求;其中所述查询与所述租户请求关联的量子密钥信息,包括:查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。The recording of the parameter information requested by each tenant includes: recording the node set requested by each tenant, the arrival time and duration of each tenant request, and the quantum secret between each pair of distribution nodes in the node set requested by each tenant. key requirements; wherein the querying quantum key information associated with the tenant request includes: querying the previous tenant request information for quantum key supply between each pair of distribution nodes, and requesting supply for the previous tenant between each pair of distribution nodes Amount of quantum key remaining after quantum key.

量子密钥供应模块73,用于根据所述网络信息获取模块71获取的量子密钥分发网络的参数信息、所述租户记录和查询模块72所记录的每个租户请求的参数信息和查询的与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。The quantum key supply module 73 is used to obtain the parameter information of the quantum key distribution network obtained by the network information obtaining module 71, the parameter information requested by each tenant recorded by the tenant record and query module 72, and the query and the combination. The tenant requests associated quantum key information to determine the quantum key provided for each tenant.

其中,可以根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;Wherein, the requirement between each pair of distribution nodes corresponding to each tenant request can be determined according to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant quantum key amount;

根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes . The amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and determines the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request;

根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;According to the comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes;

根据所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。According to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, the quantum key provided for each tenant is determined.

图8是根据本发明的一个实施例的一种量子密钥分发网络中多租户量子密钥供应装置的另一示意性方框图。Fig. 8 is another schematic block diagram of a multi-tenant quantum key supply apparatus in a quantum key distribution network according to an embodiment of the present invention.

参照图8,在多租户量子密钥供应装置80中,包括:网络信息获取模块71、租户记录和查询模块72、量子密钥供应模块73、控制模块74。8 , the multi-tenant quantum key supply device 80 includes: a network information acquisition module 71 , a tenant record and query module 72 , a quantum key supply module 73 , and a control module 74 .

其中,控制模块74,用于负责控制整个装置的工作,网络信息获取模块71、租户记录和查询模块72、量子密钥供应模块73分别在控制模块74的控制下执行不同操作。The control module 74 is responsible for controlling the work of the entire device. The network information acquisition module 71 , the tenant recording and query module 72 , and the quantum key supply module 73 perform different operations under the control of the control module 74 .

其中,所述网络信息获取模块71包括:拓扑信息获取模块711、速率信息获取模块712、存储信息获取模块713、预留信息获取模块714。The network information acquisition module 71 includes: a topology information acquisition module 711 , a rate information acquisition module 712 , a storage information acquisition module 713 , and a reservation information acquisition module 714 .

拓扑信息获取模块711,用于获取量子密钥分发网络的拓扑信息。The topology information acquisition module 711 is configured to acquire topology information of the quantum key distribution network.

速率信息获取模块712,用于获取每对分发节点间的量子密钥生成速率。The rate information acquisition module 712 is configured to acquire the quantum key generation rate between each pair of distribution nodes.

存储信息获取模块713,用于获取每对分发节点间的量子密钥存储量阈值。The storage information obtaining module 713 is configured to obtain the quantum key storage threshold value between each pair of distribution nodes.

预留信息获取模块714,用于获取每对分发节点间的量子密钥预留存储量。The reservation information acquisition module 714 is configured to acquire the quantum key reserved storage amount between each pair of distribution nodes.

其中,所述租户记录和查询模块72包括:节点记录模块721、时间记录模块722、需求记录模块723、查询模块724、信息存储模块725。The tenant recording and querying module 72 includes: a node recording module 721 , a time recording module 722 , a demand recording module 723 , a querying module 724 , and an information storage module 725 .

节点记录模块721,用于记录录每个租户请求的具有高安全需求的节点集合。The node recording module 721 is configured to record the set of nodes with high security requirements requested by each tenant.

时间记录模块722,用于记录每个租户请求的到达时间和持续时间。The time recording module 722 is used to record the arrival time and duration of each tenant request.

需求记录模块723,用于记录每个租户请求的节点集合中每对分发节点间的量子密钥需求。The demand recording module 723 is configured to record the quantum key demand between each pair of distribution nodes in the node set requested by each tenant.

查询模块724,用于查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。The query module 724 is configured to query the information of the previous tenant's request for quantum key supply between each pair of distribution nodes, and the quantum key amount remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant.

信息存储模块725,用于存储每个租户请求的详细信息及状态。The information storage module 725 is used to store detailed information and status of each tenant request.

其中,所述量子密钥供应模块73包括:计算模块731、判断模块732、决策模块733、执行模块734、监控模块735。The quantum key supply module 73 includes: a calculation module 731 , a judgment module 732 , a decision module 733 , an execution module 734 , and a monitoring module 735 .

计算模块731,用于根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量。The calculation module 731 is configured to determine each pair of distribution nodes corresponding to each tenant request according to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant According to the quantum key generation rate between each pair of distribution nodes, the quantum key reserved storage, the arrival time and duration of each tenant’s request, and the quantum encryption completed between each pair of distribution nodes The previous tenant's request information for key supply, the quantum key amount remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request is determined .

判断模块732,用于判断理论量子密钥存储量是否大于所述量子密钥存储量阈值,判断每对分发节点间可用的量子密钥量是否大于或等于每对分发节点间的需求量子密钥量。The judgment module 732 is used for judging whether the theoretical quantum key storage amount is greater than the quantum key storage amount threshold, and judging whether the quantum key amount available between each pair of distribution nodes is greater than or equal to the required quantum key between each pair of distribution nodes quantity.

决策模块733,用于根据所述判断模块732中所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量,以及确定租户请求的量子密钥需求是否可以得到满足。The decision module 733 is used to determine the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module 732, and determine the tenant Whether the requested quantum key requirement can be met.

执行模块734,用于根据所述决策模块733中确定的每对分发节点间可用的量子密钥量,及所述判断模块732中所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥;也即执行首次命中方法从对应QKD节点中选择量子密钥量供应给租户请求对应的节点。The execution module 734 is used to determine the quantum key amount available between each pair of distribution nodes according to the decision module 733, and the quantum key amount available between each pair of distribution nodes in the judgment module 732 and each pair. The results of the comparison of the required quantum keys among the distribution nodes determine the quantum keys supplied for each tenant; that is, the first hit method is performed to select the quantum keys from the corresponding QKD nodes and supply them to the nodes corresponding to the tenant's request.

监控模块735,用于监控并更新量子密钥分发网络中每对分发节点间实时剩余的量子密钥量。The monitoring module 735 is configured to monitor and update the real-time remaining quantum key amount between each pair of distribution nodes in the quantum key distribution network.

综上所述,本发明实施例的技术方案,可以获取量子密钥分发网络的参数信息,在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息,然后根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。因此,本发明方案可以自动根据相关参数信息计算出为每个租户供应的量子密钥,在参数信息发生变化时也可以自动调整为每个租户供应的量子密钥,就无需再采用人工方法逐个完成多租户的量子密钥供应与配置,从而实现QKD网络供应的量子密钥与动态多租户需求的量子密钥的高效供需匹配,提升了量子密钥分发网络中多租户量子密钥的配置灵活性和量子密钥的供应效率。To sum up, the technical solutions of the embodiments of the present invention can obtain parameter information of the quantum key distribution network, and after receiving multiple tenant requests, record the parameter information requested by each tenant and query the information associated with the tenant request. quantum key information, and then determine the quantum key provided for each tenant according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request. Therefore, the solution of the present invention can automatically calculate the quantum key provided for each tenant according to the relevant parameter information, and can also automatically adjust the quantum key provided for each tenant when the parameter information changes, so there is no need to use manual methods one by one. Complete the multi-tenant quantum key supply and configuration, so as to realize the efficient supply and demand matching between the quantum keys supplied by the QKD network and the quantum keys required by dynamic multi-tenancy, and improve the flexible configuration of multi-tenant quantum keys in the quantum key distribution network. security and supply efficiency of quantum keys.

上文中已经参考附图详细描述了根据本发明的技术方案。The technical solution according to the present invention has been described in detail above with reference to the accompanying drawings.

本领域技术人员还将明白的是,结合这里的公开所描述的各种示例性逻辑块、模块、电路和算法步骤可以被实现为电子硬件、计算机软件或两者的组合。Those skilled in the art will also appreciate that the various exemplary logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.

所属领域的普通技术人员应当理解:以上所述仅为本发明的具体实施例而已,并不用于限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Those of ordinary skill in the art should understand: the above are only specific embodiments of the present invention, and are not intended to limit the present invention. Any modification, equivalent replacement, improvement made within the spirit and principle of the present invention etc., should be included within the protection scope of the present invention.

Claims (8)

1.一种多租户量子密钥供应方法,其特征在于,包括:1. a multi-tenant quantum key supply method, is characterized in that, comprises: 获取量子密钥分发网络的参数信息,包括:获取量子密钥分发网络的拓扑信息;Obtain the parameter information of the quantum key distribution network, including: obtaining the topology information of the quantum key distribution network; 获取每对分发节点间的量子密钥生成速率、量子密钥存储量阈值、量子密钥预留存储量;Obtain the quantum key generation rate, quantum key storage threshold, and quantum key reserved storage between each pair of distribution nodes; 在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息,所述记录每个租户请求的参数信息,包括:After receiving multiple tenant requests, record parameter information requested by each tenant and query quantum key information associated with the tenant request, and the recording parameter information requested by each tenant includes: 记录每个租户请求的节点集合、每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求;Record the node set requested by each tenant, the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant; 所述查询与所述租户请求关联的量子密钥信息,包括:The querying quantum key information associated with the tenant request includes: 查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量;Query the information of the previous tenant's request for quantum key supply between each pair of distribution nodes, and the amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant; 根据所述量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥。The quantum key provided for each tenant is determined according to the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the tenant request. 2.根据权利要求1所述的方法,其特征在于,所述根据量子密钥分发网络的参数信息、每个租户请求的参数信息和与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥,包括:2. The method according to claim 1, wherein the parameter information of the quantum key distribution network, the parameter information requested by each tenant, and the quantum key information associated with the request of the tenant are determined as each Tenant-supplied quantum keys, including: 根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;According to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant, determine the required quantum key between each pair of distribution nodes corresponding to each tenant request quantity; 根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes . The amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and determines the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request; 根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;According to the comparison result between the theoretical quantum key storage amount and the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes; 根据所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。According to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, the quantum key provided for each tenant is determined. 3.根据权利要求2所述的方法,其特征在于,所述根据所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量,包括:3. The method according to claim 2, wherein the quantum key available between each pair of distribution nodes is determined according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold amount, including: 当所述理论量子密钥存储量大于量子密钥存储量阈值时,确定每对分发节点间可用的量子密钥量选取量子密钥存储量阈值;When the theoretical quantum key storage volume is greater than the quantum key storage volume threshold, determine the quantum key storage volume threshold available between each pair of distribution nodes and select the quantum key storage volume threshold; 当所述理论量子密钥存储量小于或等于量子密钥存储量阈值时,确定每对分发节点间可用的量子密钥量选取理论量子密钥存储量。When the theoretical quantum key storage amount is less than or equal to the quantum key storage amount threshold, determine the quantum key amount available between each pair of distribution nodes and select the theoretical quantum key storage amount. 4.根据权利要求3所述的方法,其特征在于,所述根据每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥,包括:4. The method according to claim 3, wherein, according to the comparison result of the quantum key amount available between each pair of distribution nodes and the required quantum key amount between each pair of distribution nodes, it is determined as each tenant. Supplied quantum keys, including: 当所述每对分发节点间可用的量子密钥量大于或等于每对分发节点间的需求量子密钥量时,从对应分发节点中选取所述需求量子密钥量,供应给租户请求对应的节点。When the amount of quantum keys available between each pair of distribution nodes is greater than or equal to the required amount of quantum keys between each pair of distribution nodes, the required amount of quantum keys is selected from the corresponding distribution nodes, and supplied to the tenant to request the corresponding amount of quantum keys node. 5.根据权利要求4所述的方法,其特征在于,所述方法还包括:5. The method according to claim 4, wherein the method further comprises: 监控并更新量子密钥分发网络中每对分发节点间实时剩余的量子密钥量。Monitor and update the real-time remaining quantum key amount between each pair of distribution nodes in the quantum key distribution network. 6.一种多租户量子密钥供应装置,其特征在于,包括:6. A multi-tenant quantum key supply device, comprising: 网络信息获取模块,用于获取量子密钥分发网络的参数信息;The network information acquisition module is used to acquire the parameter information of the quantum key distribution network; 租户记录和查询模块,用于在接收到多个租户请求后,记录每个租户请求的参数信息和查询与所述租户请求关联的量子密钥信息;A tenant recording and query module, configured to record the parameter information of each tenant request and query the quantum key information associated with the tenant request after receiving multiple tenant requests; 量子密钥供应模块,用于根据所述网络信息获取模块获取的量子密钥分发网络的参数信息、所述租户记录和查询模块所记录的每个租户请求的参数信息和查询的与所述租户请求关联的量子密钥信息,确定为每个租户供应的量子密钥;The quantum key supply module is used for the parameter information of the quantum key distribution network obtained by the network information obtaining module, the parameter information requested by each tenant recorded by the tenant record and the query module, and the queried relationship with the tenant. Request the associated quantum key information to determine the quantum key provided for each tenant; 所述网络信息获取模块包括:The network information acquisition module includes: 拓扑信息获取模块,用于获取量子密钥分发网络的拓扑信息;The topology information acquisition module is used to acquire the topology information of the quantum key distribution network; 速率信息获取模块,用于获取每对分发节点间的量子密钥生成速率;The rate information acquisition module is used to acquire the quantum key generation rate between each pair of distribution nodes; 存储信息获取模块,用于获取每对分发节点间的量子密钥存储量阈值;The storage information acquisition module is used to acquire the quantum key storage threshold between each pair of distribution nodes; 预留信息获取模块,用于获取每对分发节点间的量子密钥预留存储量;The reserved information acquisition module is used to acquire the quantum key reserved storage capacity between each pair of distribution nodes; 所述租户记录和查询模块包括:The tenant record and query module includes: 节点记录模块,用于记录每个租户请求的节点集合;The node record module is used to record the node set requested by each tenant; 时间记录模块,用于记录每个租户请求的到达时间和持续时间;Time recording module to record the arrival time and duration of each tenant request; 需求记录模块,用于记录每个租户请求的节点集合中每对分发节点间的量子密钥需求;The demand recording module is used to record the quantum key demand between each pair of distribution nodes in the node set requested by each tenant; 查询模块,用于查询每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量。The query module is used to query the information of the previous tenant's request for quantum key supply between each pair of distribution nodes, and the quantum key amount remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant. 7.根据权利要求6所述的装置,其特征在于,所述量子密钥供应模块包括:7. The device according to claim 6, wherein the quantum key supply module comprises: 计算模块,用于根据所述每个租户请求的到达时间和持续时间、每个租户请求的节点集合中每对分发节点间的量子密钥需求,确定每个租户请求对应的每对分发节点间的需求量子密钥量;A computing module, configured to determine the interval between each pair of distribution nodes corresponding to each tenant request according to the arrival time and duration of each tenant request, and the quantum key requirement between each pair of distribution nodes in the node set requested by each tenant The required quantum key amount; 根据所述每对分发节点间的量子密钥生成速率、量子密钥预留存储量、每个租户请求的到达时间和持续时间、每对分发节点间完成量子密钥供应的前一个租户请求信息、每对分发节点间为前一个租户请求供应量子密钥后剩余的量子密钥量,确定每个租户请求对应的每对分发节点间的理论量子密钥存储量;According to the quantum key generation rate between each pair of distribution nodes, the reserved storage capacity of quantum keys, the arrival time and duration of each tenant's request, and the information of the previous tenant's request for quantum key supply between each pair of distribution nodes . The amount of quantum keys remaining after each pair of distribution nodes requests the supply of quantum keys for the previous tenant, and determines the theoretical quantum key storage capacity between each pair of distribution nodes corresponding to each tenant's request; 判断模块,用于判断理论量子密钥存储量是否大于所述量子密钥存储量阈值,判断每对分发节点间可用的量子密钥量是否大于或等于每对分发节点间的需求量子密钥量;The judgment module is used for judging whether the theoretical quantum key storage amount is greater than the quantum key storage amount threshold, and judging whether the quantum key amount available between each pair of distribution nodes is greater than or equal to the required quantum key amount between each pair of distribution nodes ; 决策模块,用于根据所述判断模块中所述理论量子密钥存储量与所述量子密钥存储量阈值的比较结果,确定每对分发节点间可用的量子密钥量;a decision module, configured to determine the quantum key amount available between each pair of distribution nodes according to the comparison result of the theoretical quantum key storage amount and the quantum key storage amount threshold in the judgment module; 执行模块,用于根据所述决策模块中确定的每对分发节点间可用的量子密钥量,及所述判断模块中所述每对分发节点间可用的量子密钥量与每对分发节点间的需求量子密钥量的比较结果,确定为每个租户供应的量子密钥。The execution module is configured to determine the amount of quantum keys available between each pair of distribution nodes in the decision module, and the amount of quantum keys available between each pair of distribution nodes in the judgment module and the amount of quantum keys available between each pair of distribution nodes. The results of the comparison of the required quantum keys amount to determine the quantum keys supplied for each tenant. 8.根据权利要求6所述的装置,其特征在于,所述量子密钥供应模块还包括:监控模块,用于监控并更新量子密钥分发网络中每对分发节点间实时剩余的量子密钥量。8. The device according to claim 6, wherein the quantum key supply module further comprises: a monitoring module for monitoring and updating the real-time remaining quantum key between each pair of distribution nodes in the quantum key distribution network quantity.
CN201811094174.3A 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device Active CN109005034B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811094174.3A CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811094174.3A CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Publications (2)

Publication Number Publication Date
CN109005034A CN109005034A (en) 2018-12-14
CN109005034B true CN109005034B (en) 2020-10-02

Family

ID=64592389

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811094174.3A Active CN109005034B (en) 2018-09-19 2018-09-19 Multi-tenant quantum key supply method and device

Country Status (1)

Country Link
CN (1) CN109005034B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224815B (en) * 2019-05-08 2021-02-09 北京邮电大学 QKD network resource allocation method and system
CN118353623B (en) * 2024-04-23 2025-02-11 奇瑞汽车股份有限公司 Quantum key injection system, method and computing device
CN119155042B (en) * 2024-11-13 2025-02-07 易迅通科技有限公司 Flow charging information signature verification method and system based on quantum digital signature

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599826A (en) * 2009-07-10 2009-12-09 陕西理工学院 Scalable multi-user quantum key distribution network system and its key distribution method
CN106850204A (en) * 2017-02-27 2017-06-13 北京邮电大学 Quantum key distribution method and system
CN106961327A (en) * 2017-02-27 2017-07-18 北京邮电大学 Key management system and method based on quantum key pond
CN107302429A (en) * 2017-06-27 2017-10-27 浙江科易理想量子信息技术有限公司 A kind of network-building method for improving key generating rate
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108462573A (en) * 2018-02-09 2018-08-28 中国电子科技集团公司第三十研究所 A kind of flexible quantum safety moving communication means

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599826A (en) * 2009-07-10 2009-12-09 陕西理工学院 Scalable multi-user quantum key distribution network system and its key distribution method
CN106850204A (en) * 2017-02-27 2017-06-13 北京邮电大学 Quantum key distribution method and system
CN106961327A (en) * 2017-02-27 2017-07-18 北京邮电大学 Key management system and method based on quantum key pond
CN107302429A (en) * 2017-06-27 2017-10-27 浙江科易理想量子信息技术有限公司 A kind of network-building method for improving key generating rate
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108462573A (en) * 2018-02-09 2018-08-28 中国电子科技集团公司第三十研究所 A kind of flexible quantum safety moving communication means

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Resource Allocation in Optical Networks Secured by Quantum Key Distribution";Yongli Zhao等;《IEEE》;20180814;第130-137页 *
"基于量子密钥分发的可信光网络体系架构";曹原等;《信息通信技术》;20161215;第48-54页 *

Also Published As

Publication number Publication date
CN109005034A (en) 2018-12-14

Similar Documents

Publication Publication Date Title
CN101252506B (en) Data transmission system
US20240013212A1 (en) Transferring cryptocurrency from a remote limited access wallet
WO2018082345A1 (en) Quantum key relay method and device based on centralized management and control network
US8478996B2 (en) Secure Kerberized access of encrypted file system
CN112865964A (en) Quantum key distribution method, equipment and storage medium
US11683324B2 (en) Verification of in-situ network telemetry data in a packet-switched network
CN113824563A (en) Cross-domain identity authentication method based on block chain certificate
WO2023000502A1 (en) Method, apparatus and device for encrypting and decrypting disk data of virtual machine, and storage medium
CN106961327A (en) Key management system and method based on quantum key pond
CN109005034B (en) Multi-tenant quantum key supply method and device
CN108696358A (en) Management method, device, readable storage medium storing program for executing and the service terminal of digital certificate
CN107659400B (en) Quantum secret communication method and device based on identification recognition
CN113259456A (en) Cross-chain interaction method and device
US12113895B2 (en) Key management system providing secure management of cryptographic keys, and methods of operating the same
CN109474430A (en) A kind of cluster key generation method, device and its storage medium
CN107302428B (en) A Negotiation Method of Cryptographic Algorithm for Data Transmission Service in Distribution Network
US11032321B2 (en) Secure performance monitoring of remote application servers
CN110138552A (en) Multi-user quantum key Supply Method and device
CN114944960B (en) A password application method, device, equipment and storage medium
CN113098982A (en) Block chain message transmission method and device
CN112118245A (en) Key management method, system and device
CN115913621A (en) Database encryption method, terminal and system suitable for cloud environment
CN113259453A (en) Cross-chain interaction method and device
CN113259454B (en) Cross-chain interaction method and device
CN115150149B (en) Method for managing various digital certificates through electronic mailbox based on blockchain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant