WO2012052079A1

WO2012052079A1 - A method and a system for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system

Info

Publication number: WO2012052079A1
Application number: PCT/EP2011/004032
Authority: WO
Inventors: Jorge DÁVILA MURO; Mercedes SOTO RODRÍGUEZ; Vicente MARTÍN AYUDO
Original assignee: Telefonica, S.A.
Priority date: 2010-10-22
Filing date: 2011-08-11
Publication date: 2012-04-26
Also published as: ES2386627A1; ES2386627B1; AR083506A1

Abstract

The method comprises: a) requiring, by a first user to a first key co-generator/ manager system, to initiate a communication with a second user; b) requesting, said first key co-generator/manager system to said first user, a secret identified key block; c) delivering, said first user to said first key co-generator/manager system, said requested secret identified key block, d) establishing a communication between said users; e) delivering, said first user to said second user, a header block that identifies said secret identified key block; f) sending, said second user to a second key co-generator/manager system, said header block; and g) delivering, said second key co-generator/manager system to said second user, the rest of the secret identified key block. The system is adapted to implement the method.

Description

A method and a system for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system Field of the art

The present invention relates to a method and a system for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system.

The invention ensures, among participants in the communication, the necessary synchrony in the use of the same secret key for symmetric key cryptographic methods. It is known that to maintain confidentiality and authenticated communications, participants should use the same of a number of existing cryptographic methods. All these methods assume the knowledge of a secret key, which is the same and it is shared (symmetric case) among the participants, or may be two related in complex ways using different mathematical transformation (asymmetric case). The natural and immediate implementation of the invention is a system of communication of information through quantum channels, but it can be also used in every situation where previously shared secret material has to be asynchronously managed.

The invention belongs to the field of communications, and specifically to its security.

Prior State of the Art

In the state of the art it is assumed that through some of the existing technologies it is possible to transmit and securely cogenerate a symmetric key between at least two spatially distant parties or participants.

Hereinafter, it will be used as an example of the party or participant responsible for the transmission or cogeneration of the symmetric key, a quantum key distribution (QKD). In these systems, quantum cryptography uses the physical properties described by quantum mechanics as means of encoding information and thus can transmit all kinds of information between two distant points. Systems quantum key distribution (QKD), uses the information encoded and transported quantum particles (qubits) to generate symmetric cryptographic keys between two ends. Given that this is the most likely immediate application and serves to illustrate the starting point of the present invention, briefly describe the operation of one of these systems. - QKD Systems

A symmetrical quantum key distribution system consists of two cogeneration devices that exchange a key using a protocol that uses the principles of quantum physics to carry the secret information [References 1, 2, 3, 4]. We refer to each of those devices or participants (the two ends of a QKD system) with the names of Alice and Bob respectively. For this exchange to be carried out, the ends of a QKD system (Alice and Bob) are connected through two communication channels: a quantum or private channel and other public or conventional channel. The transmission medium commonly used for the quantum channel is a fiber optics and the physical element used for coding the qubit is the photon [Reference 5].

In addition to sending information through the quantum channel, a QKD system requires the exchange of information in a conventional manner, not necessarily secret, but with authenticated integrity and allowing reconciliation, correction, and the distillate of a final secret key. To maintain integrity in the exchange of information through the conventional channel, it is required the allocation of the same secret key authentication at both ends. After successful implementation and completion of these processes, whose detailed description is not relevant to the present invention, both ends have identical random bit strings, which is the main object of the present invention. - Key Management Systems

The security of communications and storage systems does not depend on the secrecy of the algorithms or procedures used in them, but in the secrecy of the keys you use, as concerns the Kerckhoffs principle in cryptography. For this reason, key management is an essential part of a security system as it covers the generation, exchange, storage, protection, use, identification, installation, replacement and destruction of cryptographic keys.

In the case of symmetric keys, the key must be generated in secret and then secretly distributed to all those places and systems that will use it. When the same are secret the key management systems operate with symmetrical geometry under the centralized and client-server paradigm. In these scenarios, the first risk facing the generation system is to distribute the secret key in a safe, random and uniform way. The next critical point is to store the password in a protected way (tamper proof), its distribution to places where it will used, and installing it in systems that require it. The risks of the system are in all these stages, thus eliminating the need for either of them, or even simplify it, it can be assumed a greater security of the global system since the risks are reduced.

In conventional key management, key generation takes place in a single centralized server, with customers that subscribe to obtain the passwords. During the subscription process (enrollment) it is set out the secrets needed to build future confidential and authenticated channels of communication between the manager, key generator and end users that will use the key. From that moment, customers can request the central server symmetric keys for communicating confidentially and/or in an authenticated way between clients of the key server.

In these scenarios, apart from the time of its creation, the security of the key depends on the security of storage, transport through hostile environments and the proper installation on the target system. If this is done close to the generation of the secret symmetric key, customers who use it would decrease the risk for the keys during the required distribution. However, the uniqueness of the key generator server makes it impossible to be close simultaneously to all its remote customers.

Therefore, the object of the present invention is to partly solve the above mentioned problem.

In relation to conventional key management, we can mention the initiative OASIS Key Management Interoperability Protocol (KMIP) TC [Reference 12] that describes an interface for communication between client and server keys. The interface is open enough so that it can easily have the architecture proposed in this document adapted to the same.

The problems with the existing solutions are different. Current key managers use, among others, cryptographic primitives based on the difficulty of factoring composite numbers with two factors of similar size, or obtain the discrete logarithm of a number to a randomly or arbitrary chosen basis. In both cases, the security of cryptographic systems is based on computational complexity with the costs involved. In principle, this dependence of the attacker's computational power can be eliminated if, instead, primitive based on the quantum nature of subatomic particles are used.

When the functions of a key manager are linked with the use of specific hardware for quantum key distribution, this functionality can be divided into two entities that are located in the ends of the quantum channel established by the QKD system. The use of QKD systems allowed to move the traditional centralism of traditional key managers, give, simultaneously to both ends of the quantum channel, the functions of the key server. The use of cogeneration technologies to secure cryptographic keys simultaneously in spatially distant locations, can distribute the key generator function to these same locations, essentially creating a distributed system to perform the functions of a server or key manager.

Key management distributed systems increase the security of the system approaching the generation and delivery of the key customer that requests and uses it. That proximity, avoids transporting secret keys in the gap between the two locations of the key manager server, and therefore removes it from the risks to be assumed by the system. Description of the Invention

The present invention relates, in a first aspect, to a method for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system, comprising carrying out, sequentially, the next actions:

a) requiring, by a first user, placed at a first location, to a first key co-generator/ manager system, to initiate a confidential and/or authenticated communication with a second user placed at a second location;

b) requesting, said first key co-generator/manager system to said first user, a secret identified key block;

c) delivering, said first user to said first key co-generator/manager system, said requested secret identified key block, through an authenticated and encrypted communications channel;

d) establishing a communication, by means of said first key co-generator/manager system, between said first user and said second user through an authenticated and with medium security communications channel;

e) delivering, said first user to said second user, a header block that identifies said secret identified key block;

f) sending, said second user to a second key co-generator/manager system, said header block, through an authenticated and encrypted communications channel; where said second key co-generator/manager system is communicated with said first key co- generator/manager system through a private channel, to share said secret symmetric key blocks, and a public channel; and

g) delivering, said second key co-generator/manager system to said second user, the rest of the secret identified key block corresponding to said header block, through said authenticated and encrypted communications channel. For an embodiment, after said step g), the method comprises establishing a communication between said first and second users, and transport through it authentication key material that was not included in said secret identified key blocks.

According to an embodiment, each of said first and second key co- generator/manager systems comprise two main component types: a key co-generator system and a key management system, the method comprising carrying out said secret symmetric key blocks sharing by means of said key co-generator systems, through said private channel.

The method comprises, as per another embodiment, establishing said communication between said first and second users through said key management systems communicated by means of said public channel, each of said first and second users being communicated with a respective of said key management systems.

Said key co-generator systems linked by said private channel form a quantum key distribution system, for a specific embodiment, and said private channel is a quantum channel forming part also of said quantum key distribution system, or QKD system.

The method comprises, according to an embodiment, generating, by said QKD system, said secret symmetric key in batches, following synchronization processes that occur between co-generator systems of the QKD system, and delivering the identified key blocks, associated to said secret symmetric keys, by each co-generator system to the respective key management system connected thereto according to a sequential flow of secret bits.

The method also comprises, for an embodiment which will be explained in more detail in subsequent parts of the description, storing and extracting said secret bits, sequentially, into and out of a memory buffer operating in mode first-in-first-out at each of said co-generator systems.

The method also comprises, for another embodiment, prior to said step a), subscribing each of said first and second users, through respective client computers, to at least a secret key service, said step b) being carried out only with respect to a first user which is subscribed to said at least secret key service.

Said secret key service comprises providing, by means of the respective management system, to the subscribed user with a requested secret identified block.

A second aspect of the invention relates to a system for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system, comprising: - first and second key co-generator/manager systems, located at spatially distant locations, communicated through a private channel and a public channel, and intended for generating secret symmetric keys and sharing there between secret symmetric key blocks related to said secret symmetric keys, through said private channel;

- a first user client computer communicated with said first key co-generator system, through a first authenticated and encrypted communications channel;

- a second user client computer communicated with said second key co-generator system, through a second authenticated and encrypted communications channel; and

- an authenticated and with medium security communications channel for communicating said first user with said second user under the control of at least one of said key co-generator/manager systems.

The system of the second aspect of the invention is arranged and adapted to implement the method of the first aspect.

One of the purposes of this invention is to provide a complete architecture key management through a distributed system based on symmetric key cryptography and in that way guarantee the security in the distribution of the keys provided by QKD systems, in an application-level architecture.

The key manager apparatus, called previously as key co-generator/management system, consists of two main components: the cogeneration and remote distributed symmetric key system and the key management system itself. The first component is responsible for the transmission and generation of symmetric keys between two ends. In these days, it is usual to have the same constructed in a computer system or quantum key distribution (QKD). Among these units generating symmetric key pairs, one or several might be in the same key management apparatus, which is the reason for this application.

QKD links are responsible for conducting the necessary protocols to generate a secret symmetric key and then be managed as indicated in this description. Each QKD end provides an orderly flow, more or less constant, from secret bits to the upper layers that contain key managers connected to them at each end. The generation is done by large "batches" that follow the synchronization processes that occur in QKD teams, i.e in the co-generator systems.

The sequential binary secret material is stored as QKD subsystem is coming in a memory buffer operating in First In - First Out (FIFO) mode. The size of this memory will be such as to avoid, for economy of production of secret bits, the possibility that the buffer saturates, and therefore stops, the entry of more key material. Said sudden stops would lose secret key bits generated by the QKD system. When symmetric keys provided by key generator equipment are used, these are used by client computers that need, and are "subscribed" to, the services of each key management team which is located at the ends of the links generators key (QKD links). When a client needs to initiate encrypted communications and/or authenticated signature with another party or participant at the opposite end, it asks its key management team for a secret symmetric key unit that is identified with a reference number or digital label.

In mere transmission through an authenticated and conventional high security confidential channel is not necessary, in order to provide the identifier of the symmetric key unit to the agent, that the agent wants to share a secret key with another agent, but only to request, by presenting the ID, the key management team whose services are subscribed. Therefore, any pair of customers who subscribe to the key management teams at the ends, can obtain secret symmetric key units at any time without having that key travelling from one end to the other.

A purpose of this invention is a device that manages the keys out of a bond, quantum or not, secret symmetric key. In all cases, the initiator and the responder, end up getting exactly the same key material.

Advantages

With this invention, the establishment of a confidential and/or authenticated communication using keys that co-generators and distributed through a specific QKD channel requires only that the originator of the communication, the issuer, inform the recipient, the receiver, what is the (header) of the block identified key material that has already achieved and it should get your key management apparatus, and that will be used to encrypt both channels of communication (transmitter-receiver and receiver- issuer).

Since the key indicator (header) is related to the value of the secret key through a cryptographic one-way hash function, it is computationally impossible to derive any useful information from the key from its indicator. However, is easy to know which is the rightful label hash. The indicator, in addition to identification, provides a degree of integrity to control it is the correct key material.

The size of the key identifier must be large enough to make nearly impossible to give two key blocks with the same identifier. That is, within the maximum life span will generate a number of key packages depending on the speed of generating the same, and the probability of a collision within that set of blocks identified key material assets must be less than a maximum limit set in the configuration of the system. Moreover, short-key identifiers are more respectful of the confidentiality thereof and are easier to find when searching in an unordered set.

This procedure rules out the possibility of being assigned the same block of code for the initiation of two different communities, whether these are initiated from the same area of key management staff, as if they do so from the agents located in ends of a QKD link.

Matching keys up and down when assembling the block identified key material also ensures that all communication channels, regardless of who initiated or who use them, use keys that will be unique.

With this procedure, the keys are actively removed from the system when there are at least one of two possibilities: (1) the key has been allocated to start (request of the issuer) or to continue (the key identifier by the recipient) a conversation or (2) when they exceed the time obtained by adding the creation time, the lifetime of the key block. Another reason for the removal of keys can be suspected of compromise or equipment malfunction, or start a new session on the advice of the configuration.

The key management that every team in the end have to do to respond to communications initiated by the other, can be very efficient, and identified blocks of key material can be ordered in the order that appropriate in each case, immediately to the location of the keys that both receptors request of an area as issuers or promoters of communications.

The sizing of the storage systems of the blocks depends on the key material

1. block size of key material

2. the extension of the meta-data and other coders of the structure that surrounds the key material,

3. the rate of generation of blocks of key material

4. life time is allocated to these blocks.

This system also has the following advantages:

- Does not require pre-registration applications, or even future users.

- The generation of the key ID does not require the maintenance of a register of identifiers to be maintained or synchronized in any way from the keys.

- No need for a pre-registration or agreement you need to agree in advance the IDs with the applications they are using. - The two ends need not be communicated in advance to start the generation of identifiers. The mechanism employed by its very nature prevents collisions between identifiers.

- This system can be integrated into schemes such as Kerberos or KMIP OASIS [Reference 12]

Brief Description of the Drawings

The previous and other advantages and features will be more fully understood from the following detailed description of embodiments, some of which with reference to the attached drawings, which must be considered in an illustrative and non-limiting manner, in which:

Fig. 1 shows a basic architecture of a centralised conventional key management system.

Fig. 2 shows an architecture of a system according to the second aspect of the present invention.

Fig. 3 shows a hardware implementation of the system of the second aspect of the invention.

Fig. 4 shows a TDM-PON access network implementing the present invention. Fig. 5 shows a metropolitan network based on ROADM switches implementing the present invention.

Detailed Description of Several Embodiments

Fig. 1 shows a basic architecture of a centralised conventional key management system, where each key agent request to the same key manager a service, i.e. a secret key, and the key is generated and sent to both key agents by the same and only key manager.

Fig. 2 shows an architecture of a system according to the second aspect of the present invention, showing the above referred as co-generator/management systems embracing each of the grey rectangles, representing respective security zones A and B, and comprising each a co-generator QKD system and a key manager.

The present invention can be implemented in hardware, as shown in Fig. 3, using only logic technology (binary) or also with the help of general-purpose processor cores in silicon that are commonly used in embedded systems.

Said hardware may include the following components:

- QKD Cogeneration subsystem (1): in the case of a QKD system, it is the hardware subsystem, together with their control systems, that can establish a quantum channel of communication with the other end and, through it, swap drives quantum information secret bits are encoded uniformly distributed and randomly selected. The output of this subsystem is the native material and secret symmetric key with the management team operating the key. Except for the channels of communication, the entire subsystem is within the security perimeter of the key manager.

- Input Sequence Unit (2): This building block includes logic to receive data obtained by the cogeneration unit key material. This unit is responsible for correctly and accurately receive data provided by the generation subsystem. The received data is divided into blocks of key material and stored in memory at the outset that works on the paradigm Firs-In-First-Out.

- Input Memory (3): This module contains all the memory units, power and communication necessary for the storage and retrieval block integrates native key material.

- Distribution Subsystem (4): This unit is responsible for calculating the identity and assign meta-data that transform a block of key material found in a block of key material. Once done, the logic of this subsystem provides distribution, as determined by the control module and configuration, how to address the blocks of key material to the stores or caches the call or response.

- Cache Store or Call (5): This module contains all the storage units, power and communications necessary to integrate storage and retrieval of the blocks identified key material to be used for that initialization of communications applications (call or issuer).

- Store or Cache Response (6): This module contains all the memory units, power and communications necessary to integrate storage and retrieval of the blocks identified key material that will be served for those applications which they do so, and are capable of provide the label hash and other meta-data contained in the header of a block of key material identified.

- Allocation Module Blocks Identified Key (7): This component of the key management unit is responsible for recovery of the cache memory store or call the blocks identified key materials that are required to key manager to initiate communications with agents subscribe to the other end. This same unit is responsible for recovering the blocks identified key material whose header has been provided by an external applicant. In the first case, prior to delivery, we proceed to the cancellation and active deletion identified key block to prevent it could once again be assigned. In the case of blocks of key material stored for response, the cancellation and active erasure occurs when the key has expired. Mapper module is responsible for initiating these actions deletion request through the internal communication bus, the system responsible for it.

- Application Server Subsystem (8): This subsystem is one that contains all the logic and hardware equipment necessary to meet all requests that subscribers key gestures team. These applications are of two types (1 ) I block delivery of identified key material to initiate communication with a subscriber at the other end, or (2) delivery of the block identified key material rests exclusively (at practical) with a full header properly formed. The material used as the unit will always Mapper Module blocks.

- Active Cancellation Subsystem (9): The subsystem that handles the active erasure of blocks of information contained in the stores or caches of key material. Its activity is governed by control signals generated in the Mapper module key material.

- Audit and Registration Subsystem (10): This module is responsible for recording and storing all important activities related to the safety of all equipment and services. His material gathered will form the basis of any audit process that can bring the computer systems or complete.

- Control and Configuration Module (11 ): The module responsible for configuring the equipment properly and inform the administrator or manager. You can also change the configuration of the system but so informed the audit system.

- Configuration and Control Console (12): The console interface or command and data bus that allows the administrator or administrators of the team, communicate with the control module and configuration. Access to this console will require active authentication of operators.

The operation of the hardware and its components takes place through the relation and communication between the same, defined by:

- S1 : The bits that make up the secret key material are delivered sequentially within a session or "batch" from the QKD system to the input unit sequence of key management team. This transmission may take place either in series or in parallel, or following any industrial protocol valid for error-free transmission of binary data. Both the key management team as the team of cogeneration (QKD or another) are within the security perimeter. The input bits are stored in a memory unit that acted as input FIFO buffer.

- S2: The distribution subsystem takes the memory stored in the input FIFO in blocks of consecutive bits whose length is even and previously established in the system configuration. - S3: The distribution subsystem is responsible for associating the key material blocks to a sequence number that corresponds with the ordinal of this block within the session or batch to which it belongs, that is, from the last operation of consolidation and synchronized Key cogeneration system. The frequency of these phases is indicated in the configuration and system-wide policy.

- S4: The distribution subsystem classifies all key blocks in one of two classes: class transmitter and receiver. The station class refers to the parties who initiate the communication, and the receiving party to those you seek to establish communication. The classification criteria of the packages in one kind or another, is clearly specified in the configuration of key management teams at the exit of the links on cogeneration (e.g. QKD link) that generates and distributes keys. The population is made of both categories will depend on the transaction which is more frequent in the link, if a node usually initiated communications more frequently than the other, to that node is assigned more than blocks of key material (one in two, two out of three, three out of four, three out of five, four out of five, etc.). Key block classification results from a full deterministic algorithm controlled by configuration parameters that it is equal at both ends. Same deterministic algorithm and same configuration at both ends assures the same key block classification and assignation sequence.

If there is a link where the transmitter and receiver functions equally likely, each of the two ends will be assigned the ordinal parity, one end will be the even end and the other will be the odd end, and will be related to the functions of transmitting or receiving communications.

- S5: At each end, the key management teams, take each block out the memory key input and inject it into one of the two different storage buffers or caches key blocks available for separate call (transmitter) and blocks response (receiver). From that moment, every store keyblocks behaves completely independent.

- S6: Each block of key material distribution subsystem assigns the resulting hash tag to choose a certain number of bits of the result of calculating a one-way hash function and collision-resistant (SHA-2, for example) on the native data of key material. Both the hash function used, the number and used bits of his departure, like any other postprocessing associated with them, is part of the configuration of the key management team.

Both the hash tag and other meta-data accompanying the key material and determine its future use, gather in a header block that precedes the key material found native in any block of key material.

Each block of key material will be assigned a creation date and time of life far exceeded the aggregate of the date of generation, the average life time, the key is considered outdated and can not be delivered for the establishment of subsequent submissions to it. These keys are not used and expired will cause immediate termination of key caches at both ends of key management. The destruction of these keys will be active and make sure it does not survive any evidence related, directly or indirectly, with the contents of that key.

The sizing of the memory (FIFOs, caches, etc) will be determined by the rate of production of key blocks of material, the life that is allocated and the size of those blocks when they complete their goal -identification data.

Within each buffer or cache to call or answer and not follow the order of generation or arrival, but that all operations will be conducted in response to the hash tag that corresponds to each of the blocks. The calculation of that tag and other meta-data description to be included in all key blocks, calculates and assigns the sub-distribution key management team.

Each team located at the ends only be used to initiate communications, blocks identified key material classified as blocks of call. In the case of a balanced 1-1 , ordinal whose parity has assigned to that end, the odd tip material may not deliver key blocks odd when they are required to start encrypted communications.

Each end blocks identified only deliver key material classified as blocks of response. In the case of a balanced 1 -1 , will be those which bears has a parity different from theirs.

In any case, only if the applicant is capable of delivering the tag complete hash of a block identified key material that is classified as a response block, the key management system will deliver to the applicant.

The most common use case, the first half of key material that contains a block identified key material, the initiator used to encrypt communication and/or authenticate their transmissions, while the second part belongs to which answered the same for the same purposes but, anyway, the use made of key blocks by the sender and recipient is outside the powers of key management teams.

When an agent from one side wants to initiate a private conversation (R1) with an agent of the opposite end, that you contact your representative and informs key manager who wants to start a conversation with the other end. The key management team will be part of a standard computer network, so that application shall be made using any of the communication protocols and service delivery that are enabled by the network.

The key management team leads and serves the request (R2) has been made through its network module and anyone looking at its cache block call, ordinal with the same parity in the example simple, and delivers it to the applicant.

The delivery operation is eliminated after that block of cache block store or call so that removal is after the delivery.

The way the management team identified key block delivery of key material to the applicant, depending on how it is built and configured computer network that is connected to the key management team. In any case, the transfer of the block identified key material to the end user should be done through an encrypted channel and authenticated security enough to keep it protected secret key material in transit. The security level to apply will be marked by the level of risk that is occurring in this scenario, and what the criticality associated with the use of that key material.

Once the transaction with the key management team has been made, the initiator of the conversation passed on to his future partner block header (label hash and metadata) identified key block that has been achieved.

The recipient of the communication is addressed to its key management team and asks it to deliver to said recipient the block identified key material that matches the header block just received. The transfer of key material to the end user should be done through an encrypted channel and authenticated security it protected enough to keep secret key material in transit. The security level to apply will be marked by the level of risk that is occurring in this scenario, and what the criticality associated with the use of that key material. Operation scenarios, and risks of the caller and answering can be different, which is not necessarily probed they will meet the same standards of safety.

The key management team acting on the end of which responds to the establishment of a communication, seeks identification that represents the header block in the store or cache block response, which cannot be assigned by him. Searched to find the block, is given to the applicant with the protections specified for it in the network within which the transaction occurs.

If the requested block is not found, it informs the applicant and generates an error point in the system registry key management team. The absence of the block may be due, among other things, a system failure or, what is more frequent, which has passed the expiry of the key before being delivered. In any case the attempt failed and should be considered to be revisited to reset. The structure of the Meta-data is:

In said structure:

• Hash label is the result of calculating the value of a one-way and collision-resistant hash function to the material that contains the key structure ([Key Material Sender | Receiver

Material key])

• Session Number refers to the session within which generated the key material contained within this structure. A session is all that happened between consecutive operations QKD link synchronization. The frequency and circumstances in which such processes occur is part of the system configuration and policy is set out in it.

• Sequence Number in a given session is the ordinal that has the block key material contained in the structure.

• QKD Link ID is a universally recognized code to distinguish which QKD link in particular has generated this key. The same could be treated as if it would be the absolute IP address concatenation, or radio station IDs, etc.

• Date of Creation is the full time signal that identifies the time it was generated the key material and contained in the structure.

• Lifetime is the maximum time to elapse after the key creation and termination of use or allocation.

· Indicators of Constraints and Ways to Use is the field which contain the codes that, properly interpreted, indicate under what circumstances and for what purposes you can use the key material. These indicators may also refer to the maximum level of security that can be ordered from the accompanying material, what algorithms and what operations can be used, etc.

· Issuer Key Material are the bits to be used by the sender to encrypt all communications to the receiver. This key material which protects the sender tells the receiver.

• Material Receiver Key bits are to be used by the receiver to respond to communications from the issuer. This will protect key material so that the receiver responds to the sender. Use of the system With reference to Fig. 4, let Alice be the agent who wants to initiate a confidential and/or authenticated communication with agent Bob. Agent Alice goes to the team manager and key manager requests a secret key block identified. The agent delivers it through a communications channel and authenticated encryption sufficient safety risks recognized in the system area. The agent Alice is put into contact through a confidential and authenticated channel medium security, not particularly long-lived, with the agent Bob and gives a header block that identifies the key material identified.

Agent Bob goes to the team responsible for key management in its end and, through a communications channel and authenticated encryption sufficient safety risks recognized in that area of the system, presents the header for the manager keys give you the rest of the identified key block. Once both ends have only two copies of the same block identified key material, operate with them as they agreed to establish their communication channels and/or authentication key material that has not been transported between the two key management teams.

Finally, Fig. 5 shows a metropolitan network based on ROADM switches implementing an embodiment of the system of the second aspect of the invention, which includes several intercommunicated QKD systems.

A person skilled in the art could introduce changes and modifications in the embodiments described without departing from the scope of the invention as it is defined in the attached claims.

References

[I] C. H. Bennett, G. Brassard, "Quantum cryptography: public key distribution and coin tossing", Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, IEEE press., pp. 175-179, 1984.

[2] A. Ekert, "Quantum Cryptography Based on Bell's Theorem", Phys. Rev. Lett. 67, Is. 6, pp. 661-663, 1991.

[3] C. H. Bennett, "Quantum Cryptography Using Any Two Nonorthogonal States", Phys. Rev. Lett. 68, No. 21 , pp. 3121 , 1992.

[4] V. Scarani, A. Acin, G. Ribordy, N. Gisin, "Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations", Phys. Rev. Lett. 92, 2002.

[5] N. Gisin et al., "Quantum Cryptography", Rev. Mod. Phys. 74, pp. 145, 2001 .

[6] G. Brassard, L. Salvail, "Secret-key reconciliation by public discussion", Lecture Notes in Computer Science 765, pp. 411-423, 993.

[7] C. H. Bennett et al., "Privacy amplification by public discussion", SIAM J. Comput. 17, No. 2, 1988.

[8] C. H. Bennett et al., "Generalized Privacy Amplification", IEEE Transactions on Information Theory 41 , No. 6, 1995.

[9] C. Elliott et al., "Current status of the DARPA Quantum Network", BBN Technologies, arXiv:quant-ph/0503058, 2005.

[10] Townsend et al, "Distribucion de claves en una red de acceso multiple mediante criptografia cuantica", Patente europea n° 94925577.2, 1994.

[I I] Amitabha Banerjee et al., "Wavelength-division-multiplexed passive optical network (WDM-PON) technologies for broadband Access: a review", 2005.

[12] OASIS Key Management Interoperability Protocol (KMIP) TC; http://www.oasis- open.org/committees/tc_home.php?wg_abbrev=kmip

Claims

1. - A method for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system, comprising carrying out, sequentially, the next actions:

g) delivering, said second key co-generator/manager system to said second user, the rest of the secret identified key block corresponding to said header block, through said authenticated and encrypted communications channel.

2. - A method as per claim 1 , wherein, after said step g), the method comprises establishing a communication between said first and second users, and transport through it authentication key material that was not included in said secret identified key blocks.

3.- A method as per claim 1 or 2, wherein each of said first and second key co- generator/manager systems comprise two main component types: a key co-generator system and a key management system, the method comprising carrying out said secret symmetric key blocks sharing by means of said key co-generator systems, through said private channel.

4.- A method as per claim 3, comprising establishing said communication between said first and second users through said key management systems communicated by means of said public channel, each of said first and second users being communicated with a respective of said key management systems.

5.- A method as per claim 3 or 4, wherein said key co-generator systems linked by said private channel form a quantum key distribution system, and wherein said private channel is a quantum channel forming part also of said quantum key distribution system, or QKD system.

6. - A method as per claim 5, comprising generating, by said QKD system, said secret symmetric key in batches, following synchronization processes that occur between co-generator systems of the QKD system, and delivering the identified key blocks, associated to said secret symmetric keys, by each co-generator system to the respective key management system connected thereto according to a sequential flow of secret bits.

7. - A method as per claim 6, comprising storing and extracting said secret bits, sequentially, into and out of a memory buffer operating in mode first-in-first-out at each of said co-generator systems.

8. - A method as per claim 7, comprising, prior to said step a), subscribing each of said first and second users, through respective client computers, to at least a secret key service, said step b) being carried out only with respect to a first user which is subscribed to said at least secret key service.

9. - A method as per claim 8, wherein said secret key service comprises providing, by means of the respective management system, to the subscribed user with a requested secret identified block.

10. - A system for asynchronous and unreported cryptographic secret symmetric keys cogeneration in spatially distant locations through a distributed system, comprising:

- first and second key co-generator/manager systems, located at spatially distant locations, communicated through a private channel and a public channel, and intended for generating secret symmetric keys and sharing there between secret symmetric key blocks related to said secret symmetric keys, through said private channel;

- an authenticated and with medium security communications channel for communicating said first user with said second user under the control of at least one of said key co-generator/manager systems wherein the system is arranged and adapted to implement the method as per any of claims 1 to 9.