Key distribution center for quantum cryptographic key distribution networks

US 7,457,416 B1
Filed: 07/17/2002
Issued: 11/25/2008
Est. Priority Date: 07/17/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of distributing key information by securely transmitting light information in a network along a path comprised of a plurality of network devices, said network devices comprising a plurality of switching devices, said method comprising:

specifying a plurality of user devices connected with the network, said user devices constituting a secure communication group;

setting up a plurality of paths through said network by sending at least one setup message from the respective user devices to said network devices, based on said setup message, configuring said network devices to direct said light information along a corresponding one of said paths, each of said paths being an end-to-end path between each of said user devices and a key distribution center device connected with the network using said switching devices;

establishing a plurality of user keys, each user key corresponding to a respective user device, by sending the light information using randomly selected quantum bases through said paths, each of said user keys being acquired by said respective user devices and the key distribution center device;

determining a shared secret key at the key distribution center device; and

notifying each of said user devices of the shared secret key by sending the result of a calculation based on the shared secret key and the corresponding user key for each respective user device through the network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for distributing key information by securely transmitting light information in a network along a path comprised of a plurality of network devices and by using a key distribution center (KDC) connected with the network. Three or more user devices connected with the network are specified as constituting a secure communication group. Each user device sets up an end-to-end path to the KDC by configuring at least one of the network devices to direct light information along the path. Thereafter, a user key is established between each user device and the KDC, by sending light information using randomly selected quantum bases through the path. The KDC determines a shared secret key, and notifies each user device of the shared secret key by sending the result of a calculation based on the shared secret key and each user key through the network.

162 Citations

View as Search Results

23 Claims

1. A method of distributing key information by securely transmitting light information in a network along a path comprised of a plurality of network devices, said network devices comprising a plurality of switching devices, said method comprising:
- specifying a plurality of user devices connected with the network, said user devices constituting a secure communication group;
  
  setting up a plurality of paths through said network by sending at least one setup message from the respective user devices to said network devices, based on said setup message, configuring said network devices to direct said light information along a corresponding one of said paths, each of said paths being an end-to-end path between each of said user devices and a key distribution center device connected with the network using said switching devices;
  
  establishing a plurality of user keys, each user key corresponding to a respective user device, by sending the light information using randomly selected quantum bases through said paths, each of said user keys being acquired by said respective user devices and the key distribution center device;
  
  determining a shared secret key at the key distribution center device; and
  
  notifying each of said user devices of the shared secret key by sending the result of a calculation based on the shared secret key and the corresponding user key for each respective user device through the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the step of establishing includes for each one of the user keys:
    - determining a plurality of bits at a sender side;
      
      creating the light information representing the plurality of bits using a sender-side randomly selected quantum bases;
      
      measuring a quantum state of the light information using a receiver-side randomly selected quantum bases; and
      
      acquiring a part of the plurality of bits from the quantum state at a receiver side, as said one of the user keys.
  - 3. The method of claim 2, wherein the step of creating includes:
    - receiving photons or light pulses from the receiver side; and
      
      creating the light information representing the plurality of bits by modulating the received photons or light pulses based on the plurality of bits.
  - 4. The method of claim 2, wherein the step of establishing further includes:
    - determining whether each one of the sender-side randomly selected quantum bases has an equivalent orientation to a corresponding one of the receiver-side randomly selected quantum bases; and
      
      discarding a part of the quantum state for which a corresponding one of the receiverside randomly selected quantum bases has been determined to be different from said one of the sender-side randomly selected quantum bases, thereby producing a stream of remaining bits.
  - 5. The method of claim 4, wherein the step of establishing further includes:
    - comparing a receiver-side value of a random subset of said stream of remaining bits with a sender-side value of said random subset, to determine whether or not to establish a user key from the light information sent and received; and
      
      if it is determined to establish the user key, creating said part of the plurality of bits based on said stream of remaining bits by discarding said random subset.
  - 6. The method of claim 1, wherein the light information comprises photons or light pulses representing characteristics of the photons.
  - 7. The method of claim 1, wherein each of said paths is multiplexed onto a fiber with at lease one other quantum-cryptographic signal.
  - 8. The method of claim 1, wherein each of said network devices comprises:
    - a switch for exchanging information other than the light information through the network; and
      
      a mirror element for reflecting the light information from one fiber to another fiber, and wherein the mirror element is controlled by a signal from the switch such that said one fiber, the mirror element, and said another fiber form the path for securely transmitting the light information.
  - 9. The method of claim 8, wherein configuring said network devices comprises sending the signal to the mirror element based on said at least one setup message.
  - 10. The method of claim 8, wherein the step of notifying includestransferring the result of calculation by the switch, in a direction from the key distribution center device to each respective user device.
  - 11. The method of claim 1, wherein the step of notifying includescreating the result of calculation by performing an exclusive-or operation on the shared secret key and each corresponding user key, and each of said user devices performs an exclusive-or operation on a corresponding one of the result of calculation and the user key corresponding to the respective user device to obtain the shared secret key.
  - 12. The method of claim 1, further comprisingdiscarding the shared secret key and said user keys at the key distribution center;
    - andstarting the secure communication among said user devices using the shared secret key.
  - 13. The method of claim 1, wherein at least one of the end-to-end paths includes an intermediate network device between one of the user devices and the key distribution center.

14. An apparatus for functioning as a key distribution center in a network in which key information is distributed by securely transmitting light information along a path comprised of a plurality of network devices, said network devices comprising a plurality of switching devices said apparatus comprising:
- an electronic network interface for exchanging information other than the light information with the network;
  
  a computing module for specifying a plurality of user devices connected with the network, said user devices constituting a secure communication group, and for setting up a plurality of paths through said network by sending at least one setup message from the respective user devices to said network devices, based on said setup message, configuring said network devices to direct said light information along a corresponding one of said paths, each of said paths being an end-to-end path between each of said user devices and the apparatus using said switching devices; and
  
  a quantum cryptographic interface for establishing a plurality of user keys by light information transmitted through said paths using randomly selected quantum bases, each of said user keys corresponding to and being acquired by a respective user device and the apparatus,and wherein the computing module further determines a shared secret key, and notifies each of said user devices of the shared secret key by sending the result of a calculation based on the shared secret key and the user key corresponding to each respective user device through the electronic network interface.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The apparatus of claim 14, wherein the electronic network interface is connected with at least one switch in at least one of said network devices, the switch being configured to exchange information other than the light information over the network, and the light information used in the quantum cryptographic interface has been transferred by at least one mirror element in said at least one of said network devices, the mirror element being configured to reflect the light information.
  - 16. The apparatus of claim 14, wherein the computing module discards the shared secret key and said user keys in the apparatus, when the secure communication using the shared secret key becomes available among said user devices.
  - 17. The apparatus of claim 14, wherein the quantum cryptographic interface determines a plurality of bits and creates the light information representing the plurality of bits using a sender-side randomly selected quantum bases, when each of said user device measures a quantum state of the light information using a receiver-side randomly selected quantum bases and acquires a part of the plurality of bits from the quantum state as said one of the user keys.
  - 18. The apparatus of claim 14, wherein, when each of said user device determines a plurality of bits and creates the light information representing the plurality of bits using a sender-side randomly selected quantum bases, the quantum cryptographic interface measures a quantum state of the light information using a receiver-side randomly selected quantum bases and acquires a part of the plurality of bits from the quantum state as said one of the user keys.
  - 19. The method of claim 14, wherein at least one of the end-to-end paths includes an intermediate network device between one of the user devices and the apparatus.

20. An apparatus for functioning as a user device communicating with a key distribution center in a network in which key information is distributed by securely transmitting light information along a path comprised of a plurality of network devices, said network devices comprising a plurality of switching devices, said apparatus comprising:
- an electronic network interface for exchanging information other than the light information with the network;
  
  a computing module for specifying a plurality of user devices connected with the network, said user devices and the apparatus constituting a secure communication group, andfor setting up a plurality of paths through the network, each of said paths being an end-to-end path through the network between the key distribution center and the apparatus by sending at least one setup message from the respective user devices to said network devices, based on said setup message, configuring said network devices to direct said light information along said end-to-end path using said switching devices anda quantum cryptographic interface for establishing a user key by light information transmitted through said path using randomly selected quantum bases, said user key being acquired by the key distribution center and the apparatus,and wherein the electronic network interface receives from the key distribution center the result of a calculation based on a shared secret key and said user key, and the computing module obtains the shared secret key by performing an operation on the result received using said user key.
- View Dependent Claims (21)
- - 21. The method of claim 20, wherein the end-to-end path includes an intermediate network device between the key distribution center and the apparatus.

22. A computer-usable medium containing instructions for causing a computer to perform a method of distributing key information by securely transmitting light information in a network along a path comprised of a plurality of network devices, said network devices comprising a plurality of switching devices, said method comprising:
- specifying a plurality of user devices connected with the network, said user devices constituting a secure communication group;
  
  setting up a plurality of paths through said network by sending at least one setup message from the respective user devices to said network devices, based on said setup message, configuring said network devices to direct said light information along a corresponding one of said paths, each of said paths being an end-to-end path between each of said user devices and a key distribution center device connected with the network using said switching devices;
  
  establishing a plurality of user keys, each user key corresponding to a respective user device, by sending the light information using randomly selected quantum bases through said paths, each of said user keys being acquired by said respective user devices and the key distribution center device;
  
  determining a shared secret key at the key distribution center device; and
  
  notifying each of said user devices of the shared secret key by sending the result of a calculation based on the shared secret key and the corresponding user key for each respective user device through the network.
- View Dependent Claims (23)
- - 23. The method of claim 22, wherein at least one of the end-to-end paths includes an intermediate network device between one of the user devices and the key distribution center.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
BBN Technologies (Rtx Corporation)
Inventors
Elliott, Brig Barnum
Primary Examiner(s)
Brown, Christopher J

Application Number

US10/197,659
Time in Patent Office

2,323 Days
Field of Search

380/256, 380/278, 713/171
US Class Current

380/256
CPC Class Codes

H04L 9/083 involving central third par...

H04L 9/0852 Quantum cryptography transm...

Key distribution center for quantum cryptographic key distribution networks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

162 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Key distribution center for quantum cryptographic key distribution networks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

162 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links