US 12,362,913 B2
Method and system for secure distribution of symmetric encryption keys using quantum key distribution (QKD)
Ian D'Souza, Waterloo (CA)
Assigned to Honeywell Limited Honeywell Limitée, Mississauga (CA)
Filed by Honeywell Limited Honeywell Limitée, Mississauga (CA)
Filed on Jan. 16, 2023, as Appl. No. 18/097,311.
Claims priority of provisional application 63/320,500, filed on Mar. 16, 2022.
Prior Publication US 2024/0340160 A1, Oct. 10, 2024
Int. Cl. H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 9/40 (2022.01)
CPC H04L 9/0822 (2013.01) [H04L 9/0852 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for secure communication, comprising:
establishing a secure key at a first ground station and a second ground station using a quantum key distribution (QKD) protocol, wherein once established the secure key is a symmetric key available at both the first ground station and the second ground station;
generating, at the first ground station, a plurality of encryption keys, wherein the plurality of encryption keys are independent from the secure key, the plurality of encryption keys are generated locally at the first ground station using a random key generator local to the first ground station and each encryption key in the plurality of encryption keys is a symmetric encryption key;
transmitting from the first ground station to the second ground station the plurality of encryption keys, wherein the transmitting comprises:
encrypting, at the first ground station, the plurality of encryption keys using the secure key to generate an encrypted batch of keys;
transmitting the encrypted batch of keys to the second ground station; and
decrypting, at the second ground station, the encrypted batch of keys using the secure key to access the plurality of encryption keys whereby each encryption key in the plurality of encryption keys is usable by the first ground station and the second ground station to exchange encrypted data using a symmetric key encryption technique;
wherein establishing the secure key comprises:
establishing a first initial key between the first ground station and a satellite using a first space-based QKD link, wherein the first initial key is associated with the first ground station;
establishing a second initial key between the second ground station and the satellite using a second spaced-based QKD link, wherein the second initial key is associated with the second ground station;
receiving by at least one of the first ground station or the second station a combined key from the satellite, wherein the combined key is generated by combining the first initial key and the second initial key, wherein the ground station receiving the combined key is a key-receiving station;
extracting, at the at least one key-receiving station, the initial key associated with the other station from the combined key; and
selecting one of the first initial key and the second initial key as the secure key.