5. API Terms and Definitions

5.1. Device Definitions

  • SAE (Security Application Entity)

    In the context of QKDLite APIs, SAEs are a broad category of entities that can perform security functions, such as QKD operations. Thus in this context, they are interchangeable with QKD entities (QKDEs). They can be attached to or within a KME, and connect to other SAEs such that keys can be sent and received in a secure and quantum-safe manner.

    Some examples of SAE include virtual private network (VPN) appliances and QKD appliances.

  • KME (Key Management Entity)

    In the context of QKDLite APIs, KMEs interface between SAEs and QKDLite nodes to provide keys to the QKDLite node as and when required. KMEs may contain the SAE that generates and sends keys, or it may be a physically separate entity.

    In the context of Cisco SKIP definitions, a Key Provider is equivalent to a KME.

  • QKDLite node

    In the context of QKDLite APIs, a QKDLite node is a broad definition used to define a VM (virtual machine) or physical machine that interfaces between the KME of a QKD Entity, a HSM to store quantum keys, and exposes APIs to SAEs that consume quantum keys. Typically, they send and receive keys from the KME, store and retrieve keys from the HSM as and when required, and interact with external SAEs to distribute keys from the HSM.

    Among a pair of QKDLite nodes, the main node creates the quantum key and replicates the same quantum key to the remote node.

5.2. Terms

  • Key identifiers:

    The two key identifiers keyID and keyLabel form a tuple used to identify quantum keys.

    • keyID

      is a string identifier given by the API. It may not be unique and is typically named after its application purpose.

    • keyLabel

      is a unique identifier for a quantum key generated by the paired QKD SAE appliances. When paired QKD SAE appliances generate a quantum key, they will both generate and store the same unique keyLabel in each of them.

  • remote_qnode

    In a paired QKD SAE appliance, the remote_qnode refers to the remote QKDLite node that the main QKDLite node connects with to perform QKD key provision operations.