CN113765654A - Load balancing quantum key management device - Google Patents
Load balancing quantum key management device Download PDFInfo
- Publication number
- CN113765654A CN113765654A CN202010496453.3A CN202010496453A CN113765654A CN 113765654 A CN113765654 A CN 113765654A CN 202010496453 A CN202010496453 A CN 202010496453A CN 113765654 A CN113765654 A CN 113765654A
- Authority
- CN
- China
- Prior art keywords
- quantum key
- key management
- server
- quantum
- reverse proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012545 processing Methods 0.000 claims abstract description 27
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 14
- 230000000977 initiatory effect Effects 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000007547 defect Effects 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a load-balanced quantum key management device, which can comprise a quantum key management reverse proxy server and a plurality of quantum key management servers. The quantum key management reverse proxy server may receive a request for quantum key management traffic; and responding to the request, and selecting the quantum key management server for the quantum key management service according to the load balancing algorithm based on the state of the quantum key management server. By means of the invention, the requirement of high-flow business processing can be met, and the reliability is ensured.
Description
Technical Field
The invention relates to the field of quantum secret communication, in particular to a quantum key management device with balanced load, which is used for quantum key output in quantum key life cycle management.
Background
The existing quantum key management architecture is logically layered, and the architecture may include a quantum layer, a management and control layer, and an application layer, as shown in fig. 1.
In the architecture shown in fig. 1, the quantum layer is used for generating a quantum key through a quantum key distribution process and uploading the quantum key to the management and control layer; the control layer is used for receiving the quantum key transmitted by the quantum layer, and finishing storage of the quantum key, relay of the quantum key and output of the quantum key; the application layer is used for butting an end user, applying a quantum key to the management and control layer, and performing operations such as encryption and decryption on data transmitted by the user by using the quantum key, for example, the encryption operation occurs in a communication initiator user, and the decryption operation occurs in a communication receiver user.
In the prior art, for the quantum key management function of the management and control layer, a dual-computer hot standby technology is mainly used to manage the quantum key, that is, a classical communication link and the quantum key are backed up by using a mature solution. However, only one management and control layer device that performs mutual backup in this way can normally operate at the same time, and therefore, only the reliability index can be improved, and the problem of bottleneck in service processing under high traffic cannot be solved.
Disclosure of Invention
Aiming at the defects in the prior art, the inventor provides a quantum key management device with balanced load based on a reverse proxy load balancing technology for the first time, so that the requirement of high-flow service processing can be met, the load balance of the high-flow service is realized, and the original reliability can be ensured.
The quantum key management device with balanced load can comprise a quantum key management reverse proxy server and a plurality of quantum key management servers, wherein a data link is established between the quantum key management reverse proxy server and the quantum key management servers;
wherein the quantum key management reverse proxy server is configured to:
receiving a request of a quantum key management service; and the number of the first and second groups,
and responding to the request of the quantum key management service, and selecting a quantum key management server for the quantum key management service from the quantum key management servers according to a preset load balancing algorithm based on the state of the quantum key management server.
Further, the quantum key management service comprises one or more of a quantum key receiving service, a quantum key relaying service and a quantum key outputting service; and/or the state of the quantum key management server comprises one or more of traffic load, quantum key amount and storage space.
Further, the state of the quantum key management server is obtained in response to a query by the quantum key management reverse proxy server to the quantum key management server; or the state of the quantum key management server is reported to the quantum key management reverse proxy server by the quantum key management server.
Further, the quantum key management reverse proxy server is selected from the quantum key management servers by election.
Further, the quantum key management reverse proxy server is further configured to: receiving a request of a quantum key receiving service; and when receiving the quantum key, based on the current service load and storage space of the quantum key management server, selecting the quantum key management server for processing the quantum key receiving service according to the load balancing algorithm, and forwarding the quantum key to the selected quantum key management server.
Further, when the selected quantum key management server does not successfully process the quantum key reception traffic: the selected quantum key management server returns the quantum key to the quantum key management reverse proxy server; and the quantum key management reverse proxy server reselects a quantum key management server for processing the quantum key receiving service.
Further, the quantum key management reverse proxy server is further configured to: receiving a request of a quantum key relay service; and acquiring the quantum key amount of the quantum key management server, calculating the total amount of the quantum keys, and feeding back the total amount of the quantum keys to the routing server.
Still further, the quantum key management reverse proxy server is further configured to: when the quantum key relay node is used as a relay initiating node, a quantum key management server and a quantum key for processing the quantum key relay service are selected according to the load balancing algorithm based on the current service load and the quantum key amount of the quantum key management server, wherein the selected quantum key is a seed key. Wherein the selected quantum key management server uploads the seed key to the quantum key management reverse proxy server; and the quantum key management reverse proxy server selects a quantum key management server for storing the seed key according to the load balancing algorithm based on the current service load and the current quantum key amount or storage space of the quantum key management server.
Still further, the quantum key management reverse proxy server is further configured to: when the relay node is used as a relay destination node, the transmitted relay key is sent to a quantum key management server which stores the unique identifier of the quantum key according to the unique identifier of the quantum key used for encrypting the transmitted relay key.
Still further, the quantum key management reverse proxy server is further configured to: when the relay node is used as a relay transmission node, according to the unique identifier of the quantum key used for encrypting the transmitted relay key in the previous hop node, the transmitted relay key is sent to a quantum key management server which stores the unique identifier of the quantum key for decryption; and based on the current service load and quantum key amount of the quantum key management server, selecting a quantum key for the next hop node according to the load balancing algorithm, and sending the decrypted relay key to the quantum key management server corresponding to the selected quantum key for the next hop node.
Further, the quantum key management reverse proxy server is further configured to: receiving a request of a quantum key output service; selecting a quantum key management server and a quantum key for the quantum key output service according to the load balancing algorithm based on the current service load and the quantum key amount of the quantum key management server according to the quantum key amount required by the request of the quantum key output service; integrating the selected quantum key uploaded by the selected quantum key management server.
Further, when a fault that the quantum key cannot be found according to the unique identifier of the quantum key occurs in the quantum key management reverse proxy server or the quantum key management server with the data link established with the quantum key management reverse proxy server, the quantum key corresponding to the fault is synchronously abandoned between the quantum key management reverse proxy server with the fault and the quantum key management reverse proxy server at the opposite end.
Drawings
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 illustrates the logical architecture of a prior art quantum key management architecture;
FIG. 2 illustrates an example of a reverse proxy load balancing technique;
fig. 3 shows a workflow of the quantum key management device for load balancing of the present invention in processing a quantum key reception service request;
fig. 4 shows a workflow of the quantum key management device of the present invention in processing a quantum key relay service request;
fig. 5A shows a workflow of a quantum key management device as a relay initiating node in a relay key transmission process;
fig. 5B shows a work flow of the quantum key management device as a relay destination node in the relay key transmission process;
fig. 5C shows a workflow of the quantum key management device as a relay transmission node in the relay key transmission process;
fig. 6 shows a workflow of the quantum key management device of the present invention in processing a quantum key output service request;
fig. 7 shows an exemplary solution of the load-balanced quantum key management device of the present invention in the event of some failure.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following examples are provided by way of illustration in order to fully convey the spirit of the invention to those skilled in the art to which the invention pertains. Accordingly, the present invention is not limited to the embodiments disclosed herein.
Based on the defects of the existing quantum key management system, the invention provides a quantum key management idea based on a load balancing technology through research, so that the reliability can be ensured, and the business processing requirement of high flow can be met. Specifically, the invention innovatively proposes the application of the reverse proxy load balancing technology to the management of the quantum key for the first time on the basis of deeply analyzing the HTTP redirection load balancing technology, the DNS domain name resolution load balancing technology, the reverse proxy load balancing technology and the like in the classical communication, and particularly discloses a quantum key management device based on load balancing.
In the reverse proxy load balancing technology, the implementation of load balancing depends on a reverse proxy server, the implementation details of subsequent services are hidden by the reverse proxy server, and the arrived traffic is balanced by a load balancing algorithm of the reverse proxy server to be distributed to a server for specifically processing the traffic, namely only depending on the interaction details between the proxy server and the traffic server. Fig. 2 shows an example of a reverse proxy load balancing technique, as shown in the figure, an external service processing request first arrives at a reverse proxy server, and the reverse proxy server selects a corresponding service processing server to process the service request according to a load balancing algorithm, and feeds back a service processing result to a requester.
Fig. 3-6 each illustrate, by way of example, a load-balanced quantum key management device in accordance with the present invention.
As shown, the quantum key management apparatus of the present invention is disposed at a management and control layer, and may include a quantum key management reverse proxy server and a plurality of quantum key management servers (e.g., servers A, B and C), and data links are established between the quantum key management reverse proxy server and the plurality of quantum key management servers and authentication is achieved.
In the quantum key management device of the present invention, a quantum key management service request will be received by a quantum key management reverse proxy server. In response to the quantum key management service request, the quantum key management reverse proxy server may select a quantum key management server from the plurality of quantum key management servers to process the quantum key management service according to a preset load balancing algorithm. Quantum key management traffic may include, but is not limited to, quantum key reception traffic, quantum key relay traffic, and quantum key output traffic.
In the invention, the quantum key management reverse proxy server can acquire the current state of each quantum key management server. As an example, the state of the quantum key management server may include traffic load, quantum key amount, and memory space, among others. As an example, query information may be proactively sent by the quantum key management reverse proxy server to the quantum key management server to obtain its current state; alternatively, the quantum key management reverse proxy server may be actively reported its current state by the quantum key management server.
Therefore, the quantum key management reverse proxy server can respond to the quantum key management service request, and based on the current state of each quantum key management server, select a quantum key management server suitable for processing the quantum key management service request according to a preset load balancing algorithm.
The working principle of the quantum key management device of the present invention will be described in detail below with reference to fig. 3 to 6, by way of example, in connection with a specific quantum key management service request.
Fig. 3 shows the workflow of the quantum key management device for load balancing in processing a quantum key reception service request.
As shown in fig. 3, the quantum key management device may include a quantum key management reverse proxy server and a plurality of quantum key management servers (e.g., quantum key management servers A, B and C) with data links established between the quantum key management reverse proxy server and the plurality of quantum key management servers and authentication is achieved.
The quantum key management reverse proxy server obtains the current traffic load and storage space of each quantum key management server (such as server a, server B, and server C).
And the quantum layer uploads the quantum key to a quantum key management reverse proxy server and provides a quantum key receiving service request.
After receiving the quantum keys uploaded by the quantum layer, the quantum key management reverse proxy server performs load balancing calculation according to a preset load balancing algorithm based on the current service load and storage space of each quantum key management server, selects a proper quantum key management server from the load balancing calculation, and forwards the quantum keys to the selected quantum key management server.
And processing the received quantum key at the selected quantum key management server. If the processing is successful, a message can be sent to the quantum key management reverse proxy server to inform the quantum key processing completion; otherwise, the quantum key can be returned to the quantum key management reverse proxy server, and the quantum key management reverse proxy server is informed to pick the quantum key management server again.
In the quantum key management device of the present invention, the processing of the quantum key received from the quantum layer according to the above rule is repeated. If the final processing is successful, a vector sublayer can send a message to inform that the quantum key is successfully received; otherwise, a message can be sent to the vector sublayer to inform the quantum key of the failure in receiving.
Fig. 4 shows the work flow of the quantum key management device for load balancing in processing quantum key relay service request.
It should be noted that, for the sake of brevity, the contents overlapping with the above may not be described again.
As shown in fig. 4, the quantum key management device may include a quantum key management reverse proxy server and a plurality of quantum key management servers (e.g., quantum key management servers A, B and C) between which data links are established and authentication is achieved.
For the quantum key relay service, a quantum key relay process is initiated inside the management and control layer. And when the management and control layer detects that quantum key relay is required, the routing server performs routing calculation from the relay initiating node to the relay destination node. In routing computation, the quantum key management reverse proxy server will appear as one routable node.
Therefore, in the routing calculation, when the quantum key management reverse proxy server receives the quantum key relay service request, the quantum key management reverse proxy server obtains the current traffic load and quantum key amount of each quantum key management server (for example, server a, server B, and server C), calculates the total amount of the quantum keys of each quantum key management server, and feeds back the total amount of the quantum keys to the routing server. That is, for a routing server, the amount of quantum keys in a routing node implemented by a quantum key management reverse proxy server is equal to the total amount of quantum keys of the multiple quantum key management servers connected thereto.
And the routing server manages the total amount of the quantum key fed back by the reverse proxy server according to the quantum key and calculates the relay path.
When the quantum key relay path from the relay initiating node to the relay destination node is calculated to be reachable, the management and control layer starts to perform a quantum key relay process and starts to send a relay key transmission instruction to each quantum key management reverse proxy server.
Fig. 5A shows a work flow of the quantum key management device as a relay initiating node in the relay key transmission process.
As shown in fig. 5A, when the subkey management reverse proxy server finds itself as a relay initiating node, the quantum key may be selected from each quantum key management server according to a preset load balancing algorithm based on the current traffic load and quantum key amount of each quantum key management server. The quantum key in the selected quantum key management server is stored as the seed key of the relay. The seed key may be used as a relay key, and may also be combined with a key generation algorithm (e.g., AES) to generate a relay key, or combined with other keys or random numbers (e.g., quantum random numbers) to generate a relay key. The seed key may also be used as a key to encrypt the relay key.
As an example of a seed key storage scheme, a seed key may be stored in a current quantum key management server.
As another example of the seed key storage scheme, the quantum key management server may upload the seed key to the quantum key management reverse proxy server, and the quantum key management reverse proxy server reselects the quantum key management server according to a preset load balancing algorithm based on the traffic load and the quantum key amount (or storage space) of each quantum key management server, so as to store the quantum key management server.
In the invention, the quantum key management reverse proxy server can determine which seed key storage scheme is selected.
Fig. 5B shows a work flow of the quantum key management device as a relay destination node in the relay key transmission process.
According to the quantum key relay principle, when the transmitted relay key reaches the destination node, the quantum key used for encrypting the transmitted relay key is selected at the previous hop node, so that when the destination node decrypts the transmitted relay key, the transmitted relay key can be sent to the quantum key management server storing the unique identifier of the quantum key according to the unique identifier of the quantum key used for encrypting the transmitted relay key, which is sent by the previous hop node.
Therefore, as shown in fig. 5B, when the reverse proxy server for sub-key management finds itself as the relay destination node, the corresponding relay key for transmission may be directly sent to the quantum key management server storing the unique identifier of the quantum key according to the information (the unique identifier of the quantum key used for encrypting the relay key for transmission) carried in the relay transmission process, so as to decrypt the relay key for transmission by using the corresponding quantum key, and finally obtain the relay key for transmission.
Fig. 5C shows a work flow of the quantum key management device as a relay transmission node in the relay key transmission process.
As shown in fig. 5C, when the quantum key management reverse proxy server finds itself to be neither the relay initiating node nor the relay destination node, the quantum key management reverse proxy server needs to process the relay key transmission service.
Firstly, the quantum key management reverse proxy server needs to directly send the corresponding transmitted relay key to the quantum key management server storing the unique identifier of the quantum key according to information carried in the relay transmission process (i.e., the unique identifier of the quantum key used for encrypting the transmitted relay key in the previous hop node), so as to decrypt the transmitted relay key by using the corresponding quantum key.
Then, the quantum key management reverse proxy server may select a quantum key for a next hop node from each quantum key management server according to a preset load balancing algorithm based on the current traffic load and quantum key amount of each quantum key management server, and send the decrypted relay key to the corresponding quantum key management server, and encrypt the relay key using the selected quantum key.
Through the process, the quantum key management reverse proxy server carries out the relay process of the quantum key hop by hop according to the path calculated by the routing server. If the relay process is successful, generating corresponding relay keys at the relay initiating node and the relay destination node; otherwise, the relay process fails. The quantum key used in the relay process is destroyed no matter success or failure.
Fig. 6 shows the workflow of the quantum key management device for load balancing in processing a quantum key output service request. Also for the sake of brevity, duplicate details may not be repeated.
As shown in fig. 6, the quantum key management device may include a quantum key management reverse proxy server and a plurality of quantum key management servers (e.g., quantum key management servers A, B and C) between which data links are established and authentication is achieved.
The quantum key management reverse proxy server obtains the current traffic load and quantum key amount of each quantum key management server (such as server a, server B and server C).
The application layer makes a quantum key output service request (namely a quantum key application request) to the quantum key management reverse proxy server.
The quantum key management reverse proxy server outputs the quantum key amount requested in the service request according to the quantum key, and performs load balancing calculation according to a preset load balancing algorithm based on the current service load and the quantum key amount of each quantum key management server, so as to select the quantum key for outputting to the application layer, namely the quantum key management server corresponding to the quantum key. Subsequently, the quantum key management reverse proxy server sends the quantum key output service request to the selected one or more quantum key management servers.
The quantum key management server responds to the quantum key output service request and sends the selected quantum key to the quantum key management reverse proxy server. The quantum key management reverse proxy server integrates the quantum keys and sends the quantum keys to an application layer (namely, a quantum key output service requester).
The following further describes the working flow of the quantum key management device of the present invention by taking the quantum key output service request provided by the application layer for performing encryption and decryption services as an example.
And the encryption end of the application layer sends a quantum key output service request to the quantum key management reverse proxy server.
The quantum key management reverse proxy server outputs a service request according to the quantum key, performs load balancing calculation according to a preset load balancing algorithm based on the current service load and quantum key amount of each quantum key management server, and selects the quantum key to be output and the corresponding quantum key management server.
And the quantum key management reverse proxy server sends a quantum key output service request to the selected quantum key management server and waits for the response of the quantum key management server.
And the quantum key management server responds and sends the selected quantum key to the quantum key management reverse proxy server.
And the quantum key management reverse proxy server integrates the selected quantum key and sends the integrated quantum key to an encryption end of the application layer.
After the encryption end of the application layer receives the quantum key, the decryption end of the application layer is informed to provide a quantum key output service request to the corresponding quantum key management reverse proxy server, and the request is used for decrypting the quantum key. At this time, the quantum key output service request may include a unique identifier of the quantum key for decryption.
The quantum key management reverse proxy server directly applies for the corresponding quantum key from the corresponding quantum key management server according to the unique identification of the quantum key provided by the decryption end of the application layer, then integrates the applied quantum key, and sends the integrated quantum key to the decryption end of the application layer.
As can be understood from the foregoing, in the load balancing quantum key management apparatus of the present invention, since the quantum keys are distributively stored in the respective quantum key management servers, when one quantum key management server stops operating due to a fault, the quantum key management reverse proxy server can still process the service by using the remaining quantum key management servers, thereby ensuring the reliability thereof.
According to the invention, in order to further improve the reliability index, the quantum key management reverse proxy server is not separately deployed, but one quantum key management server is elected to be also used as the quantum key management reverse proxy server in a node election mode in a plurality of quantum key management servers. Therefore, when the quantum key management reverse proxy server in use fails and cannot continue to work, the rest quantum key management servers can reselect one quantum key management reverse proxy server through an election algorithm, and the service is guaranteed not to be interrupted.
In addition, in the load-balanced quantum key management device of the present invention, the following failures may occur: the quantum key management server storing the quantum key fails at the corresponding position, so that the quantum key management reverse proxy server cannot find the corresponding quantum key according to the unique identifier of the quantum key, as shown in fig. 7.
Therefore, in the quantum key management apparatus of the present invention, when it is detected that the quantum key management server or the quantum key management reverse proxy server has a failure, synchronization of the quantum keys may be performed between the two (home and peer) quantum key management reverse proxy servers, for example, the quantum keys corresponding to the failure are synchronously discarded at the two servers.
In summary, in the quantum key management device of the present invention, the host hot standby mode in the prior art is replaced by the load balancing mode, and the election mechanism is adopted in the load balancing mode, so that the load balancing of the service can be realized on the premise of ensuring the main and standby modes.
The quantum key management device is established on a mature and stable reverse proxy load balancing technology, and is uniquely designed aiming at the characteristics of quantum key management, so that the quantum key management device is very suitable for large-scale popularization and application in the industry.
In addition, in the invention, the number of the devices can be dynamically increased/decreased according to the actual environment by means of a load balancing algorithm, and the dynamic adjustment of the service is automatically carried out, thereby reducing the complexity of manual configuration. In addition, the invention also provides a method for processing quantum key asynchronous abnormity caused by quantum key management server failure by using quantum key information synchronization mode, thereby providing a comprehensive solution for application of the quantum key management device.
Although the present invention has been described in connection with the embodiments illustrated in the accompanying drawings, it will be understood by those skilled in the art that the embodiments described above are merely exemplary for illustrating the principles of the present invention and are not intended to limit the scope of the present invention, and that various combinations, modifications and equivalents of the above-described embodiments may be made by those skilled in the art without departing from the spirit and scope of the present invention.
Claims (13)
1. A quantum key management device with balanced load comprises a quantum key management reverse proxy server and a plurality of quantum key management servers, wherein a data link is established between the quantum key management reverse proxy server and the quantum key management servers;
wherein the quantum key management reverse proxy server is configured to:
receiving a request of a quantum key management service; and the number of the first and second groups,
and responding to the request of the quantum key management service, and selecting a quantum key management server for the quantum key management service from the quantum key management servers according to a preset load balancing algorithm based on the state of the quantum key management server.
2. The quantum key management device of claim 1,
the quantum key management service comprises one or more of quantum key receiving service, quantum key relay service and quantum key output service;
and/or the state of the quantum key management server comprises one or more of traffic load, quantum key amount and storage space.
3. The quantum key management device of claim 1,
the state of the quantum key management server is obtained in response to a query by the quantum key management reverse proxy server to the quantum key management server; or,
the state of the quantum key management server is reported by the quantum key management server to the quantum key management reverse proxy server.
4. The quantum key management device of claim 1, wherein the quantum key management reverse proxy server is selected from the quantum key management servers by election.
5. The quantum key management device of claim 1, wherein the quantum key management reverse proxy server is further configured to:
receiving a request of a quantum key receiving service; and,
and when receiving the quantum key, based on the current service load and storage space of the quantum key management server, selecting the quantum key management server for processing the quantum key receiving service according to the load balancing algorithm, and forwarding the quantum key to the selected quantum key management server.
6. The quantum key management device of claim 5, wherein when the selected quantum key management server fails to process the quantum key reception traffic:
the selected quantum key management server returns the quantum key to the quantum key management reverse proxy server;
and the quantum key management reverse proxy server reselects a quantum key management server for processing the quantum key receiving service.
7. The quantum key management device of claim 1, wherein the quantum key management reverse proxy server is further configured to:
receiving a request of a quantum key relay service; and,
and obtaining the quantum key amount of the quantum key management server, calculating the total amount of the quantum keys, and feeding back the total amount of the quantum keys to the routing server.
8. The quantum key management device of claim 7, wherein the quantum key management reverse proxy server is further configured to:
when the quantum key relay node is used as a relay initiating node, a quantum key management server and a quantum key for processing the quantum key relay service are selected according to the load balancing algorithm based on the current service load and the quantum key amount of the quantum key management server, wherein the selected quantum key is a seed key.
9. The quantum key management device of claim 8,
the selected quantum key management server uploads the seed key to the quantum key management reverse proxy server; and,
and the quantum key management reverse proxy server selects a quantum key management server for storing the seed key according to the load balancing algorithm based on the current service load and the current quantum key amount or storage space of the quantum key management server.
10. The quantum key management device of claim 7, wherein the quantum key management reverse proxy server is further configured to:
when the relay node is used as a relay destination node, the transmitted relay key is sent to a quantum key management server which stores the unique identifier of the quantum key according to the unique identifier of the quantum key used for encrypting the transmitted relay key.
11. The quantum key management device of claim 7, wherein the quantum key management reverse proxy server is further configured to:
when the relay node is used as a relay transmission node, according to the unique identifier of the quantum key used for encrypting the transmitted relay key in the previous hop node, the transmitted relay key is sent to a quantum key management server which stores the unique identifier of the quantum key for decryption; and the number of the first and second groups,
and based on the current service load and the quantum key amount of the quantum key management server, selecting a quantum key for the next hop node according to the load balancing algorithm, and sending the decrypted relay key to the quantum key management server corresponding to the selected quantum key for the next hop node.
12. The quantum key management device of claim 1, wherein the quantum key management reverse proxy server is further configured to:
receiving a request of a quantum key output service;
selecting a quantum key management server and a quantum key for the quantum key output service according to the load balancing algorithm based on the current service load and the quantum key amount of the quantum key management server according to the quantum key amount required by the request of the quantum key output service;
integrating the selected quantum key uploaded by the selected quantum key management server.
13. The quantum key management device of claim 1,
when a fault that the quantum key cannot be found according to the unique identifier of the quantum key occurs in the quantum key management reverse proxy server or the quantum key management server with the data link established with the quantum key management reverse proxy server, synchronously abandoning the quantum key corresponding to the fault between the quantum key management reverse proxy server with the fault and a quantum key management reverse proxy server at the opposite end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010496453.3A CN113765654B (en) | 2020-06-03 | 2020-06-03 | Load balancing quantum key management device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010496453.3A CN113765654B (en) | 2020-06-03 | 2020-06-03 | Load balancing quantum key management device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113765654A true CN113765654A (en) | 2021-12-07 |
| CN113765654B CN113765654B (en) | 2022-09-27 |
Family
ID=78783320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010496453.3A Active CN113765654B (en) | 2020-06-03 | 2020-06-03 | Load balancing quantum key management device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113765654B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664662A (en) * | 2022-11-07 | 2023-01-31 | 北京数盾信息科技有限公司 | Key processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217483A (en) * | 2008-01-21 | 2008-07-09 | 中兴通讯股份有限公司 | A method to realize cluster server inner load sharing agent |
| CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
| CN110086713A (en) * | 2019-04-17 | 2019-08-02 | 北京邮电大学 | It is a kind of to divide domain method for routing for wide area quantum key distribution network |
| US20190260581A1 (en) * | 2016-11-04 | 2019-08-22 | Huawei Technologies Co., Ltd. | Quantum key relay method based on centralized management and control network, and apparatus |
-
2020
- 2020-06-03 CN CN202010496453.3A patent/CN113765654B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217483A (en) * | 2008-01-21 | 2008-07-09 | 中兴通讯股份有限公司 | A method to realize cluster server inner load sharing agent |
| CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
| US20190260581A1 (en) * | 2016-11-04 | 2019-08-22 | Huawei Technologies Co., Ltd. | Quantum key relay method based on centralized management and control network, and apparatus |
| CN110086713A (en) * | 2019-04-17 | 2019-08-02 | 北京邮电大学 | It is a kind of to divide domain method for routing for wide area quantum key distribution network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664662A (en) * | 2022-11-07 | 2023-01-31 | 北京数盾信息科技有限公司 | Key processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113765654B (en) | 2022-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhuang et al. | Cashmere: Resilient anonymous routing | |
| US7236597B2 (en) | Key transport in quantum cryptographic networks | |
| US9467290B2 (en) | Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols | |
| JP5152642B2 (en) | Packet ring network system, packet transfer method, and node | |
| US7860975B2 (en) | System and method for secure sticky routing of requests within a server farm | |
| US20100172270A1 (en) | Distributed Storage of Routing Information In a Link State Protocol Controlled Network | |
| US20230040769A1 (en) | Secure content routing using one-time pads | |
| US12095748B2 (en) | One-time pads encryption hub | |
| CN102088441A (en) | Data encryption transmission method and system for message-oriented middleware | |
| US11831768B2 (en) | Cryptographic material sharing among entities with no direct trust relationship or connectivity | |
| CN113765654B (en) | Load balancing quantum key management device | |
| Takahashi et al. | A high-speed key management method for quantum key distribution network | |
| CN107135152B (en) | Security reinforcing method for transmitting key information in packet transport network | |
| US10986209B2 (en) | Secure and reliable on-demand source routing in an information centric network | |
| CN115473641B (en) | Quantum encryption communication method and system capable of realizing automatic networking | |
| CN114362938B (en) | Quantum communication key management dynamic route generation network architecture and method | |
| JP2010114693A (en) | Transmitter | |
| EP1645071B1 (en) | Secure indirect addressing | |
| CN115378585A (en) | Quantum key life cycle management system | |
| CN119182828B (en) | External network access method, device, computer equipment, readable storage medium and product | |
| US20220360435A1 (en) | Method and apparatus for key relay control based on software defined networking in quantum key distribution network | |
| CN119182828A (en) | Extranet access method, device, computer equipment, readable storage medium and product | |
| CN117527237A (en) | Quantum key distribution network routing method, device, equipment and medium | |
| JP2010114692A (en) | Data transmission system, transmission controller, and transmitter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |