1: Het octrooi: Orchestrated Quantum Key Distribution (OQKD)

  • Bob and Alice
  • QIP
  • QLSP
  • QKSP 1, 2, n
  • QKG 1, 2, n
  • Sleuteldelen 1, 2, n
  • Grondstations
  • Satellieten

2: Basisprincipes OQKD

  • Alleen symmetrisch sleutelmateriaal
  • Alleen sleuteldelen in de infrastructuur
  • Identiteiten zijn geregistreerd op de QIP
  • Locaties zijn geregistreerd op QLSP
  • Sleutelgeneratoren (QKG) kunnen overal zijn
  • Sleuteldelen worden behandeld via de QKSP
  • QIP en Bob/Alice hebben een gedeelde systeemsleutel met elkaar
  • Bob en Alice hebben een gedeelde gebruikersseleutel

3: Quantum Identity Provider (QIP)

“De Quantum Identity Provider (QIP) is een gecentraliseerde dienst die wordt gebruikt voor identificatie, identiteitenbeheer en authenticatie van eindgebruikers en systemen in het KOP/OQKD-framework.”

  • De QIP registreerd en valideerd alle systemen en gebruikers
  • identiteiten zijn gebasseerd op sleutelmateriaal
  • Eke sessie zijn er nieuwe sleutels
  • QIP geeft tokens uit
  • Consensus om het beveiligingsniveau te bepalen

4: Quantum Location Provider (QLSP)

“The Quantum Location Service Provider (QLSP) is a centralized service that has the information on the location of the end-users and systems in the KOP/OQKD framework. The location is required to be able to communicate with another end-user”

  • The QLSP maintain the locations (e.g. network) of all the systems in KOP/OQKD
  • Locations are registered for what and how to connect

 

  • E.g.: Bob asks the QLSP where Alice is located, connect to Alice, Bob and Alice asks QIP for a token, Bob and Alice can connect, both validate the tokens and continue the process.

5: Quantum Key Services Provider (QKSP)

“The Quantum Key Service Provider (QKSP) is a service in the KOP/OQKD framework providing parts of a key to an end-user or other system. The QKSP is an intermediary between the end-user and the Quantum Key Generators”

  • The QKSP(n) is the intermediary for the key generators (QKG’s)
  • There are always two or more QKSP’s
  • There are on or more QKG’s connected to a QKSP
  • System ID and location of the requesters can be requested by the QIP en QLSP
  • A QIP token will be used to validate all the request

6: Quantum Key Generator (QKG)

“The Quantum Key Generator (QKG) is a service that generates key parts on demand or scheduled for pre-buffering”

  • The QKG generate key parts
  • There are two of more QLG’s needed to create one key
  • The QKG’s can be located everywhere. Inside a data centre but also is space (satelite)
  • QKG’s can cache key parts if generatord (e.g. Satelites) are not accesseble.
  • It is possible to use non-Quantum key generators

7: End entities: Bob en Alice

  • All end entitiesahs two keys. The system master key and the user master key
  • Key will be changes every session
  • End entities get a token from the QIP, registerd location on QLSP and can request keys
  • If a end entity has a valid token, is can creats sessions with other end entities
  • End entities can connect to QLSP and QKSP’s with the tokens
  • If Bob and Alice are validated, the can request the same user master keys
  • Bob and Alice create an user master key from the requesten key parts
  • If the whole process is done, Bob and Alice are validates and has identital user master key
  • The secure connection is then possible