发明名称 |
Quantum key management |
摘要 |
Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution. |
申请公布号 |
US9509506(B2) |
申请公布日期 |
2016.11.29 |
申请号 |
US201213599816 |
申请日期 |
2012.08.30 |
申请人 |
LOS ALAMOS NATIONAL SECURITY, LLC |
发明人 |
Hughes Richard John;Thrasher James Thomas;Nordholt Jane Elizabeth |
分类号 |
H04L9/08;H04L9/32;G06F21/31 |
主分类号 |
H04L9/08 |
代理机构 |
Wilmer Cutler Pickering Hale and Dorr LLP |
代理人 |
Wilmer Cutler Pickering Hale and Dorr LLP |
主权项 |
1. A method of establishing a public key infrastructure (PKI) using a trusted authority in communication with a plurality of user devices using quantum communications, the method comprising:
at a receiving user device of the plurality of user devices:
receiving, from a sending user device of the plurality of user devices, (i) a message and (ii) a sending user device digital signature based on the message and a one-time digital signature key associated with the sending user device;receiving, from the trusted authority, (i) verification information associated with the sending user device, and (ii) a trusted authority digital signature based on the verification information and a one-time digital signature key associated with a connection between the receiving user device and the trusted authority;checking the trusted authority digital signature using verification information associated with the trusted authority previously received from the trusted authority;if the trusted authority digital signature is valid, checking the sending user device digital signature using the verification information associated with the sending user device received from the trusted authority; andreplenishing a supply of one-time digital signature keys associated with the connection between the receiving user device and the trusted authority using a quantum communication session between the receiving user device and the trusted authority. |
地址 |
Los Alamos NM US |