Description:TECHNICAL FIELD
[0001] The present disclosure relates to the field of data security. More particularly, the present disclosure relates to a method to manage and distribute keys in real-time between terminals to avoid interception of information by a third terminal.

BACKGROUND
[0002] Background description includes information that may be useful in understanding the present disclosure. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed disclosure, or that any publication specifically or implicitly referenced is prior art.
[0003] Typically, for symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others.Furthermore,frequent key changes are usually desirable to limit the amount of data comprised if it is intercepted by an attacker. Therefore, the strength of the system rests with the key distribution system technique, which means where means of delivering a key to two parties who wish to exchange data without allowing others to see the key. The problem is especially difficult in a wide-area distributed system.
[0004] Generally, as a practice, there are various approaches to distributing the keys such as physically moving the key to the desired location. The second most common approach is to distribute the keys securely by using an encryption/decryption algorithm. However, the quantum key distribution method is a well-known technique that offers the possibility of key distribution in a secure way.
[0005] Patent document US20060062392A1 describes a system and method for a key manager for QKD network including a QKD (Quantum Key Device) layer that generates quantum encryption keys, a persistent storage layer that stores the quantum encryption keys, and a key management layer. The key management layer generates an application registration record that includes a list of multiple applications that use the quantum encryption keys. The key management layer also generates a corresponding key storage layer. The applications in each nod remove keys from the key storage layer so that each nod can encrypt/decrypt data using quantum encryption keys. The methods also include secure QKD system boot-up and authentication that facilitates implementing a commercial QKD system in real-world environments.
[0006] Another patent document US8755525B2 discloses a quantum key distribution involving a movable key device where a method of key distribution from a first entity to a second entity including the first entity shares the secret data to moveable key device and relocating said moveable key device to a location having a quantum link with the said second entity, in order to transmit a quantum signal from said moveable key device to said second entity based on first entity secret data. The first and second entity undertakes key agreement based on the quantum signal received by the second entity.
[0007] While the cited reference discloses different types of system architecture and the method in real-world environments, there is a possibility to provide a better solution to the problem by providing another type of system and method for managing and distributing keys between two or more parties.
[0008] There is, therefore, a need to design a system architecture that overcomes the above limitations, and shortcomings, and providing a simple, fast, and efficient system and method for managing and distributing keys between two or more parties on real-time basis.

OBJECTS OF THE PRESENT DISCLOSURE
[0009] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are listed herein below.
[0010] An object of the present disclosure is to provide a simple, fast, and efficient system and method for managing and distributing desired keys between terminals.
[0011] Another object of the present disclosure is to provide a system and method where keys can be distributed on a real-time basis.
[0012] Another object of the present disclosure is to provide a system and method where key distribution is secured by a series of quantum links and one-time pad operation.
[0013] Yet another object of the present disclosure is to provide a system and method that gives flexibility for using mathematical security in addition to a physical security.

SUMMARY
[0014] The present disclosure relates to the field of data security. More particularly, the present disclosure relates to a method to manage and distribute keys in real-time between terminals to avoid interception of information by a third terminal.
[0015] Aspects of the present disclosure is a method to distribute keys to secure a communication, the method include steps of requesting through a key secrecy device, by at least one key loading module configured with a second terminal for a desired key, from a key loading module configured at a first terminal that stores and distribute the desired key; transmitting the request to a similar key secrecy device configured at a first terminal, by the key secrecy device through a network; transmitting the request to transmit by the key secrecy device to a quantum key device receiver; receiving the request to transmit by the key secrecy device to a quantum key device transmitter configured at the first terminal; generating the symmetric quantum keys using quantum protocol by both the quantum key distribution system transmitter and quantum key distribution system receiver; transmitting, by the quantum key distribution system transmitter, a quantum key in real-time to send back to the key secrecy device; sending the desired key encrypted with transmitted quantum key by the key secrecy device to the key secrecy device; receiving the quantum key by the key secrecy device from the quantum key distribution system receiver to decrypt the received encrypted key from the key secrecy device; extracting the desired key by the key secrecy device to send to the key loading module; transmitting the obtained desired key by the key secrecy device to send to the key loading module; and receiving the desired key by the key loading module from the key secrecy device in real-time to meet the request and store it for end use.
[0016] In an aspect, the desired keys from the key loading module and received keys by the key loading module from the key secrecy device are encrypted/decrypted using one-time pad operation using the quantum keys provided by the quantum key device transmitter and quantum key device receiver.
[0017] In an aspect, the key secrecy devices have provision to perform the mathematical encryption algorithm on one time padded key to provide an additional layer of mathematical security.
[0018] In an aspect, the quantum key device transmitter and the quantum key device receiver generate and provide the symmetric key upon request from the key secrecy devices.
[0019] In an aspect, the key loading module is configured to store a plurality of desired key files transferred in a real-time.
[0020] In an aspect, the key loading module at the terminal stores the desired keys after decryption is done by the key secrecy device.
[0021] In an aspect, the key secrecy device receives the request in packets comprising packet type, source address, a destination address, session ID, packet sequence number, timestamp, random string, acknowledgment number, initialization vector string, integrity checksum from the other similar key secrecy devices 108-2 and key loading modules.
[0022] In an aspect, the key secrecy devices maintain the physical separation between the quantum key distribution transmitter and the quantum key distribution receiver, and the key loading modules.
[0023] In an aspect, the quantum key distribution device transmitter and the quantum key distribution device receiver communicate quantum bits over the quantum channel, and the quantum bits and is converted to binary bits, the quantum key distribution device transmitter performs sifting, error reconciliation, privacy amplification, and authentication operations with the quantum key receiver over a channel to derive the final quantum key.
[0024] In an aspect, the key secrecy devices have custom specific/standard protocols provision to accommodate custom plug-in protocols to communicate with key loading modules, quantum key distribution device transmitter, and quantum key distribution device receiver.
[0025] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

BRIEF DESCRIPTION OF DRAWINGS
[0026] The accompanying drawings are included to provide a further understanding of the present disclosure and are incorporated in, and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure, and together with the description, serve to explain the principles of the present disclosure.
[0027] In the figures, similar components, and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label with a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
[0028] FIG. 1 illustrates exemplary block diagram architecture for a real-time distribution of keys between terminals, in accordance with an embodiment of the present disclosure.
[0029] FIG. 2 illustrates an exemplary flow diagram for request and acknowledgment between the two terminals, in accordance with an embodiment of the present disclosure.
[0030] FIG. 3 illustrates an exemplary data flow diagram for sharing stored keys between the two terminals, in accordance with an embodiment of the present disclosure.
[0031] FIG. 4 illustrates an exemplary method flow diagram for the real-time distribution of keys between terminals, in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
[0032] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit, and scope of the present disclosure as defined by the appended claims.
[0033] In the following description, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details. Embodiments of this disclosure relate to a system and method for testing port vulnerability, which is secured and incorporates an effective mechanism for web crawlers.
[0034] The present disclosure relates to the field of data security. More particularly, the present disclosure relates to a method to manage and distribute keys in real-time between terminals to avoid interception of information by a third terminal.
[0035] An embodiment of the present disclosure is a method to distribute keys including steps of requesting for a key through a key secrecy device, by at least one key loading module configured with a second terminal, from a key loading module configured at a first terminal. The key secrecy device transmits the request to a key secrecy device through a network that transmits the request to a device transmitter transmitting a quantum key in real-time to send back to the key secrecy device which after receiving, sending the encrypted desired key to the key secrecy device that again transmitting a request to a quantum key device receiver configured at the second terminal to transmit the quantum key to the key secrecy device, and after receiving by the key secrecy device, send the extracted desired key to key loading module in real-time to meet the request and store for end use.
[0036] Referring to FIG. 1 showing exemplary block diagram architecture for the real-time distribution of keys between two terminals 150. The terminal 150-1 represents the key distribution center that is having the desired stored keys in the key loading module 102-1, whereas terminal 150-2 includes secure communication equipment, which requests terminal 150-1 to send the stored keys from the key loading module (KLM) 102-1 to key loading module 102-2. The key loading module102-1 which stores keys in the flash memory and the key file size will be dependent on the flash memory size and terminal equipment key requirements. The key loading modules 102-1 and 102-2 have custom-specific or standard protocols for loading or retrieving the keys from it to provide security during the transfer and storage of keys.
[0037] In an embodiment, these keys have to be transferred to key loading module 102-2 at the terminal equipment’s location on request. The request will be forwarded from key loading module 102-2 to key secrecy device (KSD) 108-2. This has three interfaces to communicate with three devices namely a key loading module 102, local end quantum key distribution (QKD) transmitter 14 and receiver 106 and other remote ends key secrecy device 108-1. The local end key secrecy device 108-1 takes the desired keys from key loading module 102-1 and quantum keys from quantum key distribution systems. The key secrecy devices have plug-in protocols 118-1, and 118-2 to communicate with the key loading module 102, and quantum key distribution systems plug-in protocols 116-1 and 116-2. The plug-in protocols 118 depend on the communication protocols present on key loading modules 102 and the plug-in protocols 116 depend on the communication protocols present in the quantum key distribution devices 104 and 106.
[0038] Furthermore, the key secrecy device 108-1 performs encryption/decryption of desired keys with quantum keys and sends them to another key secrecy device 108-2. Here for encryption/decryption, a one-time padding operation is used which provides unconditional security. Key secrecy device 108 has the provision to encrypt/decrypt the desired key with a mathematical algorithm in order to provide an additional layer of security. Key secrecy device 108 forwards the packets coming from portable key loading module 102 with packet type, source address, destination address, session ID, packet sequence number, timestamp, random string, acknowledgment number, initialization vector string, and integrity checksum to the remote end KSD 108.
[0039] In an embodiment, the quantum key distribution transmitter (QKD-Tx) 104 and quantum key distribution receiver 106 communicate quantum bits over a quantum channel and the quantum bits will be converted to binary bits. Quantum key distribution transmitter 104 will perform sifting, error reconciliation, privacy amplification, and authentication operations with quantum key distribution receiver 106 over the classical channel to derive the final quantum key, and the quantum keys are derived based on quantum principles. In the proposed architecture the key secrecy device 108 physically separates the key loading module 102 and quantum key distribution 116 in order to connect various types of key loading module 102 and quantum key distribution devices 108.
[0040] FIG. 2 illustrates an exemplary flow diagram 200 for request and acknowledgment between terminals 150-1 and terminals 150-2. The plug-in protocols 118-1 and 118-2 for exchanging handshaking information between key loading module 102 and key secrecy device 108 are shown. The plug-in protocol 118 is mainly based on the request and response model. The key loading module 102-2, initiates request 202 for the handshaking information namely key file size, encryption in key loading module 102-1, and sends it to key secrecy device 108-2. The key secrecy device 108-2 forwards the request 204 to key secrecy device 108-1 present at the key distribution center/first terminal 150-1. The key secrecy device 108-1 forwards request 206 to key loading module 102-1. The key loading module 102-1 will reply to the handshaking information 208 as packets to key secrecy device 108-1. Key secrecy device 108-1 forwards 210 the handshaking information to key secrecy device 108-2. The key secrecy device 108-2 also forwards 212 the handshaking information to key loading module 102-2. Key loading module 102-2 will communicate multiple times according to the handshaking control information. In the same way, the key data exchange will be done between key loading modules along with key secrecy devices.
[0041] FIG. 3 illustrates an exemplary data flow diagram 300 for sharing stored keys between the two terminals. According to the diagram, key information exchange flow from key loading module 102-1 to key loading module 102-2 is shown. The key loading module 102-1 initiates data to transfer after handshaking information exchange between key loading module 102-1 to key loading module 102-2. The key loading module 102-1 divides the key information into multiple N-size bytes and the selection of N is according to the packet sizes of the interfaces.
[0042] In an embodiment, the key loading module 102-1 sends the key information N bytes 302 for each packet to key secrecy device 108-1. The key secrecy device 108-1 will communicate with its QKD-Transmitter 104 according to the plug-in protocol present between key secrecy devices 108 and QKD devices. The key secrecy device 108-1 will send request 304 for a quantum key of N size bytes to QKD-Transmitter 104 device. If quantum keys are not present with QKD systems, then the QKD-Transmitter 104 and QKD-Receiver 106 systems will initiate the quantum key distribution process to generate the quantum keys. If QKD-Transmitter104 and QKD-Receiver 106 systems have already generated quantum keys before the key secrecy device 108 requests, then QKD-Transmitter 104 will reply 306 the quantum keys to key secrecy device-1.
[0043] In an embodiment, the key secrecy device-1 will perform a one-time pad operation on desired key bytes of key loading module 102-1 with the quantum key. The key secrecy device 108-1 can perform additional mathematical encryption on desired key bytes in addition to quantum security. Key secrecy device 108-1 will transfer the encrypted key information bytes 308 to key secrecy device 108-2. The key secrecy device 108-2 will request 310 the quantum key from QKD-Receiver 104. The QKD-Receiver 106 will reply to the quantum key 312 as agreed with QKD-Transmitter 104 to key secrecy device 108-2. The request and responses between QKD 104, 106 devices and key secrecy devices 108 (304 to 312) are part of a plug-in protocol 118 of QKD 104, 106, and KSD 108.
[0044] In an embodiment, the key secrecy device 108-2 will decrypt the encrypted key information using the quantum key and sends it to key loading module 102-2. The key secrecy device 108-2 verifies and stores the key bytes in its storage. This process of steps repeats several times until the entire key file is transferred between the key loading module 102-1 and key loading module 102-2. If the key size is 5N bytes, then the process will repeat 5 times for the transfer of the key from the key distribution center’s key loading module 102-1 to the terminal equipment’s key loading module 102-2.
[0045] FIG. 4 illustrates an exemplary method flow diagram 400 for the real-time distribution of keys between the first terminal 150-1 and the second terminal 150-2. According to step 402, requesting through a key secrecy device 108-2, by at least one key loading module 102-2 configured with the second terminal 150-2 for a desired key, from a key loading module 102-1 configured at a first terminal 150-1 that stores and distribute the desired key, and as per step 404 transmitting the request to a similar key secrecy device 108-1 configured at first terminal 150-1, by the key secrecy device 108-2 through a network 160.
[0046] In an embodiment, according to step 406, transmitting the request to transmit by the key secrecy device 108-2 to quantum key device receiver 106, and step 408 defines receiving the request to transmit by the key secrecy device 108-1 to a quantum key device transmitter 104 configured at the first terminal 150-1. Further according to step 410, generating the symmetric quantum keys using quantum protocol by both quantum key distribution system transmitter 104 and quantum key distribution device receiver 106.
[0047] In an embodiment, as per step 412 transmitting, by the quantum key distribution system transmitter 104, a quantum key in real-time sent back to the key secrecy device 108-1 is performed, and according to step 414 sending the desired key encrypted with transmitted quantum key by the key secrecy device 108-1 to the key secrecy device 108-2. Step 416 defines receiving the quantum key received by the key secrecy device 108-2 from a quantum key distribution receiver 106 to decrypt the received encrypted key from key secrecy device 108-1.
[0048] In an embodiment, as per step 418, extracting the desired key by the key secrecy device 108-2 to send to the key loading module 102-2, whereas transmitting the obtained desired key by the key secrecy device 108-2 to send to the key loading module 102-2 is performed as per step 420. Finally, as per step 422 receiving the desired key by the key loading module 102-2 from the key secrecy device 108-2 in real-time to meet the request and store it for end use.
[0049] The main goal of system 100 is to secure communication of the desired keys between two or more terminals by a secret key and the key is circulated to different users at different places against any alteration in their messages including the original text. This will help users to provide a hassle-free environment without having any mental stress. System 100 does not require any training for users as all activities are simple and real-time.
[0050] Those skilled in the art would also appreciate that as the proposed system can be used for ‘N’ numbers of users set at a time. Also, as the requirements of key distribution in physical delivery at multi-places are avoided so no logistics support is required making the system 100 cost-effective.
[0051] Moreover, in interpreting the specification, all terms should be interpreted in the broadest possible manner consistent with the context. In particular, the terms “comprises” and “comprising” should be interpreted as referring to elements, components, or steps in a non-exclusive manner, indicating that the referenced elements, components, or steps may be present, or utilized, or combined with other elements, components, or steps that are not expressly referenced. Where the specification claims refer to at least one of something selected from the group consisting of A, B, C….and N, the text should be interpreted as requiring only one element from the group, not A plus N, or B plus N, etc.
[0052] While the foregoing describes various embodiments of the invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are comprised to enable a person having ordinary skill in the art to make and use the invention when combined with information and knowledge available to the person having ordinary skill in the art.

ADVANTAGES OF THE INVENTION
[0053] Some of the advantages of the present disclosure, which at least one embodiment herein satisfy are listed herein below.
[0054] The present disclosure provides a simple, fast, and efficient system and method for managing and distributing keys between two or more parties.
[0055] The present disclosure provides a system and method where keys can be distributed on a real-time basis.
[0056] The present disclosure provides a system and method where key distribution is secured by a series of quantum links and one-time pad operation.
[0057] The present disclosure provides a system and method that gives flexibility for using mathematical security in addition to a physical security.
, Claims:1. A method (400) to distribute keys to secure communication, the method(400) comprising steps:
requesting through a key secrecy device (108-2), by at least one key loading module (102-2) configured with a second terminal (150-2) for a desired key, from a key loading module (102-1) configured at a first terminal (150-1) that stores and distribute the desired key;
transmitting the request to a similar key secrecy device (108-1) configured at a first terminal (150-1), by the key secrecy device (108-2) through a network (160);
transmitting the request to transmit by the key secrecy device (108-2) to a quantum key device receiver (106);
receiving the request to transmit by the key secrecy device (108-1) to a quantum key device transmitter (104) configured at the first terminal (150-1);
generating the symmetric quantum keys using quantum protocol by both the quantum key distribution system transmitter (104) and quantum key distribution system receiver (106);
transmitting, by the quantum key distribution system transmitter (104), a quantum key in real-time to send back to the key secrecy device (108-1);
sending the desired key encrypted with transmitted quantum key by the key secrecy device (108-1) to the key secrecy device (108-2);
receiving the quantum key by the key secrecy device (108-2) from the quantum key distribution system receiver (106) to decrypt the received encrypted key from the key secrecy device (108-1);
extracting the desired key by the key secrecy device (108-2) to send to the key loading module (102-2);
transmitting the obtained desired key by the key secrecy device (108-2) to send to the key loading module (102-2); and
receiving the desired key by the key loading module (102-2) from the key secrecy device (108-2) in real-time to meet the request and store it for end use.
2. The method as claimed in claim 1, wherein the desired keys from the key loading module (102-1) and received keys by the key loading module (102-2) from the key secrecy device (108-1) is encrypted/decrypted using one-time pad operation using the quantum keys provided by the quantum key device transmitter (104) and quantum key device receiver (106).
3. The method as claimed in claim 1, wherein the key secrecy devices (108) have provision to perform the mathematical encryption algorithm on one time padded key to provide an additional layer of mathematical security.
4. The method as claimed in claim 1, wherein the quantum key device transmitter (104) and the quantum key device receiver (106) generate and provide the symmetric key upon request from the key secrecy devices (108).
5. The method as claimed in claim 1, wherein the key loading module (102-1) is configured to store a plurality of desired key files transferred in real-time.
6. The method as claimed in claim 1, wherein the key loading module at the terminal (150-2) stores the desired keys after decryption done by the key secrecy device (108-2).
7. The method as claimed in claim 1, wherein the key secrecy device(108-1) receives the request in packets comprising packet type, source address, a destination address, session ID, packet sequence number, timestamp, random string, acknowledgment number, initialization vector string, integrity checksum from the other similar key secrecy devices (108-2) and key loading modules (102-2).
8. The method as claimed in claim 1, wherein the key secrecy devices (108) maintain the physical separation between the quantum key distribution transmitter(104) and the quantum key distribution receiver (106), and the key loading modules (102).
9. The method as claimed in claim 1, wherein the quantum key device transmitter (104) and the quantum key device receiver (106) communicate quantum bits over a quantum channel, and the quantum bits and is converted to binary bits, wherein the quantum key transmitter (104) performs sifting, error reconciliation, privacy amplification and authentication operations with the quantum key receiver (106) over a channel to derive the final quantum key.
10. The method as claimed in claim 1, wherein the key secrecy devices(102) have custom specific/standard protocols provision to accommodate custom plug-in protocols (118) to communicate with key loading modules (102), quantum key distribution device transmitter (104) and quantum key distribution device receiver (106).