Key transport in quantum cryptographic networks

US 20040120528A1
Filed: 12/20/2002
Published: 06/24/2004
Est. Priority Date: 12/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a key using a plurality of nodes, wherein each node is coupled to a first network and a second network, and wherein nodes that neighbor each other in the second network establish respective keys, said method comprising:

determining a sequence of bits at a first node;

communicating the sequence of bits through the first network to a second node along at least one path traversing a set of the plurality of nodes based on the respective keys established for the nodes in the set; and

determining a key that is shared between the first node and the second node based on the sequence of bits.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and systems are provided for distributing a key between nodes. The nodes are provided separate links for carrying messages versus keying information or material. The links for carrying messages couple the nodes to a messaging network, such as the Internet. In addition, the nodes are coupled together in a key distribution network by specialized links for carrying keying information or material. The links for keying information or material are configured to ensure the security of the keying information or material. The nodes that neighbor each other in the key distribution network establish respective pairwise keys. Once the pairwise keys are established, a set of non-neighboring nodes establish a shared key by communicating a sequence of bits through the messaging network. In order to ensure the security of the sequence of bits, the sequence of bits is encrypted based on the respective pairwise keys of neighboring nodes as it is forwarded in messages through the messaging network.

79 Citations

View as Search Results

24 Claims

1. A method for establishing a key using a plurality of nodes, wherein each node is coupled to a first network and a second network, and wherein nodes that neighbor each other in the second network establish respective keys, said method comprising:
- determining a sequence of bits at a first node;
  
  communicating the sequence of bits through the first network to a second node along at least one path traversing a set of the plurality of nodes based on the respective keys established for the nodes in the set; and
  
  determining a key that is shared between the first node and the second node based on the sequence of bits.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein determining the sequence of bits at the first node comprises determining a random sequence of bits.
  - 3. The method of claim 1, wherein communicating the sequence of bits through the first network, comprises:
    - identifying a first respective key established between the first node and a third node along the at least one path that neighbors the first node;
      
      combining the sequence of bits with at least a portion of the first respective key; and
      
      sending the result from the first node to the third node.
  - 4. The method of claim 3, wherein communicating the sequence of bits through the first network, comprises:
    - identifying the sequence of bits at the third node based on the first respective key;
      
      determining a next node that neighbors the third node along the at least one path;
      
      identifying a second respective key established between the third node and the next node;
      
      combining the sequence of bits with at least a portion of the second respective key to form a second result; and
      
      sending the second result to the next node through the first network.
  - 5. The method of claim 1, wherein communicating the sequence of bits through the first network, comprises:
    - receiving a message from a third node along the at least one path that neighbors the second node;
      
      identifying a respective key established between the third node and the second node; and
      
      identifying the sequence of bits in the message based on the respective key.
  - 6. The method of claim 5, wherein determining the key that is shared between the first node and the second node, comprises:
    - selecting at least a portion of the sequence of bits;
      
      determining the key that is shared between the first node and the second node based on the selected portion; and
      
      sending information indicating the selected portion from the second node to the first node through the first network.
  - 7. The method of claim 1, wherein communicating the sequence of bits through the first network, comprises:
    - dividing the sequence of bits into portions; and
      
      communicating the portions through the first network along different paths through the set of nodes.
  - 8. The method of claim 7, wherein communicating the portions through the first network along different paths comprises communicating the portions along disjoint paths through the set of nodes.
  - 9. The method of claim 7, wherein communicating the portions through the first network along different paths comprises communicating the portions along different paths that traverse at least one node that is common to at least some of the different paths.
  - 10. The method of claim 1, wherein communicating the sequence of bits through the first network, comprises:
    - determining an event along the at least one path based on information exchanged between the set of nodes through the second network;
      
      determining at least one additional path that circumvents the event;
      
      communicating the sequence of bits through the first network along the at least one additional path.

11. A system for establishing a key using a plurality of nodes, wherein each node is coupled to a first network and a second network, and wherein nodes that neighbor each other in the second network establish respective keys, said system comprising:
- means for determining a sequence of bits at a first node;
  
  means for communicating the sequence of bits through the first network to a second node along at least one path traversing a set of the plurality of nodes based on the respective keys established for the nodes in the set; and
  
  means for determining a key that is shared between the first node and the second node based on the sequence of bits.

12. A node, comprising:
- a first interface coupled to a first network;
  
  a second interface coupled to at least one additional node; and
  
  a processor configured to determine a first key that is shared with the at least one additional node based on information exchanged through the second interface, determine a sequence of bits, determine a result based on combining the sequence of bits with at least a portion of the first key, send the result in a message to the additional node through the first network via the first interface, and determine a second key that is shared with a second node based on the sequence of bits.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The node of claim 12, wherein the first interface is coupled to a first network that is public.
  - 14. The node of claim 13, wherein the second interface is coupled to a link that substantially maintains a quantum state of photons in light information conveyed between the at least one additional node and the first node.
  - 15. The node of claim 14, wherein the processor is configured to determine the first key based on the quantum of the photons in the light information conveyed between the additional node and the first node.
  - 16. The node of claim 12, further comprising:
    - a third interface coupled to a device.
  - 17. The node of claim 12, further comprising:
    - a third interface coupled to at least one additional network.
  - 18. The node of claim 12, wherein the processor is configured to receive information destined for the second node, encrypt the information based on the second key, and send the encrypted information through the first network to the second node.

19. A node, comprising:
- a first interface coupled to a first network;
  
  a second interface coupled to a first neighboring node;
  
  a third interface coupled to a second neighboring node; and
  
  a processor configured to establish respective keys shared with the first neighboring node and second neighboring node, receive a first message that is routed from the first neighboring node through the first network, identify a sequence of bits in the first message based on the respective key shared with the first neighboring node, identify whether the sequence of bits is to be used for a key shared between a set of other nodes coupled to the first network, determine a result based on combining the sequence of bits with at least a portion of the respective key shared with the second neighboring node, and forward the result in a second message that is routed through the first network to the second neighboring node.
- View Dependent Claims (20)
- - 20. The node of claim 19, wherein the processor is configured to establish the respective key shared with the first neighboring node based on light information conveyed between the first neighboring node and the node through the second interface.

21. A system for distributing a sequence of bits to be used as a key that is shared between a first node and a second node, comprising:
- a first network for exchanging messages;
  
  a second network for exchanging keys; and
  
  a set of nodes coupled to the first network and the second network, wherein nodes that neighbor each other in the second network establish respective keys and wherein the nodes are configured to communicate the sequence of bits from the first node to the second node through the first network based on the respective keys established through the second network.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein the sequence of bits are communicated along at least one path traversing the set of nodes.
  - 23. The system of claim 22, wherein the at least one path comprises disjoint paths traversing through the set of nodes.
  - 24. The system of claim 22, wherein the at least one path comprises different paths that traverse at least one common node in the set of nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
BBN Technologies (Rtx Corporation)
Inventors
Pearson, David Spencer, Elliott, Brig Barnum

Granted Patent

US 7,236,597 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/164   at the network layer

H04L 9/0852   Quantum cryptography transm...

Key transport in quantum cryptographic networks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Key transport in quantum cryptographic networks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links