In a key generating and sharing system, two networks (namely, a key sharing network and an application network) are present. The key sharing network is configured with a plurality of networked nodes which is mutually connected by a plurality of links. Each node has the function of generating and sharing a random number with opposite nodes that are connected by links, as well as has the function of performing cryptographic communication over a link by using a random number as a cryptographic key (hereinafter, referred to as “a link key”). Moreover, some of the nodes also have the function of generating a cryptographic key (hereinafter, referred to as “an application key”), which is a random number, independent of the links; as well as have the function of transmitting the application key to a different node via a link.
An application has the function of obtaining an application key from a node; using that application key as a cryptographic key; and performing cryptographic communication with another application. At that time, the cryptographic data communication can be performed using a network (an application network), such as the Internet, that is different than the key sharing network. Meanwhile, applications and nodes can be configured in an integrated manner. Alternatively, applications and nodes can be configured as terminals independent of each other, and application keys can be transmitted and received among them.
In a node, the function of generating a random number (a link key) and sharing it with opposite nodes that are connected by links can also be implemented using, for example, a technology that is commonly called quantum cryptography or quantum key distribution (QKD).
The security of application key relay via internode links can be guaranteed if, for example, the quantum key distribution technology is implemented. However, at the same time, the security of the nodes themselves that transfer application keys needs to be enhanced by implementing some other method.