A method for establishing a fully private, information theoretically secure interconnection between a source and a destination, over an unmanaged data network with at least a portion of a public infrastructure. Accordingly, n shares of the source data are created at the source according to a predetermined secret sharing scheme and the shares are sent to the data network, while encrypting the sent data using (n,k) secret sharing. A plurality of intermediating nodes are deployed in different locations over the network, to create a plurality of fully and/or partially independent paths in different directions on the path from the source to the destination, and with sufficient data separation. Then, the shares are sent over the plurality of fully and/or partially independent paths while forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares.

A method and apparatus are provided for embedding cloud demands with shared protection in a software-defined flexible-grid optical transport network. The method includes mapping working virtual nodes of the cloud demands over physical nodes of the network. The method further includes mapping backup virtual nodes of the cloud demands over the physical nodes. The method also includes mapping working virtual links of the cloud demands over physical routes of the network. The method additionally includes mapping backup virtual links of the cloud demands over the physical routes. The mapping steps are performed by an optical-defined controller having a processor.

A relay node within a network, the network further comprising at least one donor node coupled to the relay node, and a mobile termination coupled to the relay node and at least one donor node, the relay node comprising means for: receiving a configuration message; configuring the relay node, based on the configuration message, to perform at least one of: receiving packets from the mobile termination and originating from one of the donor nodes; and sending packets to one of the donor nodes by transmitting them to the mobile termination.

Networks comprising multiple non-overlapping communication topologies are presented. The networks can include a fabric of interconnected network nodes capable of providing multiple communication paths among edge devices. A topology manager constructs communication topologies according to restriction criteria based on required security levels (e.g., top secret, secret, unclassified, etc.). Established topologies do not have overlapping networking infrastructure to within the bounds of the restriction criteria as allowed by the security levels.