Simple untrusted network for quantum cryptography

US 7,430,295 B1
Filed: 03/09/2004
Issued: 09/30/2008
Est. Priority Date: 03/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method for distributing quantum cryptographic keys among a plurality of user devices through a switch connected to the plurality of user devices, the method comprising:

establishing a connection between two of the user devices by the switch;

establishing a Quantum Key Distribution session between the two user devices to facilitate sharing of secret key material between the two user devices; and

repeating the establishing a connection and the establishing a Quantum Key Distribution session for different pairs of the user devices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for distributing quantum cryptographic keys among a group of user devices through a switch connected to the user devices are provided. A switch [1000] establishes a connection between two user devices [405a, 405b] according to a schedule. A Quantum Key Distribution (QKD) session is established between the two user devices [405a, 405b] to facilitate sharing of secret key material between the two user devices. Connections and QKD sessions may be established for different pairs of the user devices.

159 Citations

54 Claims

1. A method for distributing quantum cryptographic keys among a plurality of user devices through a switch connected to the plurality of user devices, the method comprising:
- establishing a connection between two of the user devices by the switch;
  
  establishing a Quantum Key Distribution session between the two user devices to facilitate sharing of secret key material between the two user devices; and
  
  repeating the establishing a connection and the establishing a Quantum Key Distribution session for different pairs of the user devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein:
    - the repeating repeats for different ones of the pairs of the user devices before repeating for previously connected ones of the pairs of the user devices.
  - 3. The method of claim 2, wherein the connections between each of the pairs of user devices has a same time duration.
  - 4. The method of claim 1, wherein at least some of the connections between the pairs of the user devices are longer than at least some others of the connections.
  - 5. The method of claim 1, wherein the repeating occurs more frequently for at least some of the pairs of the user devices.
  - 6. The method of claim 1, wherein the establishing the connection occurs simultaneously among a plurality of the pairs of user devices.
  - 7. The method of claim 1, wherein at least some of the user devices are quantum cryptographic transmitter nodes.
  - 8. The method of claim 7, further comprising by at least one of the quantum transmitter nodes:
    - creating and transmitting a frame;
      
      exchanging Quantum Key Distribution protocols with the connected user device;
      
      receiving a notification from a new connected one of the user devices and initiating or resuming a QKD session with that new device.
  - 9. The method of claim 8, further comprising using a shared secret database for the new connected user device, the shared secret database including shared secret information regarding the two connected ones of the user devices.
  - 10. The method of claim 7, wherein at least some of the user devices are quantum cryptographic receiver nodes.
  - 11. The method of claim 7, wherein at least some of the user devices include a modulating retroreflector.
  - 12. The method of claim 11, wherein the modulating retroreflector includes a Faraday mirror.
  - 13. The method of claim 1, wherein at least some of the user devices are configured to perform a method comprising:
    - receiving a frame;
      
      determining whether the frame is properly formatted;
      
      when the frame is properly formatted, performing;
      
      determining whether the frame is from a same one of the user devices as a preceding one of the frames and performing normal Quantum Key Distribution operations when the frame is determined to be from the same one of the user devices;
      
      when the frame is determined to be from a different one of the user devices than the preceding one of the frames, performing;
      
      determining an identity of the different one of the user devices; and
      
      exchanging Quantum Key Distribution protocols with the different one of the user devices via a public channel.
  - 14. The method of claim 13, wherein the at least some of the user devices use a shared secret key database for the different one of the user devices, the shared secret database including shared secret information regarding a connection to the different one of the user devices.
  - 15. The method of claim 13, wherein the at least some of the user devices send a notification to another user device when the frame is determined to be from a different one of the user devices than the preceding one of the frames.
  - 16. The method of claim 13, wherein the at least some of the user devices are further configured to perform path length control.
  - 17. The method of claim 1, wherein at least some of the user devices are configured to detect a change in the connection to another one of the user devices and, upon detecting the change, to start a new Quantum Key Distribution session.
  - 18. The method of claim 1, wherein at least some of the user devices are configured to maintain a plurality of databases of shared secrets.

19. A system for distributing quantum cryptographic keys in an untrusted network, the system comprising:
- a switch; and
  
  a plurality of user devices, each of the user devices being configured to have a connection through the switch, wherein;
  
  the switch comprises;
  
  a connection establisher configured to establish a connection between pairs of the plurality of user devices according to a schedule;
  
  one of the user devices comprises;
  
  a Quantum Key Distribution session manager configured to establish a Quantum Key Distribution session with another one of the user devices via the established connection; and
  
  a secret sharer configured to derive shared secret information with the another one of the user devices.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The system of claim 19, wherein the secret sharer is configured to store the shared secret information in a database pertaining to the another one of the user devices.
  - 21. The system of claim 20, wherein, in at least some of the user devices, the secret sharer is further configured to determine whether information is being received from a same one of the user devices, when the secret sharer determines that the information is being received from a different one of the user devices, the secret sharer is configured to switch to a shared secret database for the different one of the user devices and to store newly received shared secret information in the shared secret database for the different one of the user devices.
  - 22. The system of claim 19, wherein the connection establisher is configured to establish connections having a same time duration between any pair of the user devices.
  - 23. The system of claim 19, wherein the connection establisher is configured to establish connections between pairs of the user devices, where connections between some of the pairs are configured to be longer than the connections between others of the pairs.
  - 24. The system of claim 19, wherein the connection establisher is configured to establish connections more frequently between some pairs of the user devices than between other pairs of the user devices.
  - 25. The system of claim 19, wherein the schedule includes random or pseudo-random intervals for lengths of connections between the pairs of the user devices.
  - 26. The system of claim 19, wherein the switch is configured to establish simultaneous connections between the pairs of the user devices.
  - 27. The system of claim 19, wherein at least one of the user devices is configured to be a quantum cryptographic receiver and not a quantum cryptographic transmitter.
  - 28. The system of claim 19, wherein at least one of the user devices is configured to be a quantum cryptographic transmitter and not a quantum cryptographic receiver.
  - 29. The system of claim 19, wherein at least one of the user devices includes a modulating retroreflector for quantum cryptography.
  - 30. The system of claim 19, wherein at least one of the connections is conveyed, at least partially, via freespace.
  - 31. The system of claim 19, wherein at least one of the connections is conveyed, at least partially, via an optical fiber.
  - 32. The system of claim 19, wherein at least one of the connections is conveyed, at least partially, via a photonic band-gap fiber.

33. A switch configured to establish a connection between a plurality of pairs of quantum cryptographic user devices, the switch comprising:
- a connection establisher configured to successively establish a connection between the pairs of the quantum cryptographic user devices according to a schedule.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
- - 34. The switch of claim 33, wherein the connection establisher is further configured to establish each of the connections with a same time duration.
  - 35. The switch of claim 33, wherein the connection establisher is further configured to establish each of the connections such that some of the connections have a shorter time duration than others of the connections.
  - 36. The switch of claim 33, wherein the connection establisher is further configured to establish connections to some of the pairs of the quantum cryptographic user devices more frequently than connections with other pairs of the quantum cryptographic user devices.
  - 37. The switch of claim 33, wherein the connection establisher is further configured to establish connections between a plurality of pairs of the quantum cryptographic user devices simultaneously.
  - 38. The switch of claim 33, wherein the switch includes a mirror for optical switching.
  - 39. The switch of claim 33, wherein the switch includes Micro Electronic Mechanical System (MEMS) mirror for optical switching.
  - 40. The switch of claim 33, wherein the switch is configured to employ movement of a fiber for optical switching.
  - 41. The switch of claim 33, wherein the switch is configured to employ a bubble for optical switching.

42. A user device configured to communicate with a second user device via a Quantum Key Distribution switch configured to switch connections among a plurality of user devices, including the user device and the second user device, according to a schedule, the user device comprising:
- a QKD session manager configured to establish a QKD session with the second user device via the QKD switch; and
  
  a secret sharer configured to exchange secret information with the second user device over the QKD session passing through the QKD switch.
- View Dependent Claims (43, 44, 45)
- - 43. The user device of claim 42, wherein the secret sharer is configured to store the shared secret information in a database pertaining to the connection with the second user device.
  - 44. The user device of claim 43, wherein the secret sharer is further configured to switch to a shared secret database for the another user device when the user device determines that the QKD switch switched the connection, the secret sharer being further configured to store the shared secret information in a database pertaining to the connection with the another user device.
  - 45. The user device of claim 44, wherein the user device is further configured to determine an identity of the another user device and to exchange QKD protocols with the another user device over a public channel.

46. A system for distributing quantum cryptographic keys in an untrusted network, the system comprising:
- means for establishing a connection between pairs of user devices according to a schedule;
  
  means for establishing a Quantum Key Distribution session between a pair of the user devices via the established connection; and
  
  means for agreeing upon shared secret information derived from the Quantum Key Distribution session.

47. A computer-readable memory device having stored thereon instructions for at least one processor to perform a method, the method comprising:
- successively establishing a connection between pairs of a plurality of quantum cryptographic user devices according to a schedule.
- View Dependent Claims (48, 49, 50, 51)
- - 48. The computer-readable memory device of claim 47, wherein the method further comprises establishing each of the connections with a same time duration.
  - 49. The computer-readable memory device of claim 47, wherein the establishing further establishes each of the connections such that at least one of the connections has a different time duration than others of the connections.
  - 50. The computer-readable memory device of claim 47, wherein the establishing further establishes connections to some of the pairs of the quantum cryptographic user devices less frequently than connections with other pairs of the user devices.
  - 51. The computer-readable memory device of claim 47, wherein the establishing further establishes connections between a plurality of pairs of the quantum cryptographic user devices simultaneously.

52. A computer-readable memory device having stored thereon instructions for at least one processor to perform a method, the method comprising:
- establishing a Quantum Key Distribution session between a first user device and a second user device via a Quantum Key Distribution switch, which is configured to switch connections among a plurality of user devices, including the first and the second user devices, according to a schedule; and
  
  agreeing on secret information derived from the Quantum Key Distribution session between the first user device and the second user device.
- View Dependent Claims (53, 54)
- - 53. The computer-readable memory device of claim 52, wherein the method further comprises storing, in a database associated with the first user device, the shared secret information pertaining to the connection with the second user device.
  - 54. The computer-readable memory device of claim 53, the method further comprising:
    - determining, in the first user device, whether the Quantum Key Distribution switch switched the connection to a third user device; and
      
      switching to a shared secret database for the third user device when the first user device determines that the Quantum Key Distribution switch switched the connection to the third user device; and
      
      storing the shared secret information in the shared secret database pertaining to the connection with the third user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
BBN Technologies (Rtx Corporation)
Inventors
Pearson, David Spencer, Elliott, Brig Barnum
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
SAN JUAN, MARTINJERIKO P

Application Number

US10/795,398
Time in Patent Office

1,666 Days
Field of Search

380/256, 380/277, 380/278
US Class Current

380/256
CPC Class Codes

H04B 10/70 Photonic quantum communication

H04L 9/0858 Details about key distillat...

Simple untrusted network for quantum cryptography

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Simple untrusted network for quantum cryptography

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links