-
公开(公告)号:US11637699B2
公开(公告)日:2023-04-25
申请号:US17380149
申请日:2021-07-20
Applicant: ADVA Optical Networking SE
Inventor: Andrew Sergeev , Joo Yeon Cho
Abstract: There is provided a technique of establishing encryption keys for communication between 1st peer and 2nd peer via a data path. The technique comprises: by each peer, using input keying material to independently generate equivalent pairs of peer encryption keys (PEKs), verifying equivalence of the generated PEK pairs, and using by 1st peer and 2nd peer the verified PEK pairs to become in possession of equivalent pairs of session encryption keys (SEKs). Verifying comprises: generating by 1st peer a first handshake (HS) message encrypted by PEK Tx1 and sending the first HS message to the 2nd peer via the data path; decrypting by the 2nd peer the first HS message using the PEK Rx2, generating a second HS message encrypted by PEK Tx2, and sending the second HS message to the 1st peer via the data path; and decrypting the second HS message by the 1st peer using PEK Rx1.
-
公开(公告)号:US20230018829A1
公开(公告)日:2023-01-19
申请号:US17751596
申请日:2022-05-23
Applicant: ADVA Optical Networking SE
Inventor: Joo Yeon Cho , Helmut Griesser
IPC: H04L9/08
Abstract: A method and system for performing a secure key relay of an encryption key, Kenc, provided by an initial node, KN0, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, Pdata, to provide encrypted cipher data, Cdata, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, Cdata, using the relayed encryption key, Kenc, provided by a terminal node, KNN, as a decoding key to retrieve the plain data, Pdata, wherein the relay of the encryption key, Kenc, from the initial node, KN0, to the terminal node, KNN, is performed by means of intermediate relay nodes, KN1, KN2 . . . KNN−1, and comprises the steps of sharing (S1) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S2) encryption of shared QKD-KEYS, K, at the initial node, KN0, and at each intermediate relay node, KN1, KN2 . . . KNN−1, and blinding them with a blinding value, Si, of the respective node to provide an encrypted cipher key, CKi, by the initial node, KN0, and by each intermediate relay node, KN1, KN2 . . . KNN−1; distributing (S3) or pre-distributing the blinding values, Si, of the initial node, KN0, and of each intermediate relay node, KN1, KN2 . . . KNN−1; transmitting (S4) the encrypted cipher keys, CKi, of the initial node, KN0, and of each of the intermediate relay nodes, KN1, KN2 . . . KNN−1, to the terminal node, KNN; performing (S6) by the terminal node, KNN, logic operations on reconstructed or pre-distributed blinding values, Si, on the basis of the encrypted cipher keys, CKi, received by the terminal node, KNN, from the initial node, KN0, and received from each of the intermediate relay nodes, KN1, KN2 . . . KNN−1, to provide the encryption key, Kenc, used by the decoding unit (DEC) of the second data transceiver as a decoding key to retrieve the plain data, Pdata.
-
公开(公告)号:US12184407B2
公开(公告)日:2024-12-31
申请号:US17991356
申请日:2022-11-21
Applicant: ADVA Optical Networking SE
Inventor: Michael Rabinovich , Andrew Sergeev , Joo Yeon Cho , Shihuan Zou
IPC: H04J3/06
Abstract: There is provided a technique of securing clock synchronization between master clock node (MCN) and client clock node (CCN). During a cycle of exchanging PTP messages between MCN and CCN, MCN generates an associated paired message for each PTP message generated thereby and informative of t1 or t4 timestamps provided by MCN and sends each paired message to a validation entity (VE) via a secured channel between MCN and VE. When PTP messages traverse transparent clock nodes (TCN) between MCN and CCN, each TCN generates a paired message for each version of PTP message updated thereby and sends each generated paired message to VE via a secured channel between respective TCN and VE. VE uses the received paired messages to provide a validation of the cycle, wherein synchronization-related task(s) (e.g. clock correction by the client clock node, etc.) are provided only subject to successful validation of the cycle by VE.
-
公开(公告)号:US12120224B2
公开(公告)日:2024-10-15
申请号:US17751596
申请日:2022-05-23
Applicant: ADVA Optical Networking SE
Inventor: Joo Yeon Cho , Helmut Grießer
IPC: H04L9/08
CPC classification number: H04L9/0855 , H04L9/0825 , H04L9/085
Abstract: A method and system for performing a secure key relay of an encryption key, Kenc, provided by an initial node, KN0, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, Pdata, to provide encrypted cipher data, Cdata, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, Cdata, using the relayed encryption key, Kenc, provided by a terminal node, KNN, as a decoding key to retrieve the plain data, Pdata, wherein the relay of the encryption key, Kenc, from the initial node, KN0, to the terminal node, KNN, is performed by means of intermediate relay nodes, KN1, KN2 . . . KNN−1, and comprises the steps of sharing (S1) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S2) encryption of shared QKD-KEYS, K, at the initial node, KN0, and at each intermediate relay node, KN1, KN2 . . . KNN−1, and blinding them with a blinding value, Si, of the respective node to provide an encrypted cipher key, CKi, by the initial node, KN0, and by each intermediate relay node, KN1, KN2 . . . KNN−1; distributing (S3) or pre-distributing the blinding values, Si, of the initial node, KN0, and of each intermediate relay node, KN1, KN2 . . . KNN−1; transmitting (S4) the encrypted cipher keys, CKi, of the initial node, KN0, and of each of the intermediate relay nodes, KN1, KN2 . . . KNN−1, to the terminal node, KNN; performing (S6) by the terminal node, KNN, logic operations on reconstructed or pre-distributed blinding values, Si, on the basis of the encrypted cipher keys, CKi, received by the terminal node, KNN, from the initial node, KN0, and received from each of the intermediate relay nodes, KN1, KN2 . . . KNN−1, to provide the encryption key, Kenc, used by the decoding unit (DEC) of the second data transceiver as a decoding key to retrieve the plain data, Pdata.
-
-
-
Search Results
4
records
(took 0.084 seconds)
