| 摘要 |
The present invention concerns a cryptographic key distribution system comprising: a server node (S); at least a first client node (C1) connected to the server node (S) by means of a first quantum channel; a repeater network connected to the server node (S) by means of a second quantum channel; and at least a second client node (C2) connected to the repeater network by means of a third quantum channel. The server node (S) and the first client node (C1) are configured to cooperatively generate a first link quantum key associated with a first system subscriber by implementing a quantum key distribution on the first quantum channel. The first client node (C1) is configured to supply the first link quantum key to the first subscriber. The repeater network and the second client node (C2) are configured to cooperatively generate a transfer quantum key associated with a second system subscriber by implementing a quantum key distribution on the third quantum channel. The second client node (C2) is configured to supply the transfer quantum key to the second subscriber. The server node (S) and the repeater network are configured to cooperatively generate a second link quantum key associated with the second subscriber by implementing a quantum key distribution on the second quantum channel. The repeater network is further configured to encrypt the second link quantum key on the basis of the transfer quantum key and to send the encrypted second link quantum key to the second subscriber by means of one or more public communication channel(s). Finally, the server node (S) is further configured to: encrypt a traffic cryptographic key associated with the first and second system subscribers on the basis of the first link quantum key and of a first service authentication key associated with the first subscriber; send the traffic cryptographic key encrypted on the basis of the first link quantum key and of the first service authentication key to the first subscriber by means of one or more public communication channel(s); encrypt the traffic cryptographic key associated with the first and second system subscribers on the basis of the second link quantum key and of a second service authentication key associated with the second subscriber; and send the traffic cryptographic key encrypted on the basis of the second link quantum key and of the second service authentication key to the second subscriber by means of one or more public communication channel(s). |
