Embodiments are disclosed for a quantum key distribution (QKD) enabled intra-datacenter network. An example system includes a first QKD device and a second QKD device. The first QKD device includes a first quantum-enabled port and a first network port. The second QKD device includes a second quantum-enabled port and a second network port. The first quantum-enabled port of the first QKD device is communicatively coupled to the second quantum-enabled port of the second QKD device via a QKD link associated with quantum communication. Furthermore, the first network port of the first QKD device is communicatively coupled to a first network switch via a first classical link associated with classical network communication. The second network port of the second QKD device is communicatively coupled to a second network switch via a second classical link associated with classical network communication.

Various embodiments described herein are directed towards authenticating calls by using one or more keys associated with a specific user. In examples, the user is the sender of a call. In various embodiments, when a call is made, an identifying payload is encrypted using a private key associated with the user. The encrypted identifying payload is appended to the call data stream. The identifying payload may be decrypted with a public key. In embodiments, the identifying payload may be verified. In various embodiments, further authentication methods may be performed by using an object such as a contactless card to provide one or more components of the identifying payload and/or keys. In embodiments, a connection may be made between the sender and the intended recipient of a call based on the verification of the identifying payload.

Embodiments are disclosed for a quantum key distribution (QKD) enabled intra-datacenter network. An example system includes a first QKD device and a second QKD device. The first QKD device includes a first quantum-enabled port and a first network port. The second QKD device includes a second quantum-enabled port and a second network port. The first quantum-enabled port of the first QKD device is communicatively coupled to the second quantum-enabled port of the second QKD device via a QKD link associated with quantum communication. Furthermore, the first network port of the first QKD device is communicatively coupled to a first network switch via a first classical link associated with classical network communication. The second network port of the second QKD device is communicatively coupled to a second network switch via a second classical link associated with classical network communication.

A system, method, and device for use in videoconferencing. The method typically includes installing a videoconferencing services switch at an access point to an IP network, and registering a plurality of subscribers for videoconferencing services. Each subscriber typically has a plurality of endpoints. The method further includes receiving subscriber-specific settings to be applied to multiple videoconferencing calls from the plurality of endpoints associated with each subscriber. The method further includes storing the subscriber-specific settings at a location accessible to the switch, and configuring the switch to connect calls from the plurality of endpoints at each subscriber based on the corresponding subscriber-specific settings.

Security of a switched network is improved by obfuscating source and destination address information in data traffic that is vulnerable to physical attack and capture. An entry switch is configured to replace address pairs in ingress data frames with arbitrarily assigned tags. An exit switch is configured to replace the assigned tags with corresponding address pairs. Security is further enhanced by applying one or more layers of encryption to payload data while in transit within the switched network. Switch configuration is periodically refreshed to limit exposure to any successful decryption attack. By obfuscating address pair information and distributing traffic across a plurality of wavelengths in dense wavelength division multiplexing (DWDM) transmission systems, data frame affiliation is lost across wavelengths and decryption attacks on any captured data is highly confounded and limited to a small window of time between configuration refreshes.

A system, method, and device for use in videoconferencing. The method typically includes installing a videoconferencing services switch at an access point to an IP network, and registering a plurality of subscribers for videoconferencing services. Each subscriber typically has a plurality of endpoints. The method further includes receiving subscriber-specific settings to be applied to multiple videoconferencing calls from the plurality of endpoints associated with each subscriber. The method further includes storing the subscriber-specific settings at a location accessible to the switch, and configuring the switch to connect calls from the plurality of endpoints at each subscriber based on the corresponding subscriber-specific settings.

A broadband communication network architecture with a train control network and a train serving network combined, is characterized by, comprising a trusted network and an untrusted network; the trusted network comprises a trusted carriage-level network element provided in each carriage, and in each of a front carriage and a last carriage, in addition to the trusted carriage-level network element, a trusted train-level network element is provided; the untrusted network comprises untrusted train-level network elements respectively provided in the front carriage and the last carriage; one trusted train-level network element communicates with one untrusted train-level network element via a security gateway, and several security gateways are redundant to each other. The network architecture of the present application is a broadband communication network architecture combining a train control network and a train serving network, by which the train control information, the monitored information and the diagnostic information, as well as the passenger information and the video information can be transmitted in a combined network, i.e., the transmission of the data from the passenger information serving system network and the data from the train control network in a combined network, thereby meeting a demand for a bandwidth of the passenger information serving system network and ensuring a stability of the train network.

A broadband communication network architecture with a train control network and a train serving network combined, is characterized by, comprising a trusted network and an untrusted network; the trusted network comprises a trusted carriage-level network element provided in each carriage, and in each of a front carriage and a last carriage, in addition to the trusted carriage-level network element, a trusted train-level network element is provided; the untrusted network comprises untrusted train-level network elements respectively provided in the front carriage and the last carriage; one trusted train-level network element communicates with one untrusted train-level network element via a security gateway, and several security gateways are redundant to each other. The network architecture of the present application is a broadband communication network architecture combining a train control network and a train serving network, by which the train control information, the monitored information and the diagnostic information, as well as the passenger information and the video information can be transmitted in a combined network, i.e., the transmission of the data from the passenger information serving system network and the data from the train control network in a combined network, thereby meeting a demand for a bandwidth of the passenger information serving system network and ensuring a stability of the train network.

Consistent with the present disclosure, a method and related system for secure autonomic optical transport networks are disclosed. The method includes steps for adding a network element in an optical network. The method includes an initial step of verifying, with a new network element, a first identifier certificate from a proxy network element. In a further step, a second identifier certificate from the new network element is verified with the proxy element. A registrar is used for verifying the second identifier certificate from the proxy network element and sending domain specific parameters to the proxy network element for forwarding to the new network element Next, a local certificate is generated on the new network element. The local certificate is derived from a secure module and sent to the proxy network element for forwarding to the registrar. Further, the new network element in the autonomic domain is enrolled, with the registrar. Moreover, the local certificate is signed with the registrar and the signed local certificate is sent to the new network element.

Embodiments are disclosed for a quantum key distribution (QKD) enabled intra-datacenter network. An example system includes a first QKD device and a second QKD device. The first QKD device includes a first quantum-enabled port and a first network port. The second QKD device includes a second quantum-enabled port and a second network port. The first quantum-enabled port of the first QKD device is communicatively coupled to the second quantum-enabled port of the second QKD device via a QKD link associated with quantum communication. Furthermore, the first network port of the first QKD device is communicatively coupled to a first network switch via a first classical link associated with classical network communication. The second network port of the second QKD device is communicatively coupled to a second network switch via a second classical link associated with classical network communication.