Pedigrees for quantum cryptography

US 8,082,443 B2
Filed: 01/09/2006
Issued: 12/20/2011
Est. Priority Date: 01/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

communicating a sequence of symbols using quantum cryptographic mechanisms between two nodes to derive a block of encryption key material;

constructing a pedigree that includes details related to a manner in which the block of encryption key material was produced using the quantum cryptographic mechanisms and a time when the block of encryption key material was produced using the quantum cryptographic mechanisms, the details including;

information identifying a first time at which a public exchange of the communicated sequence of symbols was initiated, and information identifying a second time at which the public exchange of the communicated sequence of symbols was completed, andat least one of;

identification information associated with at least one endpoint that produced or received the block of encryption key material, ora unique identifier associated with the sequence of symbols communicated using the quantum cryptographic mechanisms;

storing the constructed pedigree; and

using the stored pedigree to investigate a quantum cryptographic key distribution security violation,where using the stored pedigree to investigate the quantum cryptographic key distribution security violation includes;

retrieving the stored pedigree based on an indication of the quantum cryptographic key distribution security violation; and

using the retrieved pedigree to identify, based on the indication of the quantum cryptographic key distribution security violation, one or more blocks of encryption key material that have been compromised.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system stores pedigrees that include details of how and when each of multiple blocks of encryption key material were distributed between two endpoints using quantum cryptographic techniques. The system receives an indication of a possible quantum cryptographic security violation and accesses the stored pedigrees to identify one or more of the multiple blocks of encryption key material that may have been compromised.

101 Citations

View as Search Results

23 Claims

1. A method, comprising:
- communicating a sequence of symbols using quantum cryptographic mechanisms between two nodes to derive a block of encryption key material;
  
  constructing a pedigree that includes details related to a manner in which the block of encryption key material was produced using the quantum cryptographic mechanisms and a time when the block of encryption key material was produced using the quantum cryptographic mechanisms, the details including;
  
  information identifying a first time at which a public exchange of the communicated sequence of symbols was initiated, and information identifying a second time at which the public exchange of the communicated sequence of symbols was completed, andat least one of;
  
  identification information associated with at least one endpoint that produced or received the block of encryption key material, ora unique identifier associated with the sequence of symbols communicated using the quantum cryptographic mechanisms;
  
  storing the constructed pedigree; and
  
  using the stored pedigree to investigate a quantum cryptographic key distribution security violation,where using the stored pedigree to investigate the quantum cryptographic key distribution security violation includes;
  
  retrieving the stored pedigree based on an indication of the quantum cryptographic key distribution security violation; and
  
  using the retrieved pedigree to identify, based on the indication of the quantum cryptographic key distribution security violation, one or more blocks of encryption key material that have been compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the constructed pedigree further includes information related to classical cryptography.
  - 3. The method of claim 1, further comprising:
    - publicly exchanging the communicated sequence of symbols between the two nodes to derive the block of encryption key material from the sequence of symbols.
  - 4. The method of claim 1, further comprising:
    - using the block of encryption key material for encrypting traffic sent between the two nodes via a public channel.
  - 5. The method of claim 1, where storing the constructed pedigree comprises:
    - transmitting the constructed pedigree across a network to cause the constructed pedigree to be stored in a remote location.
  - 6. The method of claim 1, further comprising:
    - appending a digital signature to the constructed pedigree to certify its authenticity.
  - 7. The method of claim 1, where the details, related to the manner in which the block of encryption key material was produced and the time when the block of encryption key material was produced, further include at least one of:
    - whether an underlying optical system used for symbol communication using quantum cryptographic mechanisms is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons;
      
      a mean photon number if an underlying optical system used for symbol communication using quantum cryptographic mechanisms comprises an attenuated laser;
      
      error bounds that an error detection and correction protocol associated with the symbol communication using quantum cryptographic mechanisms is designed to achieve;
      
      times at which the block of encryption key material was derived, including the starting and ending times for communicating the sequence of symbols using quantum cryptographic mechanisms;
      
      an amount of privacy amplification used for deriving the block of encryption key material;
      
      identification information of the two nodes that participated in communicating the sequence of symbols using the quantum cryptographic mechanisms;
      
      an observed error rate associated with the communication of the sequence of symbols;
      
      an estimated entropy rate for the derived block of encryption key material;
      
      times at which quantum key distribution (QKD) protocols that derived the block of encryption key material operated;
      
      identification information of one or more of quantum key distribution (QKD) protocols used to derive the block of encryption key material;
      
      a size of the block of encryption key material;
      
      parameters of a security guarantee associated with the block of encryption key material;
      
      orone or more random numbers used in deriving the block of encryption key material.

8. A system, comprising:
- a quantum cryptographic transmitter to transmit a sequence of symbols using quantum cryptographic mechanisms to a node;
  
  a network interface to publicly exchange the transmitted sequence of symbols with the node to derive a plurality of blocks of encryption key material from the transmitted sequence of symbols; and
  
  a processing unit to;
  
  construct a quantum cryptography key pedigree that includes details related to a manner in which the plurality of blocks of encryption key material was produced using the quantum cryptographic mechanisms and a time when the plurality of blocks of encryption key material was produced using the quantum cryptographic mechanisms,where the constructed quantum cryptography key pedigree includes at least one of;
  
  information identifying a first time at which the public exchange of the transmitted sequence of symbols was initiated, and information identifying a second time at which the public exchange of the transmitted sequence of symbols was completed, andat least one of;
  
  identification information associated with at least one endpoint that produced or received one or more of the plurality of blocks of encryption key material, orinformation uniquely identifying the transmitted sequence of symbols,store the constructed quantum cryptography key pedigree, anduse the stored quantum cryptography key pedigree to identify at least one of the plurality of blocks of encryption key material that has been compromised,where, when using the constructed quantum cryptography key pedigree to identify the at least one of the plurality of blocks of encryption key material that has been compromised, the processing unit is to;
  
  retrieve the stored quantum cryptography key pedigree based on an indication of a security violation, anduse the retrieved quantum cryptography key pedigree to identify, based on the indication of the security violation, the at least one of the plurality of blocks of encryption key material that has been compromised.
- View Dependent Claims (9)
- - 9. The system of claim 8, where the details further include:
    - identification information of a first endpoint and a second endpoint associated with transmission of the sequence of symbols, andan estimated entropy rate for at least one of the plurality of blocks of encryption key material.

10. A method, comprising:
- communicating symbols using quantum cryptographic mechanisms between a first endpoint and a second endpoint;
  
  publicly exchanging the symbols between the first endpoint and the second endpoint to obtain a block of encryption key material;
  
  identifying parameters associated with at least one of the symbols communicated using the quantum cryptographic mechanisms or the public exchange of the symbols,where the identified parameters, associated with at least one of the symbols communicated using the quantum cryptographic mechanisms or the public exchange, comprise;
  
  information identifying a first time when the public exchange of the symbols was initiated and information identifying a second time when the public exchange of the symbols was completed, andat least one of;
  
  a mean photon number when an underlying optical system, used for symbol communication using the quantum cryptographic mechanisms, comprises an attenuated laser, orinformation identifying times when quantum key distribution protocols, that were used to obtain the block of encryption key material, operated;
  
  storing the identified parameters as a pedigree for the block of encryption key material;
  
  retrieving the stored pedigree based on an indication of a quantum cryptographic key distribution security violation; and
  
  using the retrieved pedigree to identify, based on the indication of the security violation, one or more blocks of encryption key material that have been compromised.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, where the identified parameters further include information related to classical cryptography.
  - 12. The method of claim 10, where the identified parameters indicate a manner in which and a time when the block of encryption key material was produced using the quantum cryptographic mechanisms.
  - 13. The method of claim 10, where the identified parameters further comprise at least one of:
    - whether an underlying optical system used for symbol communication using quantum cryptographic mechanisms is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons;
      
      error bounds that an error detection and correction protocol associated with the symbol communication using the quantum cryptographic mechanisms is designed to achieve;
      
      an amount of privacy amplification used for obtaining the block of encryption key material;
      
      identification information of at least one of the first endpoint or the second endpoint that participated in the symbol communication using quantum cryptographic mechanisms;
      
      a unique identifier for the symbols communicated using the quantum cryptographic mechanisms;
      
      times at which the block of encryption key material was obtained, including starting and ending times for communicating the symbols using the quantum cryptographic mechanisms;
      
      an observed error rate associated with the communication of the symbols;
      
      an estimated entropy rate for the obtained block of encryption key material;
      
      identification information of one or more quantum key distribution (QKD) protocols used to obtain the block of encryption key material;
      
      orinformation related to authentication used in publicly exchanging the communicated symbols.

14. A system, comprising:
- a quantum cryptographic receiver to receive symbols transmitted from a node using quantum cryptographic mechanisms;
  
  a network interface to publicly exchange the received symbols with the node to obtain a block of encryption key material; and
  
  a processing unit to;
  
  identify parameters associated with at least one of the transmission of the symbols or the public exchange of the received symbols,the identified parameters including;
  
  information identifying a period of time during which the received symbols were publicly exchanged, andat least one of;
  
  identification information of one or more quantum key distribution protocols used to obtain the block of encryption key material, oridentification information that uniquely identifies the block of encryption key material,store the identified parameters as a pedigree for the block of encryption key material, retrieve the stored pedigree based on an indication of at least one security violation associated with one or more blocks of encryption key material, anduse the retrieved pedigree to identify, based on the indication of the at least one security violation, the one or more blocks of encryption key material that have been compromised.

15. A method, comprising:
- storing pedigrees that include details related to a manner in which at least one of a plurality of blocks of encryption key material was distributed between two endpoints using quantum cryptographic techniques and a time when the at least one of the plurality of blocks of encryption key material was distributed between the two endpoints using the quantum cryptographic techniques;
  
  receiving an indication of a quantum cryptographic security violation, the received indication of the quantum cryptographic security violation including;
  
  identification information of a producing quantum key distribution endpoint associated with the received indication of the quantum cryptographic security violation, andat least one of;
  
  a first period of time during which a quantum key distribution, associated with the quantum cryptographic security violation, occurred, the first period of time including a first starting time and a first ending time, ora second period of time during which a public exchange of symbols, associated with the quantum cryptographic security violation, occurred, the second period of time including a second starting time and a second ending time;
  
  accessing, in response to receiving the indication of the quantum cryptographic security violation, the stored pedigrees to identify, based on the received indication of the quantum cryptographic security violation, a first pedigree, of the stored pedigrees, associated with one or more of the plurality of blocks of encryption key material that have been compromised;
  
  identifying, based on the identification information of the producing quantum key distribution endpoint, a second pedigree of the stored pedigrees;
  
  retrieving identification information of another quantum key distribution endpoint, associated with the producing quantum key distribution endpoint, from the identified second pedigree; and
  
  using the identified first pedigree and the identification information of the other quantum key distribution endpoint to ascertain at least one of an extent or a nature of the quantum cryptographic key security violation.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising:
    - determining, based on the identified first pedigree, a manner in which the one or more of the plurality of blocks of encryption key material were distributed and a time when the one or more of the plurality of blocks of encryption key material were distributed.

17. The method of 15, where accessing the stored pedigrees comprises:
- using the stored pedigrees to identify encryption material that has been compromised by an eavesdropper.

18. A method, comprising:
- storing pedigrees that include details related to a manner in which at least one of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques and a time when the at least one of the plurality of blocks of encryption key material were produced using the quantum cryptographic techniques;
  
  receiving an indication of a quantum cryptographic key distribution security violation,where the received indication of quantum cryptographic key distribution security violation includes one or more parameters, the one or more parameters including;
  
  identification information of a producing quantum key distribution endpoint associated with the received indication of the quantum cryptographic key distribution security violation, anda period of time during which a quantum key distribution, associated with the received indication of a quantum cryptographic key distribution security violation, occurred;
  
  identifying at least one of the stored pedigrees based on the one or more parameters;
  
  identifying one or more of the stored pedigrees based on the identification information of the producing quantum key distribution endpoint;
  
  retrieving, from the identified one or more of the stored pedigrees, identification information of one or more other quantum key distribution endpoints that are associated with the producing quantum key distribution endpoint andusing the identified at least one of the stored pedigrees and the identification information of the one or more other quantum key distribution endpoints to ascertain at least one of an extent or a nature of the quantum cryptographic key distribution security violation.
- View Dependent Claims (19)
- - 19. The method of claim of claim 18, where the details include:
    - parameters of a security guarantee associated with one or more of the plurality of blocks of encryption key material, and an estimated entropy rate for the one or more of the plurality of blocks of encryption key material.

20. A system, comprising:
- a database to store pedigrees that include details related to a manner in which one or more of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques and a time when the one or more of the plurality of blocks of encryption key material were produced using the quantum cryptographic techniques,where the details include at least one of;
  
  an amount of privacy amplification used for obtaining the one or more of the plurality of blocks of encryption key material,whether an underlying optical system used for symbol communication using the quantum cryptographic mechanisms is based on an attenuated laser pulse, a true single photon source, or pairs of entangled photons, ora mean photon number when an underlying optical system, used for symbol communication using quantum cryptographic mechanisms, comprises an attenuated laser; and
  
  a processing unit to;
  
  receive an indication of a quantum cryptographic security violation, the received indication of the quantum cryptographic security violation including information identifying a producing quantum key distribution endpoint associated with the received indication of the quantum cryptographic security violation,access the stored pedigrees to identify, based on the quantum cryptographic security violation, a first pedigree, of the stored pedigrees;
  
  corresponding to one or more encryption keys that have been compromised,identify, based on the information identifying the producing quantum key distribution endpoint, a second pedigree of the stored pedigrees;
  
  retrieve, from the identified second pedigree, information identifying another quantum key distribution endpoint that is associated with the producing quantum key distribution endpoint; and
  
  use the identified first pedigree and the information identifying the other quantum key distribution endpoint to investigate the quantum cryptographic security violation.

21. A non-transitory computer-readable recording medium that stores instructions executable by a processing unit, the computer-readable recording medium comprising:
- instructions for transmitting symbols using quantum cryptographic mechanisms via a quantum channel to a node;
  
  instructions for exchanging the transmitted symbols with the node, via a public channel, to derive a block of encryption key material;
  
  instructions for constructing a pedigree that includes details related to a manner in which the block of encryption key material was produced using quantum cryptographic techniques and a time when the block of encryption key material was produced using the quantum cryptographic techniques,where the details, related to the manner in which the block of encryption key material was produced and the time when the block of encryption key material was produced, include;
  
  information identifying a first time at which the exchanging the transmitted symbols was initiated, and information identifying a second time at which the exchanging the transmitted symbols was completed, andat least one;
  
  information identifying times at which quantum key distribution mechanisms that derived the block of encryption key material operated, oridentification information associated with the block of encryption key material;
  
  instructions for retrieving the constructed pedigree based on an indication of a quantum cryptographic key distribution security violation; and
  
  instructions for using the retrieved pedigree, when investigating the quantum cryptographic key distribution security violation, to identify one or more blocks of encryption key material that have been compromised.
- View Dependent Claims (22)
- - 22. The non-transitory computer-readable recording medium of claim 21, further comprising:
    - instructions for identifying another pedigree based on identification information of a quantum key distribution endpoint, where the quantum key distribution endpoint is associated with another quantum cryptographic key distribution security violation;
      
      instructions for retrieving, from the other pedigree, identification information of one or more other quantum key distribution endpoints that are associated with the quantum key distribution endpoint; and
      
      instructions for investigation the other quantum cryptographic key distribution security violation based on the identification information of the one or more other quantum key distribution endpoints.

23. A system, comprising:
- means for storing pedigrees that include details related to a manner in which at least one of a plurality of blocks of encryption key material were produced using quantum cryptographic techniques and a time when the at least one of the plurality of blocks of encryption key material were produced using the quantum cryptographic techniques,where the details include;
  
  starting and ending times at which the plurality of blocks of encryption key material was obtained;
  
  means for receiving an indication of a quantum cryptographic key distribution security violation,where the received indication of the quantum cryptographic key distribution security violation includes;
  
  information identifying a producing quantum key distribution endpoint associated with the received indication of the quantum cryptographic key distribution security violation, anda period of time during which a quantum key distribution, associated with the received indication of a the quantum cryptographic key distribution security violation, occurred;
  
  means for identifying, based on the received indication of the quantum cryptographic key distribution security violation, a first pedigree of the stored pedigrees;
  
  means for identifying, based on the information identifying the producing quantum key distribution endpoint, a second pedigree of the stored pedigrees;
  
  means for retrieving, from the identified second pedigree, information identifying another quantum key distribution endpoint that is associated with the producing quantum key distribution endpoint; and
  
  means for using the first pedigree and the information identifying the other quantum key distribution endpoint to ascertain at least one of an extent or a nature of the quantum cryptographic key distribution security violation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
BBNT Solutions LLC (Rtx Corporation)
Inventors
Troxel, Gregory, Pearson, David Spencer, Elliott, Brig Barnum
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US11/327,471
Publication Number

US 20070192598A1
Time in Patent Office

2,171 Days
Field of Search

713/168, 713/150, 380/255, 380/256, 380/263, 380/278, 380/281, 380/41
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/0852   Quantum cryptography transm...

H04L 9/0858   Details about key distillat...

Pedigrees for quantum cryptography

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Pedigrees for quantum cryptography

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links