HTML5 Webook

23/84

for QKD, a key management layer for management and operation of cryptographic keys, and a key supplying layer on which the application interface is implemented.Strengthening security can be realized by introducing this to an existing network, the existing security functions can be maintained and the security of various applications can be strengthened using cryptographic keys that have forward secrecy. e application layer shown in Fig. 5 is a general term of protocols that use cryptography keys for elucidation of the QKD platform. Hence, its meaning is dierent from that of “application layer” used for the sev-enth layer in “OSI (Open Systems Interconnection) refer-ence model” that is widely used in network design. All of the applications to which cryptographic keys are supplied from the QKD platform in any layer of the OSI model are included together into the application layer in Fig. 4.e user (client) of the application layer obtains cryp-tographic keys of the necessary amount by informing the QKD platform about the person with whom the user wants to share the cryptographic keys. e QKD platform sup-plies a cryptography key with forward secrecy in a xed format based on the requirement. A cryptographic key once supplied by the QKD platform is used at the respon-sibility of the user.us, the boundary of responsibility is in between the QKD platform and the application layer. On this border, it is important to supply and receive cryptographic keys using a common interface. By this system, the developer of the application can receive a key by only developing a key receiving client that corresponds to the common interface and he does not need to know the details of the process in the QKD platform. On the other hand, the user of the application layer has management responsibility aer re-ceiving the key. On the contrary, those of the QKD platform do not need to know the contents of the application.If there occurs an unexpected situation or a suspicious incident such as leak of a cryptographic key due to human error somewhere in the application layer, the user discards QKDDate of relayKMAKey IDKMA key IDdateKSAKey IDKeysizeKMA key IDdateKSAKey IDKeysizeSender nameReceiver nameApplication IDdateKSAKey IDKMA Key relayKSA application KMS KMS Key typeKey sizeGeneration dateGeneration dateQKD link senderQKD link receiverKey typeSender site nameReceiver site nameSendernameReceiver nameApplication DKMA：鍵管理エージェントKey supply agentKey management serverSecure key for encoding, decoding, and authentication Wegman-Carter authentication; comparing Hash valueChecking synchronization, identification, and falsification of secure keyKMA key IDGeneration dateQKD link senderQKD link receiverKey typeKey sizeQKD link senderQKD link receiverDate of relaySender site nameReceiver site nameKey typeKey sizeGeneration dateQKD link senderQKD link receiverFiF6　Outline of key management on QKD platformFiF5Concept of QKD platform. It consists of a quantum layer of QKD, a key management layer for management and operation of cryptographic keys, and a key supplying layer on which the application interface is implemented. KMS: Key management server, KMA: Key management agent, KSA: Key supplying agentSecure TV meetingVarious applicationSecure smart phoneQKDplatformTrusted nodeNetwork routerKey managementserverKey management agent・key relay with OTP capsulation・rerouting, error rate monitorEach link generates secure key・interface for various applicationsResponsibility boundaryclientSecure key supplierSecure key supplied throughUnidirectional path193-1 Research and Development of Quantum Key Distribution Network in NICT