A server configured to provide a pre-shared key “PSK” with a first user node, to allow a first user node and a second user node to share a PSK, the server comprising: a network interface; an authentication unit; an encryption unit; a key management system and a quantum key distribution unit, the authentication unit being configured to receive a request for authentication, via the network interface, of a first channel between a first user node and the server, the quantum key distribution unit being configured to allow a quantum key to be distributed between the first user node and the server, the quantum key being sifted using communication over the authenticated first channel to establish a first quantum key for the first user and server, the key management system being configured to provide a first PSK for the first user to allow the first user to authenticate with the second user, the encryption unit being configured to encrypt the first PSK with the quantum key to send to the first user node via the network interface.

Systems, data processing systems, and methods, among other things, are disclosed. An illustrative system includes an encryption orchestrator that analyzes a packet, obtains a tenant identifier (ID) from the packet, determines whether a tenant associated with the tenant ID currently has sufficient encryption credit available, and enables an encryption resource to process the packet using an encryption key associated with the tenant ID in response to determining that the tenant associated with the tenant ID currently has sufficient encryption credit available.

A system comprises a transmitter including first circuitry that generates a first frame of a first type for establishing a quantum-secure link with an endpoint according to a security protocol, a data source that generates a second frame of a second type for communicating data to the endpoint, an output that couples to the endpoint via a first communication channel, and second circuitry. The second circuitry selects either the first frame or the second frame, adds information to the selected frame that identifies the selected frame as being of the first type or the second type to form an output frame, and outputs the output frame to the output.

An example operation may include one or more of receiving a chain of blocks from a blockchain comprising a directed acyclic graph (DAG) format in which blocks are independently hash-linked to multiple blocks, identifying temporal relationships between blocks in the chain of blocks based on a structure of the chain of blocks in the DAG format, determining a sequential linear order of the chain of blocks in the DAG format based on the identified temporal relationships, and storing the sequential linear order of the chain of blocks.

According to an embodiment, a forwarding device, which is connected to a key management server device configured to generate a decryption key by using quantum key distribution, includes a memory and one or more processors coupled to the memory. The one or more processors are configured to: receive information specifying a decryption target packet from a mobile phone network management server device; receive a reception packet; decrypt the reception packet when the reception packet is the decryption target packet specified from the mobile phone network management server device; and forward the decrypted reception packet or the undecrypted reception packet.

A quantum communications system may include a transmitter node, a receiver node, and a quantum communications channel coupling the transmitter node and receiver node. The receiver node may be configured to arrange a received bit stream of optical pulses from the transmitter node into time bins, convert the optical pulses in the time bins into corresponding optical pulses in frequency bins, and detect respective optical pulse values from each of the frequency bins.

Systems, devices, and methods are discussed for leveraging SD-WAN's property of redundant independent paths to enable out of band key exchange using the collection of available paths, dynamically managing link failures to keep the separation whenever possible, and/or signaling availability of quantum-safe data transfer to SD-WAN to enable quantum-safety to be used in SD-WAN policy decisions.

Disclosed is a quantum key distribution system using an RFI (reference frame independent) QKD (quantum key distribution) protocol, which includes a first signal processing circuit that generates transmission basis information and transmission bit information, a quantum channel transmitter that generates a single photon or coherent light, and modulates the single photon or the coherent light based on the transmission basis information and the transmission bit information to generate a quantum signal, a quantum channel receiver that receives the quantum signal through a quantum channel and detects reception bit information from the quantum signal based on reception basis information, and a second signal processing circuit that generates the reception basis information, transmits the reception basis information to the first signal processing circuit through a public channel, and receives the transmission basis information from the first signal processing circuit through the public channel.

One or more computing devices, systems, and/or methods are provided. In an example, a system includes a first non-quantum-resistant (NQR) device configured to generate first data and a first quantum capable proxy server configured to receive the first data, encrypt the first data using a quantum resistant (QR) protocol to generate first QR data, and communicate the first QR data to a first target device using a first QR channel. In an example, a method includes generating first data by a first non-quantum-resistant (NQR) device, communicating the first data, by the first NQR device, to a first quantum capable proxy server, encrypting the first data, by the quantum capable proxy server, using a quantum resistant (QR) protocol to generate first QR data, and communicating, by the quantum capable proxy server, the first QR data to a first target device using a first QR channel.

A quantum key distribution (QKD) node apparatus and a QKD method therein. The QKD node apparatus may include a QKD module for generating quantum keys and quantum key IDs, a quantum key synchronization management module for storing the quantum keys and the quantum key IDs as outbound and inbound quantum keys in a distributed manner and sharing the outbound and inbound quantum keys with a second QKD node apparatus, and a quantum key orchestration module for delivering a master key and a master key ID to a secure application connected therewith in response to a request for the master key with the ID of a second secure application and delivering a packet including the master key encrypted with the outbound quantum key shared with the second QKD node apparatus, the master key ID, and a quantum key ID, to the second QKD node apparatus.