CROSS REFERENCE TO RELATED APPLICATION

[001] The present application is based on and claims the benefits of priority to Chinese Application No. 201510309787.4, filed June 8, 2015, the entire contents of which are incorporated herein by reference.

TECHNICAL FIELD

[002] The present application relates to methods, apparatus, and systems for quantum key output, storage, and consistency verification.

BACKGROUND

[003] To ensure security of data transmission, a data device of a sender usually uses an encryption algorithm for encryption, while a data device of a receiver uses a corresponding decryption algorithm to decrypt received data. Classical cryptography may provide a solution for secure transmission of data, but security of the classical cryptography is based on computation complexity, and with rapid advances of computing capability in cloud computing and quantum computing, the classical cryptography has a high risk of being cracked. Quantum cryptography being a cross product of quantum mechanics and cryptography, its security is ensured based on the principle of quantum mechanics (the uncertainty principle of unknown quantum states, the principle of collapse after measurement, and the principle of no-clone), and is unrelated to computing capabilities or storage capabilities of attackers, and thus, can provide secured data transmission. In addition, quantum keys, belonging to matching keys (matching may be

interchangeable with being the same in this disclosure), have a low computing cost for performing data encryption and decryption and a relatively high execution efficiency, and thus have become an ideal choice for secured data transmission.

[004] FIG. 1 is a schematic diagram of a quantum key output system in prior art. A basic process of using quantum keys to perform secret transmission of data includes: quantum key distribution devices located at a sender and a receiver negotiating quantum keys through a quantum key distribution protocol, and, in accordance with requirements of key management devices, providing quantum keys stored in the same address range to the corresponding key management devices; the key management devices of the sender and the receiver storing the received quantum keys by using the same address range, and, in accordance with key acquisition requests of corresponding data devices, outputting the quantum keys stored in the same address range to the data devices, and the data device of the sender performing encryption transmission on data to be sent by using an acquired quantum key, and the data device of the receiver decrypting the received data by using the acquired quantum key.

[005] During actual applications, the above-mentioned processing process may have the following problems:

[006] (1) when the quantum keys acquired by the quantum key distribution devices are sent to and written into the corresponding quantum key management devices, due to reasons such as network packet loss or errors occurring in writing of hard drive data, the quantum keys output by the key management devices of the sender and the receiver to the data devices of the sender and the receiver in accordance with the same storage address may be not the same, which is generally referred to as asymmetry or inconsistency, thereby causing the data device of the receiver not to perform a correct decryption operation and the correct original data not be acquired; and

[007] (2) when the number of times for the data devices of the sender and the receiver to acquire inconsistent quantum keys exceeds a preset threshold, the quantum key management devices of the sender and the receiver may need to empty all the acquired quantum keys, for example, by rebooting, which wastes the generated quantum keys.

SUMMARY

[008] One aspect of the present disclosure is directed to a method for quantum key output is disclosed. The method may be implemented by a first quantum key management device. The method may comprise obtaining a first key acquisition request from a first data device, acquiring a first quantum key from a first quantum key distribution device, according to the obtained first key acquisition request, storing the acquired first quantum key in a same management device address range as a corresponding second quantum key acquired by a second quantum key management device, performing a first consistency verification including determining whether the first quantum key is the same as the second quantum key, and sending the first quantum key to the first data device, if the first quantum key is determined to be the same as the second quantum key.

[009] Another aspect of the present disclosure is directed to a quantum key output system, comprising a first quantum key management device. The a first quantum key management device may be configured to obtain a first key acquisition request from a first data device of the quantum key output system, acquire a first quantum key from a first quantum key distribution device of the quantum key output system, according to the obtained first key acquisition request, store the acquired first quantum key in a same management device address range as a corresponding second quantum key acquired by a second quantum key management device of another quantum key output system, perform a first consistency verification including determining whether the first quantum key is the same as the second quantum key, and send the first quantum key to the first data device, if the first quantum key is determined to be the same as the second quantum key.

[010] Another aspect of the present disclosure is directed to a non-transitory computer-readable storage medium storing one or more programs. The one or more programs may comprises instructions which, when executed by a processor of a computer system including a first quantum key management device, cause the computer system to perform a method. The method may comprises obtaining a first key acquisition request from a first data device, acquiring a first quantum key from a first quantum key distribution device, according to the obtained first key acquisition request, storing the acquired first quantum key in a same management device address range as a corresponding second quantum key acquired by a second quantum key management device, performing a first consistency verification including determining whether the first quantum key is the same as the second quantum key, and sending the first quantum key to the first data device, if the first quantum key is determined to be the same as the second quantum key.

[011 ] Additional features and advantages of the present disclosure will be set forth in part in the following detailed description, and in part will be obvious from the description, or may be learned by practice of the present disclosure. The features and advantages of the present disclosure will be realized and attained by means of the elements and combinations particularly pointed out in the appended claims. [012] It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only, and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

[013] The accompanying drawings, which constitute a part of this

specification, illustrate several embodiments and, together with the description, serve to explain the disclosed principles.

[014] FIG. 1 is a schematic diagram of a quantum key output system in prior art.

[015] FIG. 2 is a flow diagram illustrating a method for quantum key output, according to an exemplary embodiment.

[016] FIG. 3 a flow diagram illustrating a quantum key output method based on a real-time acquisition mechanism, according to an exemplary embodiment.

[017] FIG. 4 is a flow diagram illustrating interactions among various devices based on the real-time acquisition mechanism, according to an exemplary embodiment.

[018] FIG. 5 is a flow diagram illustrating a quantum key output method based on a pre-acquiring mechanism, according to an exemplary embodiment.

[019] FIG. 6 is a flow diagram illustrating interactions among various devices based on the pre-acquiring mechanism, according to an exemplary embodiment.

[020] Fig. 7 is a block diagram illustrating a quantum key output apparatus, according to an exemplary embodiment.

[021] Fig. 8 is a flow diagram illustrating a quantum key acquisition method, according to an exemplary embodiment. [022] Fig. 9 is a block diagram illustrating a quantum key acquisition apparatus, according to an exemplary embodiment.

[023] Fig. 10 is a flow diagram illustrating a quantum key storage and output method, according to an exemplary embodiment.

[024] Fig. 11 is a block diagram illustrating a quantum key storage and output apparatus, according to an exemplary embodiment.

[025] Fig. 12 is a flow diagram illustrating a quantum key distribution and storage method, according to an exemplary embodiment.

[026] Fig. 13 is a block diagram illustrating a quantum key distribution and storage apparatus, according to an exemplary embodiment.

[027] Fig. 14 is a block diagram illustrating a quantum key output system, according to an exemplary embodiment.

[028] Fig. 15 is a flow diagram illustrating a method for verifying storage consistency of quantum keys, according to an exemplary embodiment.

[029] Fig. 16 is a block diagram illustrating an apparatus for verifying storage consistency of quantum keys, according to an exemplary embodiment.

DETAILED DESCRIPTION

[030] Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments consistent with the present invention do not represent all

implementations consistent with the invention. Instead, they are merely examples of systems and methods consistent with aspects related to the invention as recited in the appended claims.

[031] In this disclosure, a quantum key output method and apparatus, a quantum key acquisition method and apparatus, a quantum key storage and output method and apparatus, a quantum key distribution and storage method and apparatus, a quantum key output system and a method and apparatus for verifying storage consistency of quantum keys are provided respectively, which are described in detail in the following embodiments. Before the embodiments are described in detail, a brief description of various devices and processing flows is provided.

[032] Fig. 1 is a schematic diagram of a quantum key output system 100 in prior art. From the perspective of data encryption and decryption transmission, the quantum key output system may include two sides/parties (i.e., sender and receiver) symmetric to each other, in which one side including: a quantum key distribution device (QKD-A), a key management device (i.e., a quantum key management system device QKS-A), and a data device A, and the other side including: a quantum key distribution device (QKD-B), a key management device (QKS-B) and a data device B. The devices on each side and devices of the same types on the opposite side are mutually peer devices, and in order to facilitate description, this disclosure may refer to devices of either side as a sender or a receiver device, for example, quantum key distribution devices of the sender and the receiver, key management devices of the sender and the receiver and data devices of the sender and the receiver. Devices in the sender or the receiver side can also be respectively identified as first devices or second devices.

[033] The quantum key distribution (QKD) devices of the sender and the receiver may be configured to perform quantum key negotiations, the quantum key management system (QKS) devices of the sender and the receiver may be configured to store quantum keys acquired from the QKD devices and to output the acquired quantum keys to the data devices, and the data devices of the sender and the receiver may perform a corresponding data encryption or data decryption operation respectively by using the acquired quantum keys. Since a network transmission process between the QKD devices and the QKS devices may have packet losses and errors may occur to the QKS devices when storing the quantum keys, the quantum keys output to the data devices of the sender and the receiver by the QKS devices of the sender and the receiver may not match. In light of this, this disclosure discloses performing a consistency verification of the quantum keys between the QKS devices of the sender and the receiver, and sending quantum keys that pass the consistency verification to the data devices. Thus, from the

perspective of the QKS devices, the quantum keys output to the data devices of the sender and the receiver can be matching (i.e., symmetrical).

[034] The subsequent description below may expand from the system illustrated in Fig. 1. It should be noted that Fig. 1 is described from the perspective of outputting quantum keys. During actual implementations, each of the QKD devices of the sender and the receiver, each of the QKS devices of the sender and the receiver, and each of the data devices of the sender and the receiver may be connected via classical channels in wired, wireless, or other forms, to perform operations such as negotiations and data transmission, and corresponding connection relationships are not shown in the Fig. 1.

[035] Fig. 2 is a flow diagram illustrating a quantum key output method 200, according to an exemplary embodiment. Method 200 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 200. Method 200 and related steps described below may also be implemented by a first quantum key management device of a quantum key output system. Method 200 may include a number of steps, some of which may be optional:

[036] Step 201. Data devices of a sender and a receiver send key acquisition requests separately to respective key management devices.

[037] Step 202. The key management devices of the sender and the receiver, after receiving the key acquisition requests, send quantum keys that pass a consistency verification to the corresponding data devices, for the data devices to perform data encryption and decryption operations.

[038] In some embodiments, the data devices can acquire keys from the key management devices in real time (referred to as a real-time acquisition mechanism) or can pre-acquire quantum keys (referred to as a pre-acquiring mechanism). The real-time acquisition mechanism may include: the data device A and the data device B sending a request for acquiring a quantum key to respective QKS-A device and QKS-B device, and the QKS-A device and the QKS-B device, having pre-stored quantum keys passing consistency verification, outputting the quantum keys to the data device A and the data device B.

[039] The pre-acquiring mechanism may include: the data device A and the data device B sending a request for acquiring a quantum key to respective QKS-A device and QKS-B device, the QKS-A device and the QKS-B device, having no pre- stored quantum keys, forwarding the request to the QKD-A device and the QKD-B device respectively, the QKD-A device and the QKD-B device negotiating a quantum key pair for the data device A and the data device B through a quantum key distribution protocol and sending the quantum key pair to the QKS-A device and the QKS-B device, and the QKS-A device and the QKS-B device performing consistency verification on the stored quantum keys and sending quantum keys that pass the consistency verification to the data device A and the data device B.

[040] The above two quantum key acquisition mechanisms can perform consistency verification of quantum keys of the QKS-A device and the QKS-B device, for outputting matching quantum keys to the data device A and the data device B. The two implementation mechanisms are described below in exemplary embodiments, but it should be noted that all private information may be transmitted via a classical channel. For example, quantum key information can be encrypted by using a key agreed by two parties of communication. For another example, quantum keys acquired by the two parties of communication in a previous time can be used for encryption, and for the first transmission, a shared key preset by two parties of communication can be used for encryption.

[041] Fig. 3 is a flow diagram illustrating a quantum key output method 300 based on a real-time acquisition mechanism, according to an exemplary

embodiment. Correspondingly, Fig. 4 provides a flow diagram illustrating

interactions among various devices based on the real-time acquisition mechanism, according to the exemplary embodiment. Method 300 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 300. Method 300 may include a number of steps, some of which may be optional: [042] Step 301. The quantum key distribution devices of the sender and the receiver negotiate quantum keys through a quantum key distribution protocol, and store the quantum keys by using the same address range.

[043] The QKD-A device and the QKD-B device may negotiate matching quantum keys or two corresponding copies of a quantum key through a quantum key distribution protocol, e.g., a BB84 protocol, (this process may be referred to as a quantum key negotiation process), and store the quantum keys in the same address range of respective storage media. The storage media may include caches, magnetic disks, and so on. The same address range may be set by the QKD-A device and the QKD-B device through the negotiation. The same address range may also be determined, based on an address range used by the two devices to perform a storage operation in a previous time, in an accumulation mechanism in accordance with the number of quantum keys acquired by this negotiation, as long as the mechanism can ensure that the two devices store the quantum keys in the same address range.

[044] In some embodiments, in the process of storing the quantum keys, an abnormality such as a write data error may occur to the QKD-A device or the QKD-B device, causing the quantum keys stored in the same address range by the QKD-A device and the QKD-B device to mismatch. In one embodiment, the QKD-A device and the QKD-B device may verify consistency of the quantum keys stored in the same address range by the two devices, and take the quantum keys that pass consistency verification as quantum keys that can be sent to the key management devices.

[045] In some embodiments, hash values of the quantum keys stored in the same address range by the two parties can be compared. Consistency verification of quantum keys between the QKD devices or the QKS devices can be performed with the same method described below with respect to step 304.

[046] In some embodiments, it may be necessary to transmit the hash values of the quantum keys through network by using the above-described verification mechanism. If the hash values are intercepted by malicious hackers, security of the quantum keys may be breached. In light of this threat, verification based on a corresponding relationship between key labels and storage positions may be performed, for verifying consistency of the quantum keys between the QKD devices and/or between the QKS devices.

[047] In order to implement the implementation mechanism described in the preceding paragraph, the quantum keys negotiated and acquired by the QKD devices of the sender and the receiver through a quantum key distribution protocol may have a corresponding key label sequence, and each key label in the key label sequence may be a unique identification of a different quantum bit in the quantum keys. Moreover, the QKD devices of the sender and the receiver, after storing the quantum keys by using the same address range, may establish a one-to-one corresponding relationship between a storage address of each quantum bit and a key label.

[048] In some embodiments, timestamp information of each quantum bit can be used as its key label, and the timestamp information of each quantum bit can be acquired when the QKD devices of the sender and the receiver negotiate the quantum keys. For example, the process of negotiating the quantum keys performed by using a BB84 protocol may be based on clock synchronization, and each quantum key obtained through negotiation may have unique corresponding timestamp information. In addition, the timestamp information of each quantum bit may be different. Therefore, timestamp information of the quantum bits can be used as their key labels.

[049] Consistency verification of quantum keys between the QKD devices or the QKS devices can be performed with the same method based on key labels, described below with reference to step 304.

[050] If the QKD-B device determines, through the verification, that the quantum keys stored in the same address range by the two parties are different, the QKD-B device can transmit to the QKD-A device an acknowledgment indicating that verification is not passed, and the QKD-A device and the QKD-B device can clear the quantum keys stored in the same address range and negotiate quantum keys again through a quantum key distribution protocol. In some embodiments, the QKD- A device and the QKD-B device may not clear the quantum keys stored in the same address range, but may cover the quantum keys with new quantum keys acquired through a next quantum key negotiation and may write the new quantum keys in the same address range.

[051] As described above, the QKD devices may perform consistency verification each time after storing acquired quantum keys, and send quantum keys that pass the consistency verification to the corresponding QKS devices. If, subsequently, the QKS devices of the sender and the receiver determine that the quantum keys acquired from the corresponding QKD devices do not match with each other, the mismatch can be caused by a network transmission abnormality, such as, packet loss. Thus, the QKS devices of the sender and the receiver can acquire quantum keys from the corresponding QKD devices again, without emptying all quantum keys stored in the QKD-A device and the QKD-B device, e.g., by rebooting. This method can reduce a waste of quantum keys that have been acquired by the QKD devices.

[052] In some embodiments, to further improve consistency of the quantum keys stored by the QKD-A device and the QKD-B device, consistency of the quantum keys stored in the same address range by the QKD-A device and the QKD- B device can be regularly verified in accordance with a preset time interval.

[053] In addition, the QKD-A device and the QKD-B device, after acquiring quantum keys through a quantum key negotiation process and storing the quantum keys in the same address range, may further send a notification to the corresponding QKS devices, for the QKS devices to use as a reference when sending key acquisition requests. The notification may include the number of quantum keys currently stored.

[054] Step 302. The key management devices of the sender and the receiver send the key acquisition requests separately to the respective quantum key distribution devices.

[055] The QKS-A device and the QKS-B device can negotiate length information of the quantum keys acquired from respective QKD devices in advance, and send the key acquisition requests that carry the length information to the respective QKD devices.

[056] Step 303. The quantum key distribution devices of the sender and the receiver send the quantum keys stored in the same address range to the

corresponding key management devices.

[057] After receiving the key acquisition requests and in accordance with the key length information carried in the requests, the QKD-A device and the QKD-B device can determine an address range from which quantum keys are extracted for the QKS devices through negotiation, and can then extract the quantum keys in accordance with the negotiated address range and send the quantum keys to the corresponding key management devices.

[058] If, in step 301 , a consistency verification of quantum keys is performed between the QKD-A device and the QKD-B device, in this step, the QKD-A device and the QKD-B device can determine an address range from which quantum keys that pass the consistency verification are extracted for the corresponding QKS devices through negotiation, and can then extract the quantum keys in accordance with the same address range negotiated and send the quantum keys to the corresponding QKS devices.

[059] If the QKS-A device and the QKS-B device, in step 304, need to perform a consistency verification of quantum keys through key labels, in this step, the QKD-A device and the QKD-B device, while sending the quantum keys to the corresponding QKS devices, may also send a key label sequence of the quantum keys.

[060] Step 304. The key management devices of the sender and the receiver store the received quantum keys in the same address range, and verify consistency of the quantum keys stored in the same address range.

[061] The QKS-A device and the QKS-B device may store the received quantum keys in the same address range. The same address range may be set by the QKS-A device and the QKS-B device through a negotiation. Based on the address range used by the two parties to perform a storage operation in the previous time, the QKS-A device and the QKS-B device may also determine the same address range in an accumulation mechanism in accordance with the number of quantum keys acquired by this negotiation, as long as the two parties store the quantum keys in the same address range.

[062] Verifying, by the QKS-A device and the QKS-B device, consistency of the quantum keys stored in the same address range by the two parties can be implemented by many mechanisms, and several exemplary mechanisms are listed below.

[063] 1) The consistency verification can be implemented by comparing hash values of the quantum keys stored in the same address range by the two parties.

[064] In some embodiments, the QKS-A device may calculate a hash value of a quantum key stored in the address range by using a preset hash algorithm, encrypt the hash value and information of the address range by using the quantum keys that pass consistency verification and that acquired by the two parties in the previous time, and send the encrypted information to the other party. The QKS-B device, after receiving the information sent by the QKS-A device, may acquire the information of the address range after performing decryption by using the

corresponding keys, calculate a hash value of quantum keys stored in a local corresponding address range by using the preset hash algorithm, and determine whether the hash value obtained through the calculation is the same as the received hash value. If the determination indicates that they are the same, the QKS-B device may return a verification passing acknowledgement to the QSK-A, and otherwise, return an acknowledgment indicating that the verification is not passed.

[065] In some embodiments, the information of the address range sent by the QKS-A device to the QKS-B device may include a head address and a tail address of the address range, and may also include a head address and a range length, or a head address and the length of quantum keys of which the consistency is to be verified, as long as the QKS-B device can determine a specific address range based on the received information. The preset hash algorithm may include SHA-1 , SHA-2, or SHA-3, and other possible hash algorithms, as long as the QKS-A device and the QKS-B device use the same hash algorithm. For security of the transmission process, the QKS-A device may encrypt information to be sent by using the quantum keys that are acquired by the QKS-A device and the QKS-B device in the previous time and that pass consistency verification. If the consistency verification is performed for the first time, a shared key preset by the two parties can be used for encryption, and the corresponding QKS-B device may also use the shared key preset for decryption. In some embodiments, the QKS-A device may initiate a verification process, and the QKS-B device may return a verification acknowledgement. In some other embodiments, the QKS-B device may initiate the verification process. Various changes about the implementation mechanisms described above may also be suitable for embodiments described below.

[066] 2) The consistency verification can be implemented by a first mechanism based on a corresponding relationship between key labels and storage positions of quantum bits.

[067] In order to avoid the potential safety issues caused by the hash values of quantum keys to be verified being intercepted in the process of transmission, a implementation mechanism of performing consistency verification may include using a characteristic that a key label can uniquely identify a quantum bit and a

corresponding relationship between key labels and storage positions. By use of this implementation mechanism, information acquired from corresponding QKD devices by the QKS-A device and the QKS-B device may not only include quantum keys, but also a key label sequence of the quantum keys, and each key label in the key label sequence may be a unique identification of a quantum bit in the quantum keys. The QKS-A device and the QKS-B device, after storing received quantum keys in the same address range, may establish a one-to-one corresponding relationship between a storage address of each quantum bit and a key label.

[068] A key label sequence of a quantum key to be verified on the side of the QKS-A device can be denoted as Labi , an address sequence including the storage addresses of all quantum bits in the quantum key to be verified can be denoted as Locatel , hash( ) may represent a preset hash algorithm, and information in { } may represent encrypted data. The QKS-A device and the QKS-B device can verify consistency of the quantum keys stored in the same address range by the two parties in a mechanism as follows:

[069] the QKS-A device may calculate a hash value of Labi by using a preset hash algorithm, encrypt the hash value and the Locatel by using the quantum keys acquired by the two parties in the previous time and that pass consistency verification, and send encrypted information to the QKS-B device, i.e., the QKS-A device may send the following information to the QKS-B device: Verify-A =

{hash(Labl ), Locatel }; and

[070] the QKS-B device, after using a corresponding key to decrypt the received information, may acquire a hash value and an address sequence, acquire a corresponding key label sequence locally in accordance with the address sequence, calculates a hash value of the acquired key label sequence by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return a verification passing acknowledgement to the QKS-A device if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same. [071] In some embodiments, the above mechanism can be adjusted. For example, the QKS-A device may send Verify-A= {hash(Locate1 ), Labi } to the QKS-B device, and correspondingly, the QKS-B device may acquire a corresponding address sequence locally in accordance with the received key label sequence, and determine whether the consistency verification is passed by using the same mechanism of determining and comparing hash values.

[072] 3) The consistency verification can be implemented by a second mechanism based on a corresponding relationship between key labels and storage positions of quantum bits.

[073] The above may illustrate one mechanism of performing consistency verification based on a corresponding relationship between key labels and storage positions of quantum bits, and another mechanism, which may still be based on the description mechanism agreed in the above mechanism, of performing consistency verification based on the above corresponding relationship can be illustrated as follows:

[074] the QKS-A device may calculate a hash value of a character string formed by concatenation of the Labi and the Locatel by using a preset hash algorithm, encrypt the hash value and the Locatel by using the quantum keys acquired by the two parties in the previous time and that pass consistency verification, and send encrypted information to the QKS-B device, e.g., the QKS-A device may send the following information to the QKS-B device: Verify-A =

{hash(Lab1 , Locatel ), Locatel}; and

[075] the QKS-B device, after using a corresponding key to decrypt the received information, may acquire a hash value and an address sequence, acquire a corresponding key label sequence locally in accordance with the address sequence, calculate a hash value of a character string formed by concatenation of the key label sequence and the address sequence by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return a verification passing acknowledgement to the QKS-A device if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same.

[076] In some embodiments, the above mechanism can be adjusted. For example, the QKS-A device may send Verify-A= {hash(Lab1 , Locate ^" !), Labi} to the QKS-B device, and correspondingly, the QKS-B device may acquire a corresponding address sequence locally in accordance with the received key label sequence, and determine whether consistency verification is passed by using the same mechanism of determining and comparing hash values.

[077] Three mechanisms of verifying consistency of the quantum keys stored in the same address range by the QKS-A device and the QKS-B device have been described above. The first mechanism of the three can be relatively simple and does not need to use key labels, but may have certain potential safety hazard. The second and third mechanisms can be relatively more complicated, and may establish a corresponding relationship between key labels and storage positions of quantum bits, and thus, it may not be necessary to transmit quantum key information on the network. Instead, whether the address sequences of the quantum bits stored by the devices of the two parties and the corresponding key label sequences are both the same can be verified. If they are the same, it can prove that the quantum keys stored in the same address range by the devices of the two parties are the same, i.e., consistency verification is passed. [078] If the QKS-A device and the QKS-B device, after performing the consistency verification, find that the quantum keys stored in the same address range by the two parties are not the same, i.e., the quantum keys fail to pass the consistency verification, the QKS-A device and the QKS-B device can clear the quantum keys stored in the same address range, and perform step 302 to acquire quantum keys from respective QKD devices once again. In some embodiments, the QKS-A and the QKS-B device may not clear the quantum keys stored in the same address range, but cover the quantum keys with new quantum keys acquired from the respective QKD devices during a second time and write the new quantum keys in the same address range.

[079] The QKS devices of the sender and the receiver, each time after storing the quantum keys acquired from the respective QKD devices, may perform consistency verification and, each time when quantum keys are output to the corresponding data devices, may select quantum keys from the quantum keys that pass the consistency verification. If, subsequently, the data devices of the sender and the receiver determine that the quantum keys acquired from the corresponding QKS-A device are not consistent with each other, the inconsistency may be caused by a network transmission abnormality, for example, packet losses. Thus, the data devices of the sender and the receiver can acquire quantum keys from the corresponding QKS devices once again without emptying all quantum keys stored in the QKS-A device and the QKS-B device in a mechanism such as reboot, to avoid wasting the acquired quantum keys.

[080] The three mechanisms of verifying consistency of quantum keys for the QKS-A and the QKS-B device may also be applied in consistency verification of quantum keys between the QKD-A and the QKD-B device. In some embodiments, other mechanisms different from the above mechanisms may also be adopted, as long as the mechanisms can verify consistency of quantum keys stored in the same address range by devices of the two parties, and do not depart from the core of the disclosure and will fall within the scope of the disclosure.

[081] Step 305. The data devices of the sender and the receiver send key acquisition requests separately to the respective key management devices.

[082] The data device A and the data device B can negotiate in advance to request for acquiring lengths of the quantum keys from the QKS devices, and send quantum key acquisition requests to the respective QKS devices, the request carrying information of the lengths.

[083] Step 306. The key management devices of the sender and the receiver, after receiving the key acquisition requests, select quantum keys stored in the same address range from quantum keys that pass consistency verification, and send the quantum keys to the corresponding data devices.

[084] The QKS-A device and the QKS-B device, after receiving the key acquisition requests sent by the corresponding data devices, can determine, based on key length information carried in the request, an address range from which the quantum keys that pass consistency verification are output to the data devices, through a negotiation, and send quantum keys in the negotiated same address range to the corresponding data devices.

[085] The QKS-A device and the QKS-B device may output quantum keys that pass consistency verification to respective corresponding data devices, so that the data device A and the data device B can perform corresponding encryption and decryption operations by using the received quantum keys on data for secret transmission. [086] In some embodiments, in consideration of possible packet losses in the process of transmission between the QKS devices and the corresponding data devices, consistency verification of quantum keys between data devices may be performed. For example, after the QKS devices of the sender and the receiver send quantum keys to the corresponding data devices, the data device A and the data device B may verify consistency of acquired quantum keys and use quantum keys that pass the consistency verification as keys for the data encryption and decryption operations.

[087] Verifying, by the data device A and the data device B, consistency of quantum keys acquired by the two parties may be implemented be many

mechanisms, and two of them are described below.

[088] 1) Consistency verification is implemented by comparing hash values of the quantum keys acquired by the two parties.

[089] The data device A may calculate a hash value of the quantum keys acquired by using a preset hash algorithm, encrypt the hash value using the quantum keys acquired by the two parties in the previous time and that pass consistency verification, and send encrypted information to the data device B. The data device B, after decrypting the received information by using a corresponding key, may calculate a hash value of locally acquired quantum keys by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return an acknowledgment indicating that the verification is passed to the data device A if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same. [090] 2) Consistency verification is implemented by using a corresponding relationship between quantum keys and key label sequences.

[091] By this verification mechanism, the information sent by the QKS devices of the sender and the receiver to the corresponding data devices may not only include quantum keys, but also a key label sequence of the quantum keys. A quantum key received by the data device A can be denoted as Key1 , a

corresponding key label sequence can be denoted as Labi , hash( ) may represent a preset hash algorithm, and information in { } may be encrypted data. The data device A and the data device B, after receiving quantum keys and key label sequences sent by the respective QKS devices, may perform the following operations to implement consistency verification of the quantum keys:

[092] the data device A may calculate a hash value of a character string formed by concatenation of the quantum key Key1 and the key label sequence Labi by using a preset hash algorithm, encrypt the hash value and the key label sequence Labi by using the quantum keys acquired by the two parties in the previous time and that pass consistency verification, and send encrypted information to the data device B, i.e., the data device A may send the following information to the data device B: Verify-A = {hash(Key1 , Labi ), Labi}; and

[093] the data device B, after using a corresponding key to decrypt the received information, may acquire a corresponding quantum key locally in accordance with the acquired key label sequence, calculate a hash value of a character string formed by concatenation of the quantum key and the key label sequence by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return a verification passing acknowledgement to the data device A if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same.

[094] If the data device A and the data device B, after performing the consistency verification, determine that the quantum keys acquired by the two parties are not the same, i.e., the quantum keys fail to pass the consistency verification, the data device A and the data device B can give up the quantum keys acquired this time, and perform step 305 to send key acquisition requests to the respective QKS devices separately again.

[095] Since the quantum keys output to the data devices by the QKS devices are all quantum keys stored by the QKS devices and have passed consistency verification, and if the quantum keys acquired by the data devices of the sender and the receiver are not consistent with each other, it can be caused by a network transmission abnormality, for example, packet loss. In this case, it may not be necessary to empty all quantum keys stored in the QKS-A device and the QKS-B device in a mechanism such as reboot, to avoid wasting acquired quantum keys.

[096] The flow of using a real-time acquisition mechanism has been described through step 301 to step 306. To improve security, all data interaction in a classical channel in the above processing flow can be carried out based on HTTPS connection, and digital certificates used by the various devices participating in the interaction in the authentication process can be issued by a trusted third party.

Before each two devices carry out data interaction, two-way identity authentication can be performed in advance, for example, in a mechanism such as using a preset digital certificate, and the process of data interaction may begin after the two parties both pass the identity authentication of the opposite party. [097] A real-time acquisition mechanism has been described, and the following describes implementing a pre-acquiring mechanism. Fig. 5 is a flow diagram illustrating a quantum key output method 500 based on a pre-acquiring mechanism, according to an exemplary embodiment. Correspondingly, Fig. 6 provides a flow diagram illustrating interactions among various devices based on the pre-acquiring mechanism, according to an exemplary embodiment. Method 500 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 500. Method 500 may include the following steps:

[098] Step 501. Data devices of a sender and a receiver send key acquisition requests separately to respective key management devices.

[099] Step 502. The key management devices of the sender and the receiver send the key acquisition requests separately to respective quantum key distribution devices.

[0100] Since the QKS devices of the sender and the receiver do not store quantum keys that pass consistency verification in advance, the QKS devices may forward the received requests to the respective QKD devices.

[0101] Step 503. The quantum key distribution devices of the sender and the receiver negotiate quantum keys through a quantum key distribution protocol, and store the quantum keys by using the same address range.

[0102] Step 504. The quantum key distribution devices of the sender and the receiver send the quantum keys stored in the same address range to the

corresponding key management devices. [0103] Step 505. The key management devices of the sender and the receiver store the received quantum keys in the same address range, and verify consistency of the quantum keys stored in the same address range by the two parties.

[0104] Step 506. The key management devices of the sender and the receiver select the quantum keys stored in the same address range from the quantum keys that pass consistency verification, and send the selected quantum keys to the corresponding data devices.

[0105] The difference between the pre-acquiring mechanism and the real-time acquisition mechanism may include interaction processes between various devices. In the pre-acquiring mechanism, the QKS devices of the sender and the receiver may not pre-store quantum keys that pass consistency verification like the real-time acquisition mechanism, but may, after receiving the key acquisition requests of the data devices, acquire quantum keys from the corresponding QKD devices, perform consistency verification of the quantum keys, and then send quantum keys that pass the consistency verification to the data devices.

[0106] In some embodiments, the pre-acquiring mechanism may share many similar steps with the real-time acquisition mechanism, i.e., the QKS devices of the sender and the receiver need to verify consistency of the quantum keys stored in the same address range by the two parties, to ensure that keys output to the data devices match with each other. Further, the QKD devices of the sender and the receiver may also perform consistency verifications on the quantum keys stored, and the data devices of the sender and the receiver may also perform consistency verifications on the quantum keys received. Exemplary embodiments can be related to the related description of the real-time acquisition mechanism. [0107] In some embodiments, one of the real-time acquisition mechanism and the pre-acquiring mechanism can be used, or the two mechanisms can be combined for implementation. For example, the QKS devices of the sender and the receiver can generally pre-store quantum keys that pass consistency verification and output quantum keys in accordance with demands of the corresponding data devices.

When the data devices have a demand for a greater quantity of the quantum keys, the QKS devices of the sender and the receiver can change to the pre-acquiring mechanism if determining that there are no pre-stored keys available for output.

[0108] The quantum key output method, as the key management devices of the sender and the receiver perform consistency verification on quantum keys stored in the same address range, can improve synchronicity and usefulness of quantum keys output by a quantum key output system, i.e., the quantum keys output to the data devices can all be the same and matching, thereby providing security for correct execution of the data encryption and decryption process. In particular, even if the quantum keys acquired by the sender and the receiver of the data do not matching (for example, caused by a poor network transmission), it is not necessary to empty quantum keys stored by the key management devices of the sender and the receiver, so that wasting quantum key resources can be prevented.

[0109] Fig. 7 is a block diagram illustrating a quantum key output apparatus 700, according to an exemplary embodiment. References can be made to the corresponding description in the embodiments described above. The apparatus embodiment described below is merely schematic.

[0110] Apparatus 700 may include: a data device key request unit 701 configured to send key acquisition requests separately to respective key

management devices. The data device key request unit 701 may be implemented in the data devices of a sender and a receiver. Apparatus 700 may further include a management device key output unit 702 configured to send, after receiving the key acquisition requests, quantum keys acquired from corresponding quantum key distribution devices and that pass consistency verification performed by the key management devices of the sender and the receiver to the corresponding data devices, to allow the corresponding data devices to perform data encryption and decryption. The management device key output unit 702 may be implemented in the key management devices of the sender and the receiver.

[0111] Apparatus 700 may also include a distribution device key negotiation and verification unit.

[0112] The distribution device key verification unit may be configured to, after quantum keys negotiated and acquired through a quantum key distribution protocol are stored in the same address range, verify consistency of the quantum keys stored in the same address range by the two parties, and take quantum keys that pass consistency verification as quantum keys for the corresponding key management devices to acquire. The distribution device key verification unit may be implemented in the quantum key distribution devices corresponding to the key management devices of the sender and the receiver.

[0113] Apparatus 700 may also include a distribution device key negotiation unit, a management device key request unit, a distribution device key sending unit, and a management device key verification unit. The negotiation unit, request unit, sending unit, and verification unit may be started before the data device key request unit starts to operate.

[0114] The distribution device key negotiation unit may be configured to negotiate quantum keys through a quantum key distribution protocol, and store, by the quantum key distribution devices of the sender and the receiver, the quantum keys by using the same address range. The distribution device key negotiation unit may be implemented in the quantum key distribution devices of the sender and the receiver.

[0115] The management device key request unit may be configured to send key acquisition requests to the respective quantum key distribution devices. The management device key request unit may be implemented in the key management devices of the sender and the receiver.

[0116] The distribution device key sending unit may be configured to send the quantum keys stored in the same address range to the corresponding key management devices. The distribution device key sending unit may be implemented in the quantum key distribution devices of the sender and the receiver,

[0117] The management device key verification unit may be configured to store the received quantum keys in the same address range, and verify consistency of the quantum keys stored in the same address range by the two parties. The management device key verification unit may be implemented in the key

management devices of the sender and the receiver.

[0118] Correspondingly, the management device key output unit may be configured to, after the key management devices of the sender and the receiver receive the key acquisition requests, select the quantum keys stored in the same address range from the quantum keys that pass consistency verification, and send the selected quantum keys to the corresponding data devices.

[0119] Apparatus 700 may also include:

[0120] a management device key request forwarding unit configured to, after the data device key request unit receives the key acquisition requests, send the key acquisition requests separately to the respective quantum key distribution devices (the management device key may be implemented in the key management devices of the sender and the receiver).

[0121] the distribution device key negotiation unit configured to negotiate quantum keys through a quantum key distribution protocol, and store the quantum keys by using the same address range (the distribution device key negotiation unit may be implemented in the quantum key distribution devices of the sender and the receiver).

[0122] a distribution device key sending unit configured to send the quantum keys stored in the same address range to the corresponding key management devices (the distribution device key sending unit may be implemented in the quantum key distribution devices of the sender and the receiver), and

[0123] a management device key verification unit configured to store the received quantum keys in the same address range, and verify consistency of the quantum keys stored in the same address range by the two parties. The

management device key verification unit may be implemented in the key

management devices of the sender and the receiver.

[0124] Correspondingly, the management device key output unit may be configured to select the quantum keys stored in the same address range from the quantum keys that pass consistency verification, and send the selected quantum keys to the corresponding data devices. The management device key output unit may be implemented in the key management devices of the sender and the receiver.

[0125] Apparatus 700 may also include:

[0126] a management device key clearing unit configured to, when a verification result of the management device key verification unit is that the verification is not passed, clear the verified quantum keys stored in the same address range, and trigger the unit to send key acquisition requests to the respective quantum key distribution devices to operate. The management device key clearing unit may be implemented in the key management devices of the sender and the receiver.

[0127] Apparatus 700 may also include:

[0128] a distribution device key verification unit configured to, after the distribution device key negotiation unit completes the process of negotiating quantum keys and stores the quantum keys by using the same address range, verify consistency of the quantum keys stored in the same address range by the two parties, and take quantum keys that pass consistency verification as quantum keys that can be sent to the key management devices. The distribution device key verification unit may be implemented in the quantum key distribution devices of the sender and the receiver.

[0129] Apparatus 700 may also include:

[0130] a distribution device key clearing unit configured to, when a verification result of the distribution device key verification unit is that the verification is not passed, clear the verified quantum keys stored in the same address range, and trigger the distribution device key negotiation unit to operate. The distribution device key clearing unit may be implemented in the quantum key distribution devices of the sender and the receiver.

[0131] The distribution device key verification unit and the management device key verification unit may respectively include a verification request subunit and a verification execution subunit. [0132] The verification request subunit may be configured to, calculate a hash value of quantum keys stored in the address range by using a preset hash algorithm, encrypt the hash value and information of the address range by using the quantum keys acquired by the devices of the two parties participating in verification in the previous time and that pass consistency verification, and send the encrypted information to the device of the other party participating in verification. The verification request subunit may be implemented in the device of one party participating in verification.

[0133] The verification execution subunit may be configured to, after the device of the other party decrypts the received information by using a corresponding key, acquire the information of the address range, calculate a hash value of quantum keys stored in a local corresponding address range by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return a verification passing acknowledgement to the device of the opposite party participating in verification if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same.

[0134] Apparatus 700 may also include:

[0135] a data device key verification unit configured to, after the management device key output unit sends the quantum keys to the corresponding data devices, verify consistency of the received quantum keys, and take quantum keys that pass consistency verification as keys used by performing data encryption and decryption operations. The data device key verification unit may be implemented in the data devices of the sender and the receiver. [0136] The quantum keys negotiated and acquired by the distribution device key negotiation unit through a quantum key distribution protocol may have a corresponding key label sequence.

[0137] Correspondingly, in addition to including body subunits that implement functions, the distribution device key negotiation unit may further includes a mapping relationship establishment subunit, in which the mapping relationship establishment subunit may be configured to establish a one-to-one corresponding relationship between a storage address of each quantum bit and a key label.

[0138] The information sent to the management device key verification unit by the distribution device key sending unit may not only include quantum keys, but also a key label sequence corresponding to the quantum keys.

[0139] In addition to including a storage subunit and a management device key verification subunit, the management device key verification unit may also include a mapping relationship establishment subunit. The storage subunit may be configured to store the received quantum keys in the same address range. The mapping relationship establishment subunit may be configured to establish a one-to- one corresponding relationship between a storage address of each quantum bit and a key label, and trigger the management device key verification subunit to operate. The management device key verification subunit may be configured to verify consistency of quantum keys stored in the same address range by the two parties. The storage subunit may be implemented in the key management devices of the sender and the receiver.

[0140] The distribution device key verification unit and the management device key verification subunit may respectively include a label verification request subunit and a label verification execution subunit. [0141] The label verification request subunit may be configured to calculate a hash value of a character string formed by concatenation of the key label sequence of the quantum keys and an address sequence made up of the storage address of each quantum bit in the quantum keys by using a preset hash algorithm, encrypt the hash value and the address sequence or encrypt the hash value and the key label sequence by using the quantum keys acquired by the devices of the two parties participating in verification in the previous time and that pass consistency verification, and send encrypted information to the device of the other party participating in verification. The label verification request subunit may be implemented in the device of one party participating in the verification process.

[0142] The label verification execution subunit may be configured to, after the device of the other party receives the encrypted information, use a corresponding key for decryption, acquire a corresponding key label sequence locally in accordance with an extracted address sequence or acquire a corresponding address sequence locally in accordance with an extracted key label sequence, calculate a hash value of a character string formed by concatenation of the key label sequence and the address sequence by using the preset hash algorithm, determine whether the hash value obtained through calculation is the same as the received hash value, return a verification passing acknowledgement to the device of the opposite party

participating in verification if they are the same, and return an acknowledgment indicating that the verification is not passed if they are not the same.

[0143] A quantum key acquisition method implemented on a data device that encrypts and decrypts data by using quantum keys is disclosed. Fig. 8 is a flow diagram illustrating a quantum key acquisition method 800, according to an exemplary embodiment. Parts of this embodiment of which contents are similar to those of the embodiments described above are no longer repeated, and the following focuses on the differences. Method 800 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 800. Method 800 may include:

[0144] Step 801. A key acquisition request is sent to a key management device.

[0145] Step 802. Quantum keys that pass consistency verification and that sent by the key management device are received, for performing data encryption and decryption.

[0146] After the quantum keys that pass consistency verification and sent by the key management device are received, consistency of acquired quantum keys and quantum keys acquired by a peer data device can be further verified, and quantum keys that pass the consistency verification can be used as keys for performing data encryption and decryption.

[0147] If it is found through the verification process that the acquired quantum keys are not consistent with the quantum keys acquired by the peer data device, step 801 can be performed to send a quantum key acquisition request to the key management device once again.

[0148] In view of the above, a quantum key acquisition method is disclosed, and correspondingly, a quantum key acquisition apparatus is disclosed below. Fig. 9 is a block diagram illustrating a quantum key acquisition apparatus 900, according to an exemplary embodiment. Apparatus 900 described below is merely schematic. [0149] Apparatus 900 can be deployed on a data device that encrypts and decrypts data by using quantum keys. Apparatus 900 may include: a key acquisition request sending unit 901 configured to send a key acquisition request to a key management device; and a matching key receiving unit 902 configured to receive quantum keys that pass consistency verification sent by the key management device, to serve as keys adopted for performing data encryption and decryption.

[0150] In addition, a quantum key storage and output method, implemented on a key management device that provides quantum keys for a data device, is disclosed. Fig. 10 is a flow diagram illustrating a quantum key storage and output method 1000, according to an exemplary embodiment. The parts of this

embodiment similar to embodiments described above are no longer repeated, and the following focuses on their differences. Method 1000 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 1000. Method 1000 may include:

[0151] Step 1001. A quantum key acquisition request sent by a data device is received.

[0152] If the mechanism of acquiring quantum keys in real time is adopted, the following operations can be performed prior to step 1001 :

[0153] 1) sending a key acquisition request to a quantum key distribution device;

[0154] 2) receiving quantum keys sent by the quantum key distribution device, and storing the quantum keys by using an address range the same as that of the peer key management device; and [0155] 3) verifying consistency of the quantum keys stored in the address range and the quantum keys stored in the same address range by the peer key management device, and taking quantum keys that pass consistency verification as quantum keys that can be sent to the data device.

[0156] Step 1002. In accordance with the same address range negotiated with a peer key management device, quantum keys that pass consistency verification are sent to the data device.

[0157] If a mechanism of pre-acquiring quantum keys is adopted, the following operations can be performed after step 1001 and prior to step 1002:

[0158] 1 ) sending the key acquisition request to a quantum key distribution device;

[0159] 2) receiving quantum keys sent by the quantum key distribution device, and storing the quantum keys by using an address range the same as that of the peer key management device; and

[0160] 3) verifying consistency of the quantum keys stored in the address range and the quantum keys stored in the same address range by the peer key management device.

[0161] In some embodiments, regardless of whether the real-time acquisition mechanism or the pre-acquiring mechanism is adopted, if, after consistency verification, it is found that the quantum keys stored in the address range are not consistent with the quantum keys stored in the same address range by the peer management device, the quantum keys stored in the address range may be cleared and key acquisition requests to the quantum key distribution devices may be sent once again. [0162] A quantum key storage and output method is disclosed, and

correspondingly, a quantum key storage and output apparatus is disclosed below. Fig. 11 is a block diagram illustrating a quantum key storage and output apparatus 1100, according to an exemplary embodiment. Apparatus 1100 described below is merely schematic.

[0163] Apparatus 1100, deployed on a key management device that provides quantum keys for a data device, may include: a key acquisition request receiving unit 1101 configured to receive a quantum key acquisition request sent by a data device; and a matching key output unit 1102 configured to send, in accordance with the same address range negotiated with a peer key management device, quantum keys that pass consistency verification to the data device.

[0164] In addition, a quantum key distribution and storage method is disclosed, and the method may be implemented on a quantum key distribution device. Fig. 12 is a flow diagram illustrating a quantum key distribution and storage method 1200, according to an exemplary embodiment. The parts of this

embodiment similar to embodiments described above are not repeated, and the following focuses on the differences. Method 1200 may be implemented by a non- transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 1200. Method 1200 may include:

[0165] Step 1201. Quantum keys are negotiated with a peer quantum key distribution device through a quantum key distribution protocol, and acquired quantum keys are stored in an address range the same as that of the peer quantum key distribution device. [0166] Step 1202. Consistency of the quantum keys stored in the address range and quantum keys stored in the same address range by the peer quantum key distribution device is verified.

[0167] Step 1203. In accordance with a quantum key acquisition request from a key management device, quantum keys that pass consistency verification are sent to the key management device according to the same address range negotiated with the peer quantum key distribution device.

[0168] If, after consistency verification is performed in step 1202, it is found that the quantum keys stored in the address range are not consistent with the quantum keys stored in the same address range by the peer quantum key

distribution device, the quantum keys stored in the address range may be cleared and step 1201 may be performed.

[0169] If the mechanism of acquiring quantum keys in real time is adopted, the key acquisition request from the key management device may be received after step 1202. If the pre-acquiring mechanism is adopted, the request may be received prior to step 1201.

[0170] A quantum key distribution and storage method is disclosed, and correspondingly, a quantum key distribution and storage apparatus is disclosed. Fig. 13 is a block diagram illustrating a quantum key distribution and storage apparatus 1300, according to an exemplary embodiment. Apparatus 1300 described below is merely schematic.

[0171] Apparatus 1300 may be implemented on a quantum key distribution device and may include: a key distribution and storage unit 1301 configured to negotiate quantum keys with a peer quantum key distribution device through a quantum key distribution protocol, and store acquired quantum keys in an address range the same as that of the peer quantum key distribution device; a key verification unit 1302 configured to verify consistency of the quantum keys stored in the address range and quantum keys stored in the same address range by the peer quantum key distribution device; and a matching key sending unit 1303 configured to, in accordance with a quantum key acquisition request from a key management device, send quantum keys that pass consistency verification to the key management device according to the same address range negotiated with the peer quantum key distribution device.

[0172] Fig. 14 is a block diagram illustrating a quantum key output system 1400, according to an exemplary embodiment. System 1400 may include two subsystems respectively deployed at a sender and a receiver. One subsystem may include: a quantum key acquisition apparatus 1401-1 , a quantum key storage and output apparatus 1402-1 and a quantum key distribution and storage apparatus 1403-1 , and the other subsystem may include: a quantum key acquisition apparatus 1401-2, a quantum key storage and output apparatus 1402-2, and a quantum key distribution and storage apparatus 1403-2.

[0173] The quantum key output system may adopt an operation mechanism of acquiring quantum keys in real time, and may also adopt an operation mechanism of pre-acquiring quantum keys. When the two operation mechanisms are adopted, interaction flows between various devices are described in above embodiments and are not repeated here.

[0174] In addition, a method for verifying storage consistency of quantum keys is disclosed, and the method can be implemented on a first device and a second device participating in verification. Fig. 15 is a flow diagram illustrating a method 1500 for verifying storage consistency of quantum keys, according to an exemplary embodiment. The parts of this embodiment similar to the embodiments described above are not repeated, and the following focuses on their differences. Method 1500 may be implemented by a non-transitory computer-readable storage medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a computer system, cause the computer system to perform method 1500. Method 1500 may include:

[0175] Step 1501 : A first device sends, to a second device, information acquired through a quantum key negotiation process and representing quantum keys to be verified and information of an address range where the quantum keys to be verified are stored.

[0176] The information representing quantum keys to be verified may include sub-information units corresponding to the number of quantum key bits, and each sub-information unit may be a unique identification of a different quantum bit in the quantum keys to be verified, and may one-to-one correspond to a storage address of an identified quantum bit.

[0177] The information representing quantum keys to be verified may include: the quantum keys to be verified, and each quantum bit in the quantum keys may be the sub-information unit. When such a mechanism is adopted, the first device may calculate hash values of the quantum keys to be verified by using a preset hash algorithm, and send the hash values and the information of the address range to the second device.

[0178] The information representing quantum keys to be verified may further include: a key label sequence of the quantum keys to be verified, and each key label in the key label sequence is the sub-information unit. The information of an address range where the quantum keys to be verified are stored may include: an address sequence consisting of a storage address of each quantum bit in the quantum keys to be verified. When such a mechanism is adopted, the first device can calculate a hash value of a character string formed by concatenation of the key label sequence and the address sequence by using a preset hash algorithm, and send the hash value and the address sequence or the hash value and the key label sequence to the second device participating in verification.

[0179] In some embodiments, timestamp information of the quantum bit may be used as the key label.

[0180] Step 1502: The second device, by comparing the received information with local corresponding information, determines whether the information

corresponding to the address range and representing quantum keys to be verified are the same for the devices of the two parties, returns a verification passing acknowledgement to the first device if they are the same, and returns an

acknowledgment indicating that verification is not passed if they are not the same.

[0181] When the information representing quantum keys to be verified is the quantum keys to be verified per se, the second device can extract the information of an address range where the quantum keys to be verified are stored from the received information, by using the preset hash algorithm, calculate a hash value of quantum keys stored in a local same address range, compare the hash value obtained through calculation with received hash value, if they are the same, determine that the information corresponding to the address range and representing quantum keys to be verified are the same for the devices of the two parties, and return a verification passing acknowledgement to the first device, and otherwise, return an acknowledgment indicating that verification is not passed. [0182] When the information representing quantum keys to be verified is a key label sequence of the quantum keys to be verified, the second device can extract a corresponding key label sequence locally in accordance with an address sequence extracted from the received information, or acquire a corresponding address sequence locally in accordance with extracted key label sequence, and calculate a hash value of a character string formed by concatenation of the key label sequence and the address sequence by using the preset hash algorithm; and determine whether the hash value obtained through calculation is the same as the received hash value, if they are the same, determine that the information corresponding to the address range and representing quantum keys to be verified are the same for the devices of the two parties, and return a verification passing acknowledgement to the first device, and otherwise, return an acknowledgment indicating that the verification is not passed.

[0183] The method for verifying storage consistency of quantum keys according to the present application can be implemented on devices of two parties that need to perform storage consistency verification of quantum keys, and the devices of two parties may be quantum key distribution devices of a sender and a receiver and may also be key management devices of the sender and the receiver.

[0184] When step 1501 is performed, the first device may encrypt information to be sent by using a key negotiated with the second device in advance;

correspondingly, when step 1502 is performed, the second device, after receiving the information sent by the first device and using a corresponding key for decryption, may perform subsequent comparison and determination operations.

[0185] Through the method for verifying storage consistency of quantum keys, devices of two parties participating in verification, by comparing the information corresponding to the same address range and representing quantum keys to be verified between the two parties, can determine whether quantum keys stored in the same address range by the two parties are the same, thereby providing a basis for the two parties to output matching quantum keys outwards and providing guarantee for secure and efficient transmission of user data. In the case of use of a verification method based on key labels, consistency verification can be achieved by using a characteristic that a key label can uniquely identify a quantum bit and a

corresponding relationship between key labels and storage addresses of quantum bits without transmitting quantum keys, thus further improving security of the quantum keys.

[0186] A method for verifying storage consistency of quantum keys is disclosed, and correspondingly, an apparatus 1600 for verifying storage consistency of quantum keys is disclosed. Fig. 16 is a block diagram illustrating an apparatus 1600 for verifying storage consistency of quantum keys, according to an exemplary embodiment. Apparatus 1600 described below is merely schematic.

[0187] An apparatus for verifying storage consistency of quantum keys of this embodiment may include: a key verification request sending unit 1601 configured to send information acquired through a quantum key negotiation process and representing quantum keys to be verified and information of an address range where the quantum keys to be verified are stored; and a key verification execution unit 1602 configured to determine by comparing the received information with local corresponding information, whether the information corresponding to the address range and representing quantum keys to be verified are the same for the devices of the two parties, if they are the same, return a verification passing acknowledgement to the first device, and otherwise, return an acknowledgment indicating that verification is not passed. Key verification request sending unit 1601 may be implemented in a first device. Key verification execution unit 1602 may be implemented in a second device.

[0188] A person skilled in the art can further understand that, various exemplary logic blocks, modules, circuits, and algorithm steps described with reference to the disclosure herein may be implemented as electronic hardware, computer software, or a combination of electronic hardware and computer software. For examples, the modules/units may be implemented by a processor executing software instructions stored in the computer-readable storage medium.

[0189] The flowcharts and block diagrams in the accompanying drawings show system architectures, functions, and operations of possible implementations of the system and method according to multiple embodiments of the present invention. In this regard, each block in the flowchart or block diagram may represent one module, one program segment, or a part of code, where the module, the program segment, or the part of code includes one or more executable instructions used for implementing specified logic functions. It should also be noted that, in some alternative implementations, functions marked in the blocks may also occur in a sequence different from the sequence marked in the drawing. For example, two consecutive blocks actually can be executed in parallel substantially, and

sometimes, they can also be executed in reverse order, which depends on the functions involved. Each block in the block diagram and/or flowchart, and a combination of blocks in the block diagram and/or flowchart, may be implemented by a dedicated hardware-based system for executing corresponding functions or operations, or may be implemented by a combination of dedicated hardware and computer instructions. [0190] As will be understood by those skilled in the art, embodiments of the present disclosure may be embodied as a method, a system or a computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an

embodiment combining software and hardware. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied in one or more computer-readable storage media (including but not limited to a magnetic disk memory, a CD-ROM, an optical memory and so on) containing computer-readable program codes.

[0191] Embodiments of the present disclosure are described with reference to flow diagrams and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing devices to produce a machine, such that the instructions, which are executed via the processor of the computer or other programmable data processing devices, create a means for implementing the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams.

[0192] These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing devices to function in a particular mechanism, such that the instructions stored in the computer-readable memory produce a manufactured product including an instruction means that implements the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams.

[0193] These computer program instructions may also be loaded onto a computer or other programmable data processing devices to cause a series of operational steps to be performed on the computer or other programmable devices to produce processing implemented by the computer, such that the instructions which are executed on the computer or other programmable devices provide steps for implementing the functions specified in one or more flows in the flow diagrams and/or one or more blocks in the block diagrams. In a typical configuration, a computer device includes one or more Central Processing Units (CPUs), an input/output interface, a network interface, and a memory. The memory may include forms of a volatile memory, a random access memory (RAM), and/or non-volatile memory and the like, such as a read-only memory (ROM) or a flash RAM in a computer-readable storage medium. The memory is an example of the computer- readable storage medium.

[0194] The computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The computer- readable storage medium includes non-volatile and volatile media, and removable and non-removable media, wherein information storage can be implemented with any method or technology. Information may be modules of computer-readable instructions, data structures and programs, or other data. Examples of a computer- readable storage medium include but are not limited to a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), other types of random access memories (RAMs), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory or other memory technologies, a compact disc read-only memory (CD-ROM), a digital versatile disc (DVD) or other optical storage, a cassette tape, tape or disk storage or other magnetic storage devices, or any other non-transmission media that may be used to store information capable of being accessed by a computer device. The computer-readable storage medium is non- transitory, and does not include transitory media, such as modulated data signals and carrier waves.

[0195] The specification has described methods, apparatus, and systems for quantum key output, storage, and consistency verification. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the mechanism in which particular functions are performed. Thus, these examples are presented herein for purposes of illustration, and not limitation. For example, steps or processes disclosed herein are not limited to being performed in the order described, but may be performed in any order, and some steps may be omitted, consistent with the disclosed embodiments. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description.

Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including

equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.

[0196] While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments. Also, the words "comprising," "having," "containing," and "including," and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise.

[0197] It will be appreciated that the present invention is not limited to the exact construction that has been described above and illustrated in the

accompanying drawings, and that various modifications and changes can be made without departing from the scope thereof. It is intended that the scope of the invention should only be limited by the appended claims.