Search

US-12627481-B2 - System and method for quantum-based data encryption and transmission

US12627481B2US 12627481 B2US12627481 B2US 12627481B2US-12627481-B2

Abstract

A system for implementing security measures to a data packet is disclosed. The system assigns each computing device with a respective encryption key. A first computing device encrypts the data packet with a first encryption key upon creation and/or before transmission. The first computing device encodes the data packet with a quantum encryption key and communicates the encoded data packet to a second computing device. The second computing device determines whether the data packet is received without being intercepted. In response to determining that the data packet is received without being intercepted, the second computing device decrypts the data packet.

Inventors

  • Adam King
  • Sanjay Lohar
  • George Albero
  • Matthew K. Bryant
  • Naomi Verma
  • David J. Dos Santos

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260512
Application Date
20241011

Claims (20)

  1. 1 . A system comprising: a memory configured to store a first data packet, and a first processor, operably coupled to the memory, and configured to: assign each computing device from among a set of computing devices with a respective encryption key, wherein assigning each computing device from among the set of computing devices with the respective encryption key comprises: assigning a first computing device with a first encryption key; and assigning a second computing device with a second encryption key, wherein the second encryption key is distinct from the first encryption key; the first computing device comprising a second processor configured to: determine that the first data packet is created at the first computing device; in response to determining that the first data packet is created at the first computing device, encrypt the first data packet with the first encryption key; receive a request to communicate the first encrypted data packet to the second computing device; in respect to receiving the request, encode the first data packet with a first quantum encryption key, wherein encoding the first data packet with the first quantum encryption key comprises generating a quantum state vector, wherein: the quantum state vector comprises a set of bit values to be used to form the quantum encryption key; and the first quantum encryption key is associated with a preconfigured quantum state encoding used in encoding the first data packet with the first quantum encryption key; and the preconfigured quantum state encoding comprises a horizontal, a vertical, a diagonal, or a circular polarization scheme, and communicate the encoded first data packet to the second computing device; the second computing device comprising a third processor configured to: determine that the encoded first data packet is transmitted to the second computing device without being intercepted, by: receiving, from the first computing device, a first measurement result associated with the quantum state vector at the first computing device, wherein the first measurement result indicates the preconfigured quantum state encoding associated with the first quantum encryption key; determining a second measurement result associated with the quantum state vector, wherein the second measurement result indicates a measured quantum state vector using a measurement basis used by the second computing device; comparing the first measurement result with the second measurement result; and determining that a difference between the first measurement result and the second measurement result is less than a threshold; and in response to determining that the encoded first data packet is transmitted to the second computing device without being intercepted, decrypt the encoded first data packet using the first quantum encryption key.
  2. 2 . The system of claim 1 , wherein the quantum encryption key is formed from the set of bit values obtained from a measurement of the quantum state vector.
  3. 3 . The system of claim 1 , wherein the set of bit values are random bit values.
  4. 4 . The system of claim 1 , wherein the encoded first data packet is communicated to the second computing device over a quantum channel comprising fiber optic communication links.
  5. 5 . The system of claim 1 , wherein the second processor is further configured to: append the first data packet with a unique serial number, wherein: when the first data packet comprises an image, the unique serial number is embedded in a pixel of the image; and when the first data packet comprises an audio file, the unique serial number is embedded as frequency bands associated with a portion of the audio file; and track a network path associated with the first data packet by tracking the unique serial number at each network node where the first data packet is received.
  6. 6 . The system of claim 1 , wherein the third processor is further configured to: determine that the encoded first data packet is intercepted before being received at the second computing device; and in response to determining that the encoded first data packet is intercepted before being received at the second computing device, communicate an alert message to the first processor and the second processor, wherein the alert message indicates the encoded first data packet is intercepted before being received at the second computing device.
  7. 7 . The system of claim 1 , wherein the second processor is further configured to: receive a second request, from a third computing device, to transmit the first data packet to the third computing device, wherein the second request comprises an Internet Protocol (IP) associated with the third computing device; determine that the IP associated with the third computing device is not among a list of authorized IP addresses; and in response to determining that the IP associated with the third computing device is not among a list of authorized IP addresses, deny the second request.
  8. 8 . A method comprising: assigning, by a first processor associated with a server, each computing device from among a set of computing devices with a respective encryption key, wherein assigning each computing device from among the set of computing devices with the respective encryption key comprises: assigning a first computing device with a first encryption key; and assigning a second computing device with a second encryption key, wherein the second encryption key is distinct from the first encryption key; determining, by a second processor associated with the computing device, that a first data packet is created at the first computing device; in response to determining that the first data packet is created at the first computing device, encrypting, by the second processor, the first data packet with the first encryption key; receiving, by the second processor, a request to communicate the first encrypted data packet to the second computing device; in respect to receiving the request, encoding, by the second processor, the first data packet with a first quantum encryption key, wherein encoding the first data packet with the first quantum encryption key comprises generating a quantum state vector, wherein: the quantum state vector comprises a set of bit values to be used to form the quantum encryption key; and the first quantum encryption key is associated with a preconfigured quantum state encoding used in encoding the first data packet with the first quantum encryption key; and the preconfigured quantum state encoding comprises a horizontal, a vertical, a diagonal, or a circular polarization scheme; and communicating, by the second processor, the encoded first data packet to the second computing device; determining, by a third processor associated with the second computing device, that the encoded first data packet is transmitted to the second computing device without being intercepted, by: receiving, from the first computing device, a first measurement result associated with the quantum state vector at the first computing device, wherein the first measurement result indicates the preconfigured quantum state encoding associated with the first quantum encryption key; determining a second measurement result associated with the quantum state vector, wherein the second measurement result indicates a measured quantum state vector using a measurement basis used by the second computing device; comparing the first measurement result with the second measurement result; and determining that a difference between the first measurement result and the second measurement result is less than a threshold; and in response to determining that the encoded first data packet is transmitted to the second computing device without being intercepted, decrypting, by the third processor, the encoded first data packet using the first quantum encryption key.
  9. 9 . The method of claim 8 , wherein the quantum encryption key is formed from the set of bit values obtained from a measurement of the quantum state vector.
  10. 10 . The method of claim 8 , wherein the set of bit values are random bit values.
  11. 11 . The method of claim 8 , wherein the encoded first data packet is communicated to the second computing device over a quantum channel comprising fiber optic communication links.
  12. 12 . The method of claim 8 , further comprising: appending, by the second processor, the first data packet with a unique serial number, wherein: when the first data packet comprises an image, the unique serial number is embedded in a pixel of the image; and when the first data packet comprises an audio file, the unique serial number is embedded as frequency bands associated with a portion of the audio file; and tracking, by the second processor, a network path associated with the first data packet by tracking the unique serial number at each network node where the first data packet is received.
  13. 13 . The method of claim 8 , further comprising: determining, by the third processor, that the encoded first data packet is intercepted before being received at the second computing device; and in response to determining that the encoded first data packet is intercepted before being received at the second computing device, communicating, by the third processor, an alert message to the first processor and the second processor, wherein the alert message indicates the encoded first data packet is intercepted before being received at the second computing device.
  14. 14 . The method of claim 8 , further comprising: receiving, by the second processor, a second request, from a third computing device, to transmit the first data packet to the third computing device, wherein the second request comprises an Internet Protocol (IP) associated with the third computing device; determining, by the second processor, that the IP associated with the third computing device is not among a list of authorized IP addresses; and in response to determining that the IP associated with the third computing device is not among a list of authorized IP addresses, denying, by the second processor, the second request.
  15. 15 . A non-transitory computer-readable medium storing instructions that when executed by one or more processors, cause the one or more processors to: assign, by a first processor associated with a sever, each computing device from among a set of computing devices with a respective encryption key, wherein assigning each computing device from among the set of computing devices with the respective encryption key comprises: assigning a first computing device with a first encryption key; and assigning a second computing device with a second encryption key, wherein the second encryption key is distinct from the first encryption key; determine, by a second processor associated with the first computing device, that a first data packet is created at the first computing device; in response to determining that the first data packet is created at the first computing device, encrypt, by the second processor, the first data packet with the first encryption key; receive, by the second processor, a request to communicate the first encrypted data packet to the second computing device; in respect to receiving the request, encode, by the second processor, the first data packet with a first quantum encryption key, wherein encoding the first data packet with the first quantum encryption key comprises generating a quantum state vector, wherein: the quantum state vector comprises a set of bit values to be used to form the quantum encryption key; and the first quantum encryption key is associated with a preconfigured quantum state encoding used in encoding the first data packet with the first quantum encryption key; and the preconfigured quantum state encoding comprises a horizontal, a vertical, a diagonal, or a circular polarization scheme; and communicate, by the second processor, the encoded first data packet to the second computing device; determine, by a third processor associated with the second computing device, that the encoded first data packet is transmitted to the second computing device without being intercepted, by: receiving, from the first computing device, a first measurement result associated with the quantum state vector at the first computing device, wherein the first measurement result indicates the preconfigured quantum state encoding associated with the first quantum encryption key; determining a second measurement result associated with the quantum state vector, wherein the second measurement result indicates a measured quantum state vector using a measurement basis used by the second computing device; comparing the first measurement result with the second measurement result; and determining that a difference between the first measurement result and the second measurement result is less than a threshold; and in response to determining that the encoded first data packet is transmitted to the second computing device without being intercepted, decrypt, by the third processor, the encoded first data packet using the first quantum encryption key.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the quantum encryption key is formed from the set of bit values obtained from a measurement of the quantum state vector.
  17. 17 . The non-transitory computer-readable medium of claim 15 , wherein the set of bit values are random bit values.
  18. 18 . The non-transitory computer-readable medium of claim 15 , wherein the encoded first data packet is communicated to the second computing device over a quantum channel comprising fiber optic communication links.
  19. 19 . The non-transitory computer-readable medium of claim 15 , wherein to the instructions further cause the second processor to: append the first data packet with a unique serial number, wherein: when the first data packet comprises an image, the unique serial number is embedded in a pixel of the image; and when the first data packet comprises an audio file, the unique serial number is embedded as frequency bands associated with a portion of the audio file; and track a network path associated with the first data packet by tracking the unique serial number at each network node where the first data packet is received.
  20. 20 . The non-transitory computer-readable medium of claim 15 , wherein the instructions further cause the third processor to: determine that the encoded first data packet is intercepted before being received at the second computing device; and in response to determining that the encoded first data packet is intercepted before being received at the second computing device, communicate an alert message to the first processor and the second processor, wherein the alert message indicates the encoded first data packet is intercepted before being received at the second computing device.

Description

TECHNICAL FIELD The present disclosure relates generally to network security, and more specifically to a system and method for quantum-based data encryption and transmission. BACKGROUND Organizations use computing devices to transmit and receive data packets to facilitate communication with other computing devices in a network. The organizations may implement certain security measures to block unauthorized data transfers to devices that are external to the organization. SUMMARY The disclosed system, described in the present disclosure, is particularly integrated into a practical application to improve network security and data exfiltration mitigation techniques. In conventional systems, traditional encryption methods and firewalls may not be sufficient to reduce instances of exfiltration of data at an organization. For example, with the rise of generative artificial intelligence (AI) models, certain organizations may resort to blocking the use of generative AI models and platforms to reduce instances of data exfiltration. However, generative AI models may be beneficial if a solution is implemented to reduce (or prevent) unauthorized outgoing data from the organization's network while allowing incoming data from generative AI models to the organization's network. There is a need to establish a technique to allow the use of generative AI models and reduce the instances of data exfiltration from internal and external devices with respect to organizations. The disclosed system is configured to provide a solution to these and other technical problems in the realm of network security. In some embodiments, the system is configured to assign each computing device with a respective encryption key and encrypt the data packet upon creation and/or communication with the respective encryption key. In this manner, the data packet is associated with a unique signature that identifies the associated computing device. The disclosed system provides several technical improvements to the network security and data exfiltration mitigation techniques. Some of these technical improvements are described below in conjunction with certain embodiments of the disclosed system. In some embodiments, the disclosed system is configured to leverage quantum key distribution to encode data packets with quantum keys. One technical advantage of this method is that the quantum keys are associated with specific quantum particle states (e.g., photons). If the data packet is intercepted by a bad actor attempting to eavesdrop and obtain the data packet along its network path, the quantum states of the quantum particles get disturbed. This may be detected and observed by the sending and receiving devices. Furthermore, the quantum particles may be encoded with bit values using a specific measurement basis, such as diagonal, vertical, horizontal, or circular polarization. If a bad actor measures the quantum states of the quantum particles (encoded within the data packet) with another measurement basis, the data packet will not be decoded, and this incorrect measurement basis may also disturb the quantum states of the particles. In response, the sending and receiving devices may detect the disturbance in the quantum states of the particles. In some embodiments, in response, the receiving device may not decode the data packet as the data packet may be corrupted, compromised, or tampered with. In some embodiments, the disclosed system may determine whether a data packet is sent from an unauthorized device. For example, the disclosed system may determine that a device is unauthorized if the Internet Protocol (IP) address of the device is not found in the list of authorized IP addresses. In response, the disclosed system may deny the request to receive the data packet from the unauthorized device (collectively referred to herein as anomalous data). Thus, the disclosed system provides practical applications and technical improvements, including improving the security of data transmission within a network, and data validation techniques through quantum key validation, among others. For example, by using quantum key distribution, the disclosed system makes any unauthorized attempts to intercept data more detectable compared to the current techniques. In response to detecting unauthorized attempts to intercept data, the disclosed system is configured to mitigate the anomalous data by flagging the data as anomalous and not decoding the anomalous data. This, in turn, reduces the likelihood of the anomalous data infecting the downstream devices in the network, e.g., via malware, etc. In another example, the disclosed system may detect disturbances in the quantum states of particles encoded in the data packet as a measurable, detectable event. Thus, the detection of unauthorized measurements of the quantum states of particles may be more evident and detectable as compared to the current encryption methods. In another example, the disclosed system may allow generati