Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
METHOD, APPARATUS, AND SYSTEM FOR QUANTUM KEY DISTRIBUTION
Document Type and Number:
WIPO Patent Application WO/2016/118359
Kind Code:
A1
Abstract:
A quantum key distribution system includes a quantum security key management (QSKM) device, a plurality of quantum security key distribution (QSKD) devices, and a quantum security key service (QSKS) device. The QSKD device splits an identity-based system private key into a plurality of system sub-private keys, and distributes the plurality of system sub-private keys to a corresponding number of the QSKD devices. The QSKS device forwards a request for acquiring an authorized private key from a first QSKD device to a predetermined number of second QSKD devices. The predetermined number of second QSKD devices each generate an identity-based authorized sub-private key from the system sub-private key. The first QSKD device acquires, from the predetermined number of second QSKD devices, the identity-based authorized sub-private keys, and reconstructs an identity-based authorized private key based on the identity-based authorized sub-private keys.

Inventors:
FU, Yingfang (Alibaba Group Legal Department, 5/F Building 3, No. 969 West Wen Yi Road,Yu Hang Distric, Hangzhou 1, 311121, CN)
LIU, Shuanlin (Alibaba Group Legal Department, 5/F Building 3, No. 969 West Wen Yi Road,Yu Hang Distric, Hangzhou 1, 311121, CN)
GAO, Yabin (Alibaba Group Legal Department, 5/F Building 3, No. 969 West Wen Yi Road,Yu Hang Distric, Hangzhou 1, 311121, CN)
CHEN, Xiuzhong (Alibaba Group Legal Department, 5/F Building 3, No. 969 West Wen Yi Road,Yu Hang Distric, Hangzhou 1, 311121, CN)
Application Number:
US2016/012988
Publication Date:
July 28, 2016
Filing Date:
January 12, 2016
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
ALIBABA GROUP HOLDING LIMITED (Fourth Floor, One Capital PlaceP.O. Box 84, George Town Grand Cayman, Cayman, KY)
International Classes:
H04K1/00
Foreign References:
US20130083926A12013-04-04
US20130208894A12013-08-15
US20140205089A12014-07-24
US20100329459A12010-12-30
US20100001029A12010-01-07
Other References:
BARKER ET AL.: "Recommendation for Key Management-Part 1: General (Revision 3).", NIST SPECIAL PUBLICATION., July 2012 (2012-07-01), XP055307975, Retrieved from the Internet
PEIXINHO: "Digital certificates and threshold cryptography.", DISS. UNIVERSITY OF BEIRA INTERIOR, COVILHÀ- PORTUGAL ., 19 October 2013 (2013-10-19), XP009505065, Retrieved from the Internet
See also references of EP 3248310A4
Attorney, Agent or Firm:
CHEN, Weiguo (Finnegan, Henderson Farabow, Garrett & Dunner LLP,901 New York Avenue, N, Washington D.C., 20001-4413, US)
Download PDF:
Claims:
WHAT IS CLAIMED IS:

1. A quantum key distribution system, comprising:

a quantum security key management device;

a plurality of quantum security key distribution devices connected with the quantum security key management device; and

a quantum security key service device connected with the quantum security key management device and the plurality of quantum security key distribution devices, wherein:

the quantum security key management device splits an identity-based system private key into a plurality of system sub-private keys, and distributes the plurality of system sub-private keys to a corresponding number of the quantum security key distribution devices;

the quantum security key service device forwards a request for acquiring an authorized private key from a first quantum security key distribution device of the plurality of quantum security key distribution devices to a predetermined number of second quantum security key distribution devices of quantum security key distribution devices;

the predetermined number of second quantum security key distribution devices each generate an identity-based authorized sub-private key from the system sub-private key; and

the first quantum security key distribution device acquires, from the predetermined number of second quantum security key distribution devices, the identity-based authorized sub-private keys, and reconstructs an identity- based authorized private key based on the identity-based authorized sub- private keys.

2. The quantum key distribution system of claim 1 , wherein at least one of the plurality of quantum security key distribution devices includes the quantum security key service device.

3. The quantum key distribution system of claim 1 , wherein the quantum security key management device is further configured to split the identity-based system private key by using a threshold secret sharing mechanism and the first quantum security key distribution device is further configured to reconstruct an identity-based authorized private key by using the threshold secret sharing mechanism.

4. The quantum key distribution system of claim 1 , wherein the first quantum security key distribution device is further configured to generate an identity-based signature certificate in accordance with the reconstructed identity-based authorized private key.

5. The quantum key distribution system of claim 1 , wherein the quantum security key management device is further configured to generate the identity-based system private key based on identifier information of the quantum key distribution system, a random number generated by a quantum noise source, and timestamp information.

6. The quantum key distribution system of claim 5, wherein the quantum security key management device is further configured to generate the identity-based system private key based on a formula:

S = ST Θ (BNID / expire_t im e) wherein Sr is the random number generated by the quantum noise source, BNID is the identifier information of the system, expire_time is the timestamp information, and S is the identity-based system private key.

7. The quantum key distribution system of claim 1 , wherein the quantum security key management device is further configured to generate the identity-based system private key based on a random number generated by a quantum noise source, identifier information of the quantum security key management device, and timestamp information.

8. The quantum key distribution system of claim 1 , wherein each of the second quantum security key distribution device is further configured to generate the identity-based authorized sub-private key based on identifier information of the first quantum security key distribution device, timestamp information, and the system sub-private key.

9. The quantum key distribution system of claim 8, wherein each of the second quantum security key distribution device is further configured to generate the identity-based authorized sub-private key by a formula:

s«r = sir (^ /expire.time)

si

wherein r is the system sub-private key, U|D is the identifier information of the first quantum security key distribution device, expire_time is the timestamp information, and Sur is an identity-based authorized sub-private key.

10. The quantum key distribution system of claim 1 , wherein:

the quantum security key management device is further configured to generate identifier information of a quantum security distribution device or a quantum security key service device in accordance with a registration request received from the quantum security key distribution device or the quantum security key service device; and

the quantum security key distribution device and the quantum security key service device are further configured to:

acquire a random number generated by a quantum noise source and timestamp information from the quantum security key management device, and

generate an identity-based private key or a shared key in accordance with the identifier information, the random number, and the timestamp information.

11. The quantum key distribution system of claim 1 , wherein:

the quantum security key management device is further configured to split the identity-based system private key into a plurality of system sub-private using a threshold secret sharing mechanism based on Lagrange interpolation; and

the first quantum security key distribution device is configured to reconstruct an identity-based authorized private key based on the identity-based authorized sub- private keys using the threshold secret sharing mechanism based on Lagrange interpolation.

12. The quantum key distribution system of claim 1 , wherein:

the quantum security key management device is further configured to distribute the plurality of system sub-private keys to a corresponding number of the quantum security key distribution devices in accordance with a quantum key agreement; and

the first quantum security key distribution device is configured to acquire, from the predetermined number of second quantum security key distribution devices, the identity-based authorized sub-private keys in accordance with the quantum key agreement,

the quantum key agreement being a redundancy transmission quantum key agreement or an on-demand retransmission quantum key agreement.

13. A quantum key distribution method, comprising:

receiving, by a quantum security key service device, a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester;

forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices;

receiving, by the first quantum security key distribution device of the requester, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys; and

reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys.

14. The quantum key distribution method of claim 13, wherein reconstructing, by the first quantum security key distribution device of the requester, the identity- based authorized private key based on the authorized sub-private keys includes reconstructing, by the first quantum security key distribution device of the requester, the identity-based authorized private key by using a threshold secret sharing mechanism.

15. The quantum key distribution method of claim 13, wherein before receiving, by the quantum security key service device, the request, the method further comprises:

splitting, by a quantum security key management device, an identity-based system private key into the plurality of system sub-private keys by using the threshold secret sharing mechanism; and

sharing, by the quantum security key management device, the plurality of system sub-private keys with a corresponding number of quantum security key distribution devices.

16. The quantum key distribution method of claim 15, wherein:

sharing the plurality of system sub-private keys with the corresponding number of second quantum security key distribution devices includes sharing the plurality of system sub-private keys with the corresponding number of quantum security key distribution devices in accordance with the quantum key agreement, the quantum key agreement being a redundancy transmission quantum key agreement or an on-demand retransmission quantum key agreement.

17. The quantum key distribution method of claim 16, wherein the identity- based system private key is generated based on a random number generated by a quantum noise source, identifier information of a quantum key distribution system, and timestamp information.

18. The quantum key distribution method of claim 17, wherein the quantum security key management device generates the identity-based system private key by a formula:

S = Sr Θ (BNID / expire_time) wherein Sr is the random number generated by the quantum noise source, BNiD is the identifier information of the quantum key distribution system, expirejime is the timestamp information, and S is the identity-based system private key.

19. The quantum key distribution method of claim 13, before receiving, by the quantum security key service device, the request, further comprising:

generating, by a quantum security key management device, an identity-based system private key by using a random number generated by a quantum noise source, identifier information of a quantum key distribution system, and timestamp information;

splitting, by the quantum security key management device, the identity-based system private key into the plurality of system sub-private keys by using a threshold secret sharing mechanism; and

sharing, by the quantum security key management device, the plurality of system sub-private keys with a corresponding number of quantum security key distribution devices.

20. The quantum key distribution method of claim 13, further comprising: receiving, by a quantum security key management device, a registration request from a quantum security key distribution device or the quantum security key service device;

generating and distributing, by the quantum security key management device, identifier information for the device that initiates the registration request;

sharing, by the quantum security key management device, a random number generated by a quantum noise source and timestamp information with the device that initiates the registration request; and generating, by the device that initiates the registration request, an identity- based private key in accordance with the identifier information, the random number, and the timestamp information.

21. The quantum key distribution method of claim 13, further comprising: verifying validity of the identifier information of the requester by a quantum security key management device.

22. The quantum key distribution method of claim 13, wherein the plurality of authorized sub-private keys are generated further based on timestamp information.

23. The quantum key distribution method of claim 22, wherein the authorized sub-private keys are generated through a formula:

Sur - s (uID /expire_time)

wherein si r is a system sub-private key, U|D is the identifier information of the requester, expire_time is the timestamp information, and Sur is an authorized sub- private key.

24. The quantum key distribution method of claim 13, wherein:

the plurality of system sub-private keys are obtained by splitting a system private key using a threshold secret sharing mechanism based on Lagrange interpolation; and

reconstructing, by the first quantum security key distribution device of the requester, the identity-based authorized private key based on the authorized sub- private keys includes reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub-private keys by using the threshold secret sharing mechanism based on Lagrange interpolation.

25. The quantum key distribution method of claims 13, further comprising generating an identity-based signature certificate in accordance with the

reconstructed identity-based authorized private key.

26. The quantum key distribution method of claim 13, wherein the request for acquiring an authorized private key is initiated by a quantum security key distribution device connected with a data center server.

27. The quantum key distribution method of claim 13, wherein the request for acquiring an authorized private key is initiated by a quantum security key distribution device of a cloud user, the request carrying identifier information of the quantum security key distribution device or identifier information of the cloud user.

28. A quantum key distribution method, comprising:

splitting, by a quantum security key management device, a system private key into a plurality of system sub-private keys;

distributing, by the quantum security key management device, the plurality of system sub-private keys to a corresponding number of quantum security key distribution devices;

receiving, by a quantum security key service device, a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester; forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices of the corresponding number of quantum security key distribution devices;

receiving, by the first quantum security key distribution device, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys; and

reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys.

29. The quantum key distribution method of claim 28, further comprising generating, by the quantum security key management device, the system private key by using a random number generated by a quantum noise source, identifier information of a quantum key distribution system, and timestamp information.

30. The quantum key distribution method of claim 28, wherein splitting, by the quantum security key management device, the system private key into the plurality of system sub-private keys includes:

splitting, by a quantum security key management device, a system private key into a plurality of system sub-private keys by using a threshold secret sharing mechanism based on Lagrange interpolation.

31. A quantum key distribution method of claim 28, wherein reconstructing, by the first quantum security key distribution device of the requester, the identity-based authorized private key based on the authorized sub-private keys includes:

reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys by using a threshold secret sharing mechanism based on Lagrange interpolation.

32. A quantum key distribution apparatus, comprising:

a private key request receiver unit that receives a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester;

a private key request forwarding unit that forwards the request to a

predetermined number of second quantum security key distribution devices;

an authorized sub-private key sharing unit that generates a plurality of authorized sub-private keys based on the identity of the requester and a plurality of system sub-private keys and that shares the authorized sub-private keys with the first quantum security key distribution device of the requester; and

an authorized private key reconstructing unit that reconstructs an identity- based authorized private key based on the authorized sub-private keys.

33. The quantum key distribution apparatus of claim 32, further comprising: a system sub-private key splitting unit that, before the private key request receiver unit receives the request, splits an identity-based system private key into the plurality of system sub-private keys by using the threshold key sharing mechanism; and

a system sub-private key sharing unit that shares the plurality of system sub- private keys with a corresponding number of second sub-quantum security key distribution devices.

34. The quantum key distribution apparatus of claim 33, wherein the authorized sub-private key sharing unit shares the authorized sub-private keys with the first quantum security key distribution device of the requester, in accordance with a redundancy transmission quantum key agreement or an on-demand

retransmission quantum key agreement.

35. The quantum key distribution apparatus of claim 33, wherein the system sub-private key splitting unit includes a system private key generating unit that generates the system private key based on a random number generated by a quantum noise source, identifier information of the system, and timestamp information.

36. The quantum key distribution apparatus of claim 35, wherein the system private key generating unit generates the system private key through the following formula:

S = Sr Θ (BN ]D / expire_tim e)

wherein Sr is the random number generated by the quantum noise source, BNiD is the identifier information of the quantum key distribution system, expire_time is the timestamp information, and S is the identity-based system private key.

37. The quantum key distribution apparatus of claim 33, wherein the system sub-private key splitting unit splits the system private key by using a secret sharing algorithm of a threshold secret sharing mechanism based on Lagrange interpolation to obtain the plurality of system sub-private keys; and

wherein the authorized private key reconstructing unit reconstructs the identity-based authorized private key by using a reconstruction algorithm of the threshold secret sharing mechanism based on Lagrange interpolation.

38. The quantum key distribution apparatus of claim 32, wherein the authorized sub-private key sharing unit generates the authorized sub-private keys based on the identity of the requester in accordance with identifier information of the requester, the plurality of system sub-private keys, and timestamp information.

39. The quantum key distribution apparatus of claim 38, wherein the authorized sub-private key generating unit generates the authorized sub-private keys based on the identity of the requester through the following formula:

Sur = si (w/D /expire_time)

wherein r is the system sub-private key, UID is the identifier information of the requester, expire_time is the timestamp information, and Sur is the authorized sub-private key based on the identity of the requester.

40. A non-transitory computer readable medium storing one or more programs, the one or more programs comprising instructions which, when executed by a computer system including a quantum security key service device and a first quantum security key distribution device, cause the computer system to perform a method comprising:

receiving, by the quantum security key service device, a request for acquiring an authorized private key from the first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester;

forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices;

receiving, by the first quantum security key distribution device of the requester, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys; and

reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys.

41. A non-transitory computer readable medium storing one or more programs, the one or more programs comprising instructions which, when executed by a computer system including a quantum security key management device, a quantum security key service device, and a first quantum security key distribution device, cause the computer system to perform a method comprising:

splitting, by the quantum security key management device, a system private key into a plurality of system sub-private keys;

distributing, by the quantum security key management device, the plurality of system sub-private keys to a corresponding number of quantum security key distribution devices;

receiving, by the quantum security key service device, a request for acquiring an authorized private key from the first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester;

forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices of the corresponding number of quantum security key distribution devices;

receiving, by the first quantum security key distribution device, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys; and

reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys.

Description:
METHOD, APPARATUS, AND SYSTEM FOR QUANTUM KEY DISTRIBUTION CROSS REFERENCE TO RELATED APPLICATION

[001] The present application is based on and claims the benefits of priority to Chinese Application No. 201510033128.2, filed January 22, 2015, the entire contents of which are incorporated herein by reference.

TECHNICAL FIELD

[002] The present application relates to quantum key technologies, in particular to methods, apparatus, and systems for quantum key distribution.

BACKGROUND

[003] With development of computers and network technologies, systems providing various services for users emerge, including, for example, cloud computing systems that provide applications, data and IT services for users. In such systems, to ensure security of stored static data and generated dynamic data, it is necessary to encrypt the data with an encryption algorithm. For example, in a cloud computing environment, two data encryption modes are typically used: a first encryption mode based on certificate authentication and a second encryption mode based on cloud computing key management.

[004] The basic principle of the certificate-based encryption authentication mode is as follows: a server in the system controls and saves keys by itself; when encrypting and storing the static data, the server uses symmetric keys to encrypt the data, and then uses a digital certificate to encrypt the symmetric keys (i.e., using a public key to encrypt the symmetric keys) and stores the encrypted data; when reading the data, the server or another server first uses a private key to decrypt the symmetric keys and then uses the decrypted symmetric keys to decrypt the data. [005] Compared with the certificate-based encryption authentication mode, the encryption mode that uses a cloud computing key management system is more widely applied to cloud computing environments, and is also the foundation of the security of cloud data.

[006] Fig. 1 is an exemplary cloud computing key management system. The cloud computing key management system includes two parts, i.e., a cloud computing key client end and a cloud computing key management service end. The cloud computing key client end resides in a cloud computing server and is responsible for providing a key service for cloud computing applications in the cloud computing server. The cloud computing key client end uses a standard key management protocol to apply for management services such as key generation, key recovery and key update to the cloud computing key management service end. The cloud computing key management service end applies for corresponding services to a symmetric password management server according to a service application type, and then returns a key service operation result to the cloud computing key client end, and may also act on behalf of the cloud computing key client end to apply for the corresponding services to a digital certificate center.

[007] Because both modes use classical cryptography based on

computational complexity, they can potentially be cracked in light of the emergence of cloud computing, quantum computing, and other computing technologies. In addition, for the first mode, the encrypted key must be kept safe. Once lost or damaged, the key or data cannot be recovered. For the second mode, although handing over the key to the system for central management improves security, administrators of the key management server, who have higher operation permissions, can access user data and keys, may give away the keys and user confidential information.

SUMMARY

[008] One aspect of the present disclosure is directed to a quantum key distribution system. The quantum key distribution system includes a quantum security key management device, a plurality of quantum security key distribution devices connected with the quantum security key management device, and a quantum security key service device connected with the quantum security key management device and the plurality of quantum security key distribution devices. The quantum security key management device splits an identity-based system private key into a plurality of system sub-private keys, and distributes the plurality of system sub-private keys to a corresponding number of the quantum security key distribution devices. The quantum security key service device forwards a request for acquiring an authorized private key from a first quantum security key distribution device of the plurality of quantum security key distribution devices to a

predetermined number of second quantum security key distribution devices of quantum security key distribution devices. The predetermined number of second quantum security key distribution devices each generate an identity-based authorized sub-private key from the system sub-private key. The first quantum security key distribution device acquires, from the predetermined number of second quantum security key distribution devices, the identity-based authorized sub-private keys, and reconstructs an identity-based authorized private key based on the identity-based authorized sub-private keys. [009] Another aspect of the present disclosure is directed to a quantum key distribution method. The quantum key distribution method includes receiving, by a quantum security key service device, a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester, forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices, receiving, by the first quantum security key distribution device of the requester, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys, and reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub-private keys.

[010] Consistent with some embodiments of the present disclosure, the reconstructing, by the first quantum security key distribution device of the requester, the identity-based authorized private key based on the authorized sub-private keys includes reconstructing, by the first quantum security key distribution device of the requester, the identity-based authorized private key may be implemented by using a threshold secret sharing mechanism.

[01 1 ] Consistent with some embodiments of the present disclosure, the quantum key distribution method may further include, before receiving the request by the quantum security key service device, splitting, by a quantum security key management device, an identity-based system private key into the plurality of system sub-private keys by using the threshold secret sharing mechanism, and sharing, by the quantum security key management device, the plurality of system sub-private keys with a corresponding number of quantum security key distribution devices.

[012] Another aspect of the present disclosure is directed to another quantum key distribution method. The quantum key distribution method include splitting, by a quantum security key management device, an identity-based system private key into a plurality of system sub-private keys, distributing, by the quantum security key management device, the plurality of system sub-private keys to a corresponding number of quantum security key distribution devices, receiving, by a quantum security key service device, a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester, forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices of the corresponding number of quantum security key distribution devices, receiving, by the first quantum security key distribution device, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys, and reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub- private keys.

[013] Consistent with some embodiments of the present disclosure, the quantum key distribution method may further include generating, by the quantum security key management device, the system private key by using a random number generated by a quantum noise source, identifier information of a quantum key distribution system, and timestamp information. [014] Consistent with some embodiments of the present disclosure, the splitting, by a quantum security key management device, an identity-based system private key into a plurality of system sub-private keys may be implemented by using a threshold secret sharing mechanism based on Lagrange interpolation.

[015] Consistent with some embodiments of the present disclosure, the reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub-private keys may be implemented by using a threshold secret sharing mechanism based on Lagrange interpolation.

[016] Another aspect of the present disclosure is directed to a quantum key distribution apparatus. The apparatus includes a private key request receiver unit that receives a request for acquiring an authorized private key from a first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester, a private key request forwarding unit that forwards the request to a predetermined number of second quantum security key distribution devices, an authorized sub-private key sharing unit that generates a plurality of authorized sub-private keys based on the identity of the requester and a plurality of system sub-private keys and that shares the authorized sub-private keys with the first quantum security key distribution device of the requester, and an authorized private key reconstructing unit that reconstructs an identity-based authorized private key based on the authorized sub-private keys.

[017] Another aspect of the present disclosure is directed to a non-transitory computer readable medium storing one or more programs. The one or more programs comprises instructions which, when executed by a computer system including a quantum security key service device and a first quantum security key distribution device, cause the computer system to perform a method comprising: receiving, by the quantum security key service device, a request for acquiring an authorized private key from the first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester, forwarding, by the quantum security key service device, the request to a

predetermined number of second quantum security key distribution devices, receiving, by the first quantum security key distribution device of the requester, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys, and reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub-private keys.

[018] Another aspect of the present disclosure is directed to a non-transitory computer readable medium storing one or more programs. The one or more programs comprising instructions which, when executed by a computer system including a quantum security key management device, a quantum security key service device, and a first quantum security key distribution device, cause the computer system to perform a method comprising: splitting, by the quantum security key management device, a system private key into a plurality of system sub-private keys, distributing, by the quantum security key management device, the plurality of system sub-private keys to a corresponding number of quantum security key distribution devices, receiving, by the quantum security key service device, a request for acquiring an authorized private key from the first quantum security key distribution device of a requester, the request at least carrying identifier information of the requester, forwarding, by the quantum security key service device, the request to a predetermined number of second quantum security key distribution devices of the corresponding number of quantum security key distribution devices, receiving, by the first quantum security key distribution device, a plurality of authorized sub-private keys generated, by the predetermined number of second quantum security key distribution devices, based on the identifier information of the requester and a plurality of system sub-private keys, and reconstructing, by the first quantum security key distribution device of the requester, an identity-based authorized private key based on the authorized sub-private keys.

[019] Additional features and advantages of the present disclosure will be set forth in part in the following detailed description, and in part will be obvious from the description, or may be learned by practice of the present disclosure. The features and advantages of the present disclosure will be realized and attained by means of the elements and combinations particularly pointed out in the appended claims.

[020] It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only, and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

[021] The accompanying drawings, which constitute a part of this

specification, illustrate several embodiments and, together with the description, serve to explain the disclosed principles.

[022] Fig. 1 is an exemplary cloud computing secured key management system in the prior art.

[023] Fig. 2 is a graphical illustration of a quantum key distribution system, according to an exemplary embodiment. [024] Fig. 3 is a graphical illustration of another quantum key distribution system, according to another exemplary embodiment.

[025] Fig. 4 is a block diagram illustrating a quantum key distribution system, according to a further exemplary embodiment.

[026] Fig. 5 is a flow diagram illustrating a quantum key distribution method, according to an exemplary embodiment.

[027] Fig. 6 is a flow diagram illustrating a quantum key distribution method, according to another exemplary embodiment.

[028] Fig. 7 is a block diagram illustrating a quantum key distribution apparatus, according to an exemplary embodiment.

DETAILED DESCRIPTION

[029] Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments consistent with the present invention do not represent all

implementations consistent with the invention. Instead, they are merely examples of systems and methods consistent with aspects related to the invention as recited in the appended claims.

[030] Consistent with some embodiments of the present disclosure, a quantum key distribution system is provided. The quantum key distribution system provided in this example includes: a quantum security key management (hereinafter referred to as QSKM) device, a plurality of quantum security key distribution (hereinafter referred to as QSKD) devices, a quantum security key service

(hereinafter referred to as QSKS) device, and data devices used as a source end and a destination end of secured data transmission. The QSKM device is connected with the plurality of QSKD devices and the QSKS device, each QSKD device is connected at least with a number of other QSKD devices, and the data device is connected at least with one QSKD device. The QSKM, QSKD, and QSKS devices can be implemented by computers or servers with one or more processors and memories. The memory may be a non-transitory computer-readable storing medium storing instructions, that when executed by the processor, perform functions described below.

[031] In some embodiments, one or more of the plurality of QSKD devices may include the QSKS device. In other words, functions of the QSKD device and the QSKS device may be integrated into one physical device, and may also be implemented by different physical devices respectively.

[032] In addition, in order to meet the requirement of long distance transmission of a quantum key, the quantum key distribution system may further include routing devices configured to relay the quantum key and forward data, so that the QSKM device, the QSKD device and the QSKS device can be

interconnected through the routing devices.

[033] Fig. 2 is a graphical illustration of a quantum key distribution system, according to an exemplary embodiment. In this embodiment, two QSKM devices standby for each other are included, functions of the QSKD and the QSKS are integrated into one physical device (represented by QSKD/QSKS), and the QSKM device and the QSKD/QSKS device are connected with each other through a routing device. Although the QSKD and QSKS are integrated into one physical device in some exemplary implementations, the functions implemented by the QSKD and QSKS may be different. Specific functions of the QSKM device, the QSKD device and the QSKM device and their coordination with each other are described from the perspective of functional division.

[034] Fig. 3 is a graphical illustration of another quantum key distribution system, according to an exemplary embodiment. In this embodiment, some QSKD devices are owned by some cloud users and some QSKD devices are rented by some cloud users.

[035] Fig. 4 is a block diagram illustrating a quantum key distribution system 100 shown in Figs. 2 and 3, according to an exemplary embodiment. The system 100 includes a number of components, some of which may be optional. The system 100 includes a QSKM device 101 , a plurality of QSKD devices 102, a QSKS device 103, a data device 104, and a routing device 105 all connected through a network 106. The plurality of QSKD devices 102 include a first QSKD device 1 12 and a plurality of second QSKD devices 122. The first QSKD device and the plurality of second QSKD devices may be structurally and functionally similar or identical devices. The grouping/classification of these QSKD devices is for illustration purposes.

[036] In some embodiments, the QSKD device and the QSKS device are integrated in one physical device, and the QSKM device and the QSKD/QSKS device are connected with one another through the routing device. In some embodiments, the system 100 includes two QSKM devices, each being a backup of the other.

[037] In some embodiments, the QSKM device is a manager of the quantum key distribution system, and the system may include one or more QSKM devices to achieve data synchronization and realize centralized management of the system. The QSKM device is responsible for splitting an identity-based system private key into a plurality of system sub-private keys in accordance with a threshold secret sharing mechanism, and respectively distributing the plurality of system sub-private keys to a corresponding number of the QSKD devices in accordance with quantum key agreement.

[038] In some embodiments, the identity-based system private key may be preset in the QSKM device, or may be generated by the QSKM device as follows: the identity-based system private key is generated in accordance with a random number generated by a quantum noise source, identifier information of the system and timestamp information. The reason why the random number generated by the quantum noise source is introduced is to increase security of the system private key by using random characteristics of quantum noise. For example, the system private key can be generated through Formula 1 :

[039] S = S T ® (BN ID /expire_time) Formula 1

[040] in which S r is the random number generated by the quantum noise source, BN iD is the identifier information of the system, expire_time is the timestamp information, and S is the identity-based system private key. The QSKM device can store the system private key (also called system key) in a system key database, which is only accessible to the QSKM device.

[041] In some embodiments, the QSKM device splits the identity-based system private key preset or generated as described above into a plurality of system sub-private keys in accordance with a threshold secret sharing mechanism, and respectively distributes the plurality of system sub-private keys to a corresponding number of the QSKD devices in accordance with a quantum key agreement.

[042] The reason why, in some embodiments, the identity-based system private key is split into a plurality of (at least two) identity-based system sub-private keys and distributed to a corresponding number of QSKD devices is to achieve distributed management of keys, and when the first QSKD device (or any other QSKD device) applies for acquiring an authorized private key, a predetermined number of sub-private keys under decentralized management can be combined. In this way, abuse of power caused by excessive centralization of key management rights can be avoided, thus effectively reducing the possibility that the administrator acquires and maliciously gives away user data. Moreover, in the event of key damage, it is also feasible to reacquire the predetermined number of sub-private keys and reconstructs the key.

[043] In some embodiments, the QSKM device splits the system private key into a plurality of identity-based system sub-private keys by using a threshold secret sharing mechanism. The threshold secret sharing mechanism is known as a (n, t) threshold secret sharing mechanism, and the mechanism is defined as follows: a secret S is distributed to n members for sharing through a secret sharing algorithm, so that each member holds a secret sub (a part of the secret S), and the following two conditions are met:

[044] (1 ) any number of members, the number of which is no less than t, can reconstruct the secret S with the secret subs they hold; and

[045] (2) any number of members, the number of which is less than t, cannot reconstruct the secret S with the secret subs they hold. [046] There are many schemes for realizing the aforementioned secret sharing mechanism, for example, a threshold secret sharing scheme based on Lagrange interpolation, or a Blakley threshold secret sharing scheme based on multidimensional space, and each scheme has its own secret sharing algorithm and a secret reconstruction algorithm corresponding thereto. These schemes are also called secret sharing mechanisms.

[047] In some embodiments, if the system includes n QSKD devices, the QSKM device can split the system private key into n system sub-private keys, according to the preset t value.

[048] In some embodiments, the threshold secret sharing mechanism based on Lagrange interpolation is used. The QSKM device can use the secret sharing algorithm shown in Formula 2 and Formula 3 to split the identity-based system private key S into n sub-private keys S,, in which a prime number φ in Formula 2 is greater than the total number n of QSKD devices that participate into private key management and is greater than the maximum value that the system private key S may be set, 0 =h (0) =S, and x t _ 1 , ... , a 1 are random coefficients generated by quantum noise; all the coefficients should be kept secured and are destroyed after n sub key shares ' are generated.

[049] h(x) = θί { _ χ χ ι 1 +— h α λ χ + α 0 mod φ Formula

2 h ( x . ) mod φ x i = i , i = 1, ... , n

[050]

Formula 3 [051 ] In this example, the identity-based system private key is split into a corresponding number in accordance with the number n of the QSKD devices, and in some embodiments, distributed management of keys can also be realized as long as the system private key is split into a plurality of system sub-private keys.

[052] In some embodiments, the QSKM device is further configured to, after the split, respectively distribute the plurality of system sub-private keys to a corresponding number of QSKD devices in accordance with the quantum key agreement. If the QSKM obtains n system sub-private keys Si, S 2 , . . . S n through splitting, the QSKM shares the S 1 p S 2 , . . . S n with QSKDi, QSKD 2 , ...QSKD n respectively in accordance with the quantum key agreement, e.g. a BB84 protocol.

[053] In some embodiments, in consideration of light loss and bit error rate, in order to ensure that the QSKM device and the QSKD devices can correctly share each system sub-private key, when the Si, S 2 , ... S n are converted to a quantum state for key agreement, a quantum key agreement of redundancy transmission or on-demand retransmission can be used.

[054] The redundancy transmission refers to transmitting the same bit over a certain proportion, that is, transmitting the same bit multiple times, in which the proportion can be determined based on a bit error rate, a transmission distance, a rate of loss and other factors; the on-demand retransmission refers to that a receiver device can know whether there are unreceived photons (for example, effective detection cannot be carried out due to attenuation) through a synchronization mechanism, and can judge which of the received quantum states are wrong by comparing measurement bases of classical channels. The receiver device can send the non-receiving and wrong quantum state information to the QSKM device, so that the QSKM device can repeatedly transmit particular quantum states one or more times in accordance with demands of the receiver device. By using the two methods above, the receiver device may successfully receive the same bit multiple times, and can keep 1 bit in this situation.

[055] In some embodiments, it is also possible to use another method for the quantum key agreement, as long as the method can ensure that the QSKM device and each QSKD device can share each system sub-private key correctly.

[056] In some embodiments, as a manager of the system, the QSKM device needs to communicate with each device of the system so as to realize necessary management functions. In order to increase security of data transmission and facilitate verification of the devices in the system on the identity of the manager, the QSKM device may be further configured to generate an identity-based private key thereof and a corresponding signature certificate by using a random number generated by a quantum noise source, identifier information and timestamp information. The certificate includes identifier information of the QSKM (e.g., ID of the QSKM device), and signature information using the private key thereof. For example, the system may generate an identity-based private key of the QSKM by using Formula 4.

[057] QSKM PK = QSKM r Θ (QSKM ro / expire_ time )

Formula 4

[058] in which QSKM| D is the identifier information of the QSKM, QSKM r is the random number generated by the QSKM by using a quantum noise source, expire_time is timestamp information, and QSKM PK is the identity-based private key of the QSKM. [059] The QSKM device can store the identity-based private key and the corresponding signature certificate into its own key/certificate database. As this example uses an identity-based public key encryption technology, identifier information (for example, ID) and the certificate are open through the whole network, while the identity-based private key is confidential and is generally accessible to a device or user that generates or owns the private key and accessible to authorized devices.

[060] In addition, in order to facilitate management and enable generation of the identity-based private key for transmitting secured data, the devices in the quantum key distribution system can have identifier information (for example, ID) that can be distinguished from other devices, and the identifier information may be preset in each device and may also be uniformly assigned and managed by the manager QSKM in the system. In one embodiment, the QSKM device is further configured to, in accordance with a registration request received from the QSKD device or the QSKS device, generate identifier information for the QSKD device or the QSKS device, and issue the identifier information to the corresponding device. If the QSKD device and the QSKS device are integrated into the same physical device, the QSKM may issue one ID for the QSKD device and the QSKS device and may also issue two IDs for the QSKD device and the QSKS device respectively.

[061 ] In some embodiments, one main function of the QSKS device in the system is forwarding a request for acquiring an authorized private key. When the data device in the system intends to perform data encryption storage or secured data transmission, the QSKD device (e.g., calling it the first QSKD device for illustration purpose) connected therewith can send the request for acquiring an authorized private key to the QSKS device. The request can carry identifier information (for example, ID) of the first QSKD device, and the QSKS device forwards the request to the predetermined number of QSKD devices (e.g., calling them the second QSKD devices for illustration purpose). For example, by using a (n, t) threshold

mechanism, the system private key is shared by n QSKD devices, the QSKS device forwards the request for acquiring an authorized private key to any t ones of the n QSKD devices. The t QSKD devices (i.e., the second QSKD devices) and the requester (i.e., the first QSKD device) are directly connected with each other or connected with each other through a routing device having a quantum key relaying function.

[062] In some embodiments, the first QSKD device is configured to acquire, from the t second QSKD devices, identity-based authorized sub-private keys generated in accordance with the plurality of system sub-private keys in accordance with the quantum key agreement, and reconstruct an identity-based authorized private key by using the threshold secret sharing mechanism.

[063] In some embodiments, when a QSKD device is not the requester of the authorized private key, the QSKD device (i.e., a second QSKD devices), after receiving the request for acquiring an authorized private key forwarded by the QSKS device, generates an identity-based authorized sub-private key in accordance with identifier information of the requester of the authorized private key, timestamp information and the system sub-private key that the QSKM device distributes to it. For example, an identity-based authorized sub-private key can be generated by using Formula 5, in which r (value of r is in a range of 1 -t) is the system sub- private key, UiD is the identifier information of the first QSKD device that serves as the requester of the authorized private key, expire_time is timestamp information, and S U r is the identity-based authorized sub-private key based on the identifier information of the requester.

[064] $ur = s i r ( U ID I expire_time) Formula 5

[065] In some embodiments, when a QSKD device is a requester of the authorized private key (i.e., the first QSKD device), the QSKD device is configured to acquire, from other QSKD devices, a predetermined number (e.g., t) of identity- based authorized sub-private keys in accordance with quantum key agreement, and reconstruct the identity-based authorized private key by using the threshold secret sharing mechanism. The identifier information of the requester and the identifier information of the first QSKD device are interchangeably used in this application. They can be the same or different. When they are different, they are interchangeable for the purpose in this application.

[066] In some embodiments, after t second QSKD devices generate the authorized sub-private keys based on the identity of the requester as described above, they share the authorized sub-private keys with the requester (i.e. the first QSKD device), respectively in accordance with the quantum key agreement, so that the requester acquires t identity-based system sub-private keys. It is also feasible to use redundancy transmission or on-demand retransmission, so as to ensure that the second QSKD devices correctly share the generated authorized sub-private keys with the first QSKD device.

[067] In some embodiments, when the first QSKD device reconstructs the identity-based authorized private key, a secret reconstruction algorithm

corresponding to the secret sharing algorithm used by the QSKM device to split the identity-based system private key is adopted. In one example, the QSKM adopts a secret sharing algorithm of a threshold secret sharing mechanism based on

Lagrange interpolation, and corresponding thereto, the requester (i.e. the first QSKD device) adopts a reconstruction algorithm of the threshold secret sharing mechanism based on Lagrange interpolation to reconstruct the identity-based authorized private key.

[068] In some embodiments, in accordance with t S ur acquired from t second QSKD devices, which is equivalent to knowing coordinates of any t points, i.e., (xn, S u i) > ( i2 < S u2 ) ... (Xit, S ut ), a corresponding f(x) can be obtained by using a Lagrange interpolation formula, and the reconstructed authorized private key S u = f(0). Based on the foregoing principle, the reconstructed identity-based authorized private key S u can be obtained by using Formula 6 and Formula 7. Formula 6

[070] s u = S(¾ /expire_time)

[071 ] H /expire_time) ...... Formu|a 7

[072] The requester (i.e. the first QSKD device) can be further configured to generate an identity-based signature certificate in accordance with the reconstructed authorized private key, so that the requester acquires the identity-based authorized private key and the certificate.

[073] In some embodiments, as the QSKS device, the QSKD device and the QSKM device may communicate with one another because of management demands inside the system, and in order to ensure security of the communication, the QSKS device and the QSKD device may also generate their own identity-based private keys.

[074] In some embodiments, the QSKD devices and the QSKS device are further configured to: acquire a random number generated by a quantum noise source and timestamp information from the QSKM device in accordance with the quantum key agreement, and generate identity-based private keys in accordance with the foregoing information and their own identifier information. For example, the QSKD devices and the QSKS device can generate their own identity-based private keys by using Formula 8, in which U r is a random number generated by the QSKM device for the QSKD devices or the QSKS device by using the quantum noise source, expire_time is timestamp information, and UID is identifier information (for example, ID) of the QSKD devices or the QSKS device, in which the identifier information may be preset or may be issued thereto by the QSKM device.

[075] U * = U ® (UID expire_t ime) Formu|a

8

[076] In one embodiment, the QSKM device can also compute U Pk for the QSKD devices or the QSKS device by using Formula 8, and it is also feasible by the QSKM device to use the Up k as a shared key between the QSKM device and the QSKD devices or the QSKS device to perform secured data transmission

therebetween.

[077] In some embodiments, the quantum key distribution system is applied to a cloud network architecture, including a cloud backbone network (data center) and a cloud user. [078] For example, the quantum key distribution system can be deployed in a cloud backbone network (e.g., cloud computing data center), the data device refers to a server of the cloud computing data center, and the QSKM device inside the system can distribute the plurality of system sub-private keys to QSKD devices inside the system in advance. When a certain server of the cloud computing data center needs to acquire an identity-based authorized private key before data storage or transmission, a QSKD device connected therewith can acquire a predetermined number of identity-based authorized sub-private keys from other QSKD devices, reconstruct the identity-based authorized private key by using a threshold secret sharing mechanism and generate a signature certificate.

[079] In another example, the system further includes a cloud user that accesses the system, and the cloud user can have his/her own QSKD device or rent a QSKD device in the system.

[080] For the cloud user that has a QSKD device, his/her QSKD device is connected with one routing device of the cloud computing data center. The QSKD device of the cloud user is configured to send a request for acquiring an authorized private key to a QSKS device of the cloud computing data center, acquire a predetermined number of identity-based authorized sub-private keys from QSKD devices of the cloud computing center in accordance with a quantum key agreement, reconstruct an identity-based authorized private key by using a threshold secret sharing mechanism, and generate an identity-based signature certificate.

[081 ] When the QSKD device of the cloud user sends the request for acquiring an authorized private key to the QSKS device of the cloud computing data center. The request can carry identifier information of the QSKD device and/or the cloud user that uses the QSKD device. The identifier information can be registered to a QSKM device of the cloud computing data center or issued by the QSKM device.

[082] For the cloud user that rents a QSKD device of the cloud computing data center, a request for acquiring an authorized private key can be sent to a QSKS device of the cloud computing data center. The QSKS device is configured to forward the request to a predetermined number of QSKD devices connected therewith. The QSKD devices share identity-based authorized sub-private keys with the rented QSKD device in accordance with a quantum key agreement. The rented QSKD device then reconstructs an identity-based authorized private key. The QSKD device can also generates an identity-based signature certificate. The QSKD device may store the key and certificate locally to allow the cloud user to access and use. Similar to the cloud user that has a QSKD device, identifier information of the cloud user that rents a QSKD device can be issued by a QSKM device of the cloud computing data center.

[083] In some embodiments, the quantum key distribution system provided by combining a quantum key distribution technology with a threshold secret sharing mechanism, not only can effectively reduce the risk that the classical cryptography is cracked, but also can decentralize management rights due to distributed

management over the key, thus effectively reducing the possibility that an administrator acquires and maliciously gives away user data and further

guaranteeing security of the user data. Especially when the system is applied to a cloud computing environment, as a user private key is generated by a cloud backbone network in a distributed manner and is finally synthesized by a QSKD device of the user or a QSKD device trusted by the user, the trust problems of cloud users for cloud providers can be solved, and after an encrypted key of user data is lost, the key can be retrieved from the cloud backbone network, so as to recover the user data.

[084] Fig. 5 is a flow diagram illustrating a quantum key distribution method 200, according to an exemplary embodiment. Some steps may be optional.

[085] At step 201 , a QSKS device receives a request for acquiring an authorized private key from a QSKD device of a requester (e.g., called a first QSKD device for illustration purpose), the request carrying identifier information of the first QSKD device or the requester (assuming the requester for this example).

[086] At step 202, the QSKS device forwards the request to a predetermined number of QSKD devices (e.g., called second QSKD devices for illustration purpose).

[087] At step 203, the predetermined number of second QSKD devices generate a plurality of authorized sub-private keys based on the identifier information of the requester and from a plurality of system sub-private keys.

[088] In some embodiments, after a second QSKD device receives the request forwarded by the QSKS device, the second QSKD device first verifies validity of the identity of the requester through the QSKM device; if the requester does not pass the identity verification, execution of the method is ended. The second QSKD devices generate the authorized sub-private keys in accordance with the identifier information of the requester, the pre-acquired system sub-private keys and timestamp information. For example, the authorized sub-private keys are generated by using the following formula:

S ur = s i ( u m /

[089] ur lr 1D expire time) ° i

[090] in which r is the system sub-private key acquired by the QSKD device in an initialization stage, U| D is the identifier information of the requester, expirejime is timestamp information, and S ur is the identity-based authorized sub- private key based on the identifier information of the requester.

[091] At step 204, the predetermined number of second QSKD devices share the authorized sub-private keys with the first QSKD device of the requester in accordance with a quantum key agreement. The quantum key agreement can be a redundancy transmission or on-demand retransmission agreement.

[092] At step 205, the first QSKD device of the requester reconstructs an identity-based authorized private key by using the threshold secret sharing mechanism in accordance with the acquired authorized sub-private keys.

[093] For example, the first QSKD device can reconstruct the identity-based authorized private key by using a reconstruction algorithm of the threshold secret sharing mechanism based on Lagrange interpolation and generate an identity-based signature certificate in accordance with the identity-based authorized private key.

[094] In some embodiments, the quantum key distribution method described in the foregoing example can be applied to a cloud computing network, so as to solve key security problems in cloud computing environments, trust problems of cloud users for cloud providers, problems of malicious administrators inside a cloud, and problems damaged or lost key. The method can be applied to a cloud computing data center (i.e., a cloud backbone network). For example, the request for acquiring an authorized private key can be initiated by a QSKD device connected with a cloud data center server, and the request carries identifier information of the QSKD device. The QSKD device acquires a predetermined number of authorized sub-private keys from other QSKD devices, and reconstructs an identity-based authorized private key by using a threshold secret sharing mechanism.

[095] In some embodiments, the system can further include a cloud user that accesses the system, and the cloud user can have his/her own QSKD device or rent a QSKD device in the system. When the cloud user that has a QSKD device needs to acquire an authorized private key, the cloud user can send a registration request to a QSKM device of the cloud computing data center through his/her own QSKD device, and the QSKM device generates and distributes corresponding identifier information for the QSKD device or the cloud user in accordance with the received request. The cloud user can then initiate a request for acquiring an authorized private key to the cloud computing data center through the QSKD device of the cloud user in accordance with data encryption demands thereof. The request can carry the aforementioned acquired identifier information. The QSKD device of the cloud user can receive a predetermined number of authorized sub-private keys from the QSKD devices of the cloud computing data center, and reconstruct an identity-based authorized private key by using a threshold secret sharing mechanism. The QSKD device of the cloud user can also generate an identity-based signature certificate.

[096] In some embodiments, when the cloud user that rents a QSKD device of the cloud computing data center needs to acquire an authorized private key, the cloud user can first send a registration request to a QSKM device of the cloud computing data center, and the QSKM device generates and distributes

corresponding identifier information to the cloud user. The cloud user can then initiate a request for acquiring an authorized private key to the cloud computing data center in accordance with data encryption demands thereof. The request can carry the aforementioned acquired identifier information. The QSKD device rented by the cloud user, in accordance with the predetermined number of authorized sub-private keys acquired from the cloud computing data center, reconstructs an authorized private key based on the identifier information of the cloud user by using a threshold secret sharing mechanism, generates a corresponding signature certificate, and stores the generated authorized private key and signature certificate locally, to allow the cloud user that serves as a tenant to access and use.

[097] Fig. 6 is a flow diagram illustrating a quantum key distribution method 300, according to another exemplary embodiment. Some of the steps may be optional. The steps of method 300 may be implemented before and lead to the step 201 of Fig. 5.

[098] At step 301 , a QSKM device generates a system private key.

[099] In some embodiments, the system private key may be preset and may also be generated by the QSKM device that executes this step in accordance with a random number generated by a quantum noise source, identifier information of the system and timestamp information. For example, the QSKM device can generate the system private key by using the following formula:

[0100] S = S T Θ (BN ro / expire_time)

[0101 ] in which S r is the random number generated by the quantum noise source, BN| D is the identifier information of the system, expire_time is timestamp information, and S is the identity-based system private key.

[0102] At step 302, the QSKM device splits the identity-based system private key into a plurality of system sub-private keys, i.e., the plurality of system sub-private keys in step 203 of Fig. 5. [0103] The QSKM device splits the identity-based system private key into the plurality of system sub-private keys in accordance with the threshold secret sharing mechanism. For example, the splitting is performed by using a secret sharing algorithm of a threshold secret sharing mechanism based on Lagrange interpolation.

[0104] At step 303, the QSKM device shares the plurality of system sub- private keys with a corresponding number of second QSKD devices.

[0105] In some embodiments, after the system private key is split into the plurality of system sub-private keys, the QSKM device shares the plurality of system sub-private keys with a corresponding number of second QSKD devices respectively in accordance with the quantum key agreement. In some embodiments, the quantum key agreement can be a redundancy transmission or on-demand retransmission agreement.

[0106] In some embodiments, in an initialization stage, in addition to completing the above basic processing, each device in the system can further execute the following initialization operations:

[0107] generating, by the QSKM device, an identity-based private key thereof and a corresponding signature certificate by using a random number generated by a quantum noise source, identifier information of the QSKM device and timestamp information;

[0108] receiving, by the QSKM device, a registration request from the first QSKD device or the QSKS device, and generating and distributing corresponding identifier information for the device that initiates the registration request; and

[0109] sharing, by the QSKM device, a random number generated by the quantum noise source and timestamp information with the first QSKD device or the QSKS device that initiates the registration request in accordance with the quantum key agreement, and generating, by the first QSKD device or the QSKS device that initiates the registration request, an identity-based private key in accordance with the acquired identifier information, the random number and the timestamp information. In some embodiments, the above described process in the initialization stage can be applied to some other or all QSKD and QSKS devices.

[01 10] In some embodiments, the initialization process described above may be executed only once, or be executed regularly for the sake of security. After the initialization operations are completed, the requester (for example, the first QSKD device) that needs to acquire the identity-based authorized private key can acquire the authorized private key with the method described above. In this step, the QSKS device receives a request for acquiring an authorized private key, the request at least carrying identifier information of a requester, for example, if the request is sent by the first QSKD device, the request carries an ID of the first QSKD device.

[011 1] Fig. 7 is a block diagram illustrating a quantum key distribution apparatus 400, according to an exemplary embodiment. The quantum key distribution apparatus of this example includes: a private key acquisition request receiver unit 401 , a private key acquisition request forwarding unit 402, one or more authorized sub-private key sharing units 403, and an authorized private key reconstruction unit 404.

[01 12] The private key acquisition request receiver unit 401 may be configured to receive a request for acquiring an authorized private key. The request may at least carry identifier information of a requester. The private key acquisition request forwarding unit 402 may be configured to forward the request to the predetermined number of quantum security key distribution devices. The authorized sub-private key sharing units 403 may be configured to generate, authorized sub- private keys based on the identifier information of the requester in accordance with pre-acquired system sub-private keys, and share the authorized sub-private keys with a quantum security key distribution device of the requester in accordance with quantum key agreement. The system sub-private keys may be obtained through splitting a system private key by using a threshold secret sharing mechanism. The authorized private key reconstruction unit 404 may be configured to reconstruct an identity-based authorized private key by using the threshold secret sharing mechanism in accordance with the acquired predetermined number of authorized sub-private keys.

[01 13] The private key acquisition request receiver unit 401 and the private key acquisition request forwarding unit 402 may belong to a QSKS device. The one or more authorized sub-private key sharing units 403 may belong to one or more QSKD devices. The authorized private key reconstruction unit 404 may belong to a QSKD device of an authorized private key requester.

[01 14] In some embodiments, the apparatus 400 may also include a system sub-private key splitting unit configured to split an identity-based system private key into a plurality of system sub-private keys in accordance with the threshold secret sharing mechanism. The apparatus 400 may also include a system sub-private key sharing unit configured to share the plurality of system sub-private keys with a corresponding number of QSKD devices in accordance with a quantum key agreement. The system sub-private key splitting unit and system sub-private key sharing unit may belong to a QSKM device.

[01 15] In some embodiments, the quantum key agreement adopted by the authorized sub-private key sharing unit and the system sub-private key sharing unit may be a quantum key agreement of redundancy transmission or on-demand retransmission.

[01 16] In some embodiments, the system sub-private key splitting unit may further include a system private key generation subunit, which is configured to generate the system private key in accordance with a random number generated by a quantum noise source, identifier information of the system, and timestamp information.

[01 17] In some embodiments, the system private key generation subunit is further configured to generate the system private key by using the following formula:

[01 18] ^ = ® (BN ro / expire_tim e)

[01 19] in which S r is the random number generated by the quantum noise source, BN| D is the identifier information of the system, expire_time is timestamp information, and S is the identity-based system private key.

[0120] In some embodiments, the apparatus 400 may further include a private key management unit that, before the private key request receiver unit receives the request, generates an identity-based private key and a corresponding signature certificate by using a random number generated by a quantum noise source, identifier information, and timestamp information.

[0121 ] In some embodiments, the apparatus 400 may further include the following units, which can be included in a QSKM device:

[0122] a registration request receiving unit, configured to, before the private key acquisition request 401 receiving unit is triggered, receive a registration request from the QSKD devices or the QSKS device, [0123] an identity information distribution unit configured to generate and distribute corresponding identifier information for the device that initiates the registration request, and

[0124] an information sharing unit configured to share a random number generated by a quantum noise source and timestamp information with the device that initiates the registration request in accordance with quantum key agreement.

[0125] In some embodiments, an exemplary QSKD device may initiate the request (i.e. being a requester) and may include:

[0126] a requester private key generating unit configured to generate an identity-based private key in accordance with the acquired identifier information, the random number, and the timestamp information;

[0127] In some embodiments, the apparatus 400 may further include:

[0128] an identity verification unit configured to, before the authorized sub- private key sharing unit is triggered, verify validity of the identity of the requester through the QSKM device; and if the requester does not pass the identity verification, to end operation of the apparatus.

[0129] In some embodiments, the authorized sub-private key sharing unit may be further configured to generate the authorized sub-private keys based on the identity of the requester in accordance with identifier information of the requester, the pre-acquired system sub-private keys, and timestamp information.

[0130] In some embodiments, the authorized sub-private key sharing unit may be further configured to generate the authorized sub-private keys based on the identity of the requester by using the following formula:

S„ = S: (u m /expire time)

[0131 ] " lr lu [0132] in which r is the system sub-private key, U| D is the identifier information of the requester, expire_time is a timestamp, and S ur is the authorized sub-private key based on the identity of the requester.

[0133] In some embodiments, the system sub-private key splitting unit may be further configured to split a system sub-private key obtained based on the system private key by using a secret sharing algorithm of a threshold secret sharing mechanism based on Lagrange interpolation, and correspondingly, the authorized private key reconstruction unit may be further configured to reconstruct the identity- based authorized private key by using a reconstruction algorithm of the threshold secret sharing mechanism based on Lagrange interpolation.

[0134] In some embodiments, the apparatus 400 may further include a signature certificate generating unit configured to, after the authorized private key reconstruction unit reconstructs the identity-based authorized private key, generate an identity-based signature certificate in accordance with the reconstructed identity-based authorized private key.

[0135] As will be understood by those skilled in the art, embodiments of the present disclosure may be embodied as a method, a system or a computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied in one or more computer available storage media (including but not limited to a magnetic disk memory, a CD-ROM, an optical memory and so on) containing computer available program codes. [0136] Embodiments of the present disclosure are described with reference to flow diagrams and/or block diagrams of methods, devices (systems) and computer program products according to embodiments of the present disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing devices to produce a machine, such that the instructions, which are executed via the processor of the computer or other programmable data processing devices, create a means for implementing the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams.

[0137] These computer program instructions may also be stored in a computer readable memory that can direct a computer or other programmable data processing devices to function in a particular manner, such that the instructions stored in the computer readable memory produce a manufactured product including an instruction means which implements the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams.

[0138] These computer program instructions may also be loaded onto a computer or other programmable data processing devices to cause a series of operational steps to be performed on the computer or other programmable devices to produce processing implemented by the computer, such that the instructions which are executed on the computer or other programmable devices provide steps for implementing the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams. [0139] In a typical configuration, a computer device includes one or more Central Processing Units (CPUs), an input/output interface, a network interface and a memory. The memory may include forms of a volatile memory, a random access memory (RAM) and/or non-volatile memory and the like, such as a read-only memory (ROM) or a flash RAM in a computer readable medium. The memory is an example of the computer readable medium.

[0140] The computer readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The computer readable medium includes non-volatile and volatile media, removable and nonremovable media, wherein information storage can be implemented with any method or technology. Information may be modules of computer readable instructions, data structures and programs or other data. Examples of a computer storage medium include, but are not limited to, a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), other types of random access memories (RAMs), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory or other memory technologies, a compact disc read-only memory (CD-ROM), a digital versatile disc (DVD) or other optical storage, a cassette tape, tape or disk storage or other magnetic storage devices or any other non-transmission media which may be used to store information capable of being accessed by a computer device. The computer readable medium is non-transitory, and does not include transitory media, such as modulated data signals and carrier waves. [0141] It will be further noted that the terms "comprises", "comprising" or any other variations are intended to cover non-exclusive inclusions, so as to cause a process, method, commodity or device comprising a series of elements to not only comprise those elements, but also comprise other elements that are not listed specifically, or also comprise elements that are inherent in this process, method, commodity or device. Therefore, the element defined by a sentence "comprising a..." does not preclude the presence of other same elements in the process, method, commodity or device including said elements under the condition of no more limitations.

[0142] When the embodiments are implemented by software, the software may be stored in the above-described computer-readable media. The software, when executed by the processor can perform the disclosed methods. The computing units and the other functional units described in this disclosure can be implemented by hardware, or software, or a combination of hardware and software. One of ordinary skill in the art will also understand that multiple ones of the above described modules/units may be combined as one module/unit, and each of the above described modules/units may be further divided into a plurality of sub-modules/sub- units.

[0143] The specification has described methods, apparatus, and systems for quantum key distribution. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. Thus, these examples are presented herein for purposes of illustration, and not limitation. For example, steps or processes disclosed herein are not limited to being performed in the order described, but may be performed in any order, and some steps may be omitted, consistent with disclosed embodiments. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.

[0144] While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments. Also, the words "comprising," "having," "containing," and "including," and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise.

[0145] It will be appreciated that the present invention is not limited to the exact construction that has been described above and illustrated in the

accompanying drawings, and that various modifications and changes can be made without departing from the scope thereof. It is intended that the scope of the invention should only be limited by the appended claims.