Data management and encryption in a distributed computing system
US-2024305442-A1 · Sep 12, 2024 · US
Quantum key management
US9509506B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9509506-B2 |
| Application number | US-201213599816-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 30, 2012 |
| Priority date | Sep 30, 2011 |
| Publication date | Nov 29, 2016 |
| Grant date | Nov 29, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.
First claim
Opening claim text (preview).
We claim: 1. A method of establishing a public key infrastructure (PKI) using a trusted authority in communication with a plurality of user devices using quantum communications, the method comprising: at a receiving user device of the plurality of user devices: receiving, from a sending user device of the plurality of user devices, (i) a message and (ii) a sending user device digital signature based on the message and a one-time digital signature key associated with the sending user device; receiving, from the trusted authority, (i) verification information associated with the sending user device, and (ii) a trusted authority digital signature based on the verification information and a one-time digital signature key associated with a connection between the receiving user device and the trusted authority; checking the trusted authority digital signature using verification information associated with the trusted authority previously received from the trusted authority; if the trusted authority digital signature is valid, checking the sending user device digital signature using the verification information associated with the sending user device received from the trusted authority; and replenishing a supply of one-time digital signature keys associated with the connection between the receiving user device and the trusted authority using a quantum communication session between the receiving user device and the trusted authority. 2. The method of claim 1 , further comprising conducting a quantum communication session between the sending user device and the trusted authority to establish a set of user-to-user keys for establishing communications between the sending user device and other user devices of the plurality of user devices. 3. The method of claim 1 , further comprising: receiving, at the trusted authority, a request from the sending user device for key information regarding the receiving user device; determining, at the trusted authority, whether credentials registered at the trusted authority and associated with at least one of the sending user device and the receiving user device are valid; and when the credentials are determined to be valid, sending the requested key information from the trusted authority to the sending user device. 4. The method of claim 3 , further comprising: when the credentials are determined to not be valid, sending a warning message to the sending user device. 5. The method of claim 3 , further comprising: when the credentials are determined to not be valid, refusing to send the requested key information to the sending user device. 6. The method of claim 2 , further comprising: receiving, at the trusted authority, a request from the sending user device for key information regarding the receiving user device; and sending the requested key information to the second user device, wherein the requested key information is based on at least part of the set of user-to-user keys for establishing communication between the sending user device and other user devices. 7. The method of claim 6 , further comprising: generating, at the trusted authority, a digital signature based on the requested key information and a one-time digital signature key associated with a connection between the sending user device and the trusted authority; and sending the generated digital signature to the sending user device. 8. The method of claim 2 , wherein the set of user-to-user keys comprise at least one unique key for every other user device. 9. The method of claim 1 , further comprising replenishing a supply of one-time digital signature keys associated with the sending user device using a quantum communication session between the sending user device and the trusted authority. 10. The method of claim 1 , wherein replenishing the supply of one-time digital signature keys associated with the connection between the receiving user device and the trusted authority comprises generating the supply of one-time digital signature keys using a random number generation function that utilizes a set of bits established by the quantum communication session between the receiving user device and the trusted authority as a seed value. 11. The method of claim 1 , wherein the verification information associated with the trusted authority is associated with multiple one-time digital signature keys associated with the connection between the receiving user device and the trusted authority. 12. The method of claim 1 , further comprising: conducting, at the trusted authority, quantum communication sessions with each user device of the plurality of user devices to establish a set of user-to-user keys; and publishing, by the trusted authority, information regarding the set of user-to-user keys so that the information is accessible to the plurality of user devices when the trusted authority is offline. 13. The method of claim 1 , wherein replenishing the supply of one-time digital signature keys comprises: establishing an encryption key for encrypting communications between the trusted authority and the receiving user device using the quantum communication session; generating, at the trusted authority, (i) the supply of one-time digital signature keys using a random number generator and (ii) verification information based on the supply of one-time digital signature keys; encrypting, at the trusted authority, the verification information based on the supply of one-time digital signature keys using the encryption key; and sending the encrypted verification information from the trusted authority to the receiving user device. 14. The method of claim 1 , further comprising: enrolling each user device of the plurality of user devices by: determining, at the trusted authority, an initial trusted authority digital signature key for authenticating communications between the trusted authority and the corresponding user device, and initial verification information for the corresponding user device based on the initial trusted authority digital signature key; and sending the initial trusted authority digital signature key to the corresponding user device. 15. A method of using a public key infrastructure (PKI) implemented by a trusted authority in communication with a plurality of user devices using quantum communications, the method comprising: receiving, at the trusted authority from a first user device of the plurality of user devices, a request for verification information associated with a one-time digital signature key associated with a second user device of the plurality of user devices; sending, in response to the request, (i) the verification information, and (ii) a trusted authority digital signature based on the verification information and a one-time digital signature key associated with a connection between the first user device and the trusted authority; and replenishing a supply of one-time digital signature keys associated with the connection between the first user device and the trusted authority using a quantum communication session between the first user device and the trusted authority. 16. The method of claim 15 , further comprising conducting, at the trusted authority, a quantum communication session with each user device of the plurality of user devices to establish a set of user-to-user keys for establishing communication between each user device and each other user device of the plurality of user devices. 17. The method of claim 16 , further comprising: receiving, at the trusted authority from the second user device, a request for key information regard
Assignees
Inventors
Classifications
User authentication · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
involving digital signatures · CPC title
involving a third party or a trusted authority · CPC title
- H04L9/0836Primary
using tree structure or hierarchical structure · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9509506B2 cover?
- Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures…
- Who is the assignee on this patent?
- Hughes Richard John, Thrasher James Thomas, Nordholt Jane Elizabeth, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0836. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).