Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.

This disclosure relates to secure optical communication links. In particular, this disclosure relates to data storage devices, random access memories, host interfaces, and network layers that comprise a secure optical communication link. A data storage device comprises an optical data port to connect to an optical communication link external to the data storage device and a non-volatile storage medium to store user content data received over the optical communication link. A controller controls access to the user content data stored on the non-volatile storage medium. A cryptography engine uses a cryptographic key to perform cryptographic operations on data sent and received through the optical data port. An optical key distribution device coupled to the optical data port performs quantum key distribution over the optical communication link to provide the cryptographic key to the cryptography engine.

A phase decoding method and apparatus for quantum key distribution based on reflection with an orthogonal rotation of polarization, and a corresponding system. The method comprises: splitting an input optical pulse of an arbitrary polarization state into two optical pulses by a beam splitter; and, transmitting the two optical pulses respectively along two optical paths, with a relative time delay applied to them, and then reflecting them back to the beam splitter respectively by two reflecting devices to be combined and output by the beam splitter. A phase modulation is performed on at least one of the two optical pulses according to a quantum key distribution protocol, and two orthogonal polarization states of the optical pulse are reflected with an orthogonal rotation of polarization, so that each orthogonal polarization state of the optical pulse, after being reflected by the corresponding reflecting device, is transformed to a polarization state orthogonal thereto.

Traditional key generation methods in a noisy network often assume trusted devices and are thus vulnerable to many attacks including covert channels. The present invention differs from previous key generation schemes in that it presents a mechanism which allows secure key generation with untrusted devices in a noisy network with a prescribed access structure.

In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer dusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.

A system for providing a residential IP network includes a plurality of transceiver circuitries, each associated with a building, for transmitting signals to/from the associated building. An optical network unit transmits and receives signals at a first frequency with an optical network. A remote unit integrated with the optical network unit converts the received signals at the first frequency into a first format that overcome losses caused by penetrating into the interior of the building over a wireless communications link and transmits the signals in the first format using beam forming and beam steering to provide the wireless signals to at least one of the plurality of transceiver circuitries. Each of the plurality of transceiver circuitries further includes first circuitry, located on an exterior of the building, for transmitting and receiving the signals in the first format. A first antenna associated with the first circuitry for transmits the signals in the first format into the interior of the building via a wireless communications link and receives signals from the interior of the building in the first format via the wireless communications link. Second circuitry, located on the interior of the building and communicatively linked with the first circuitry via the wireless communications link, receives and transmits the converted received signals in the first format that counteracts the losses caused by penetrating into the interior of the building from/to the first circuitry. A second antenna associated with the second circuitry transmits the signals in the first format to the exterior of the building via the wireless communications link and receives signals from the exterior of the building in the first format via the wireless communications link.

A quantum cryptographic key output apparatus includes a semiconductor laser device that repeatedly generates pulsed laser light, an encoder that encodes the pulsed laser light based on a quantum cryptographic key, an optical branching unit that branches the pulsed laser light, and an attenuator that attenuates a light intensity of first pulsed laser light so that the number of photons of the first pulsed laser light has any one of a plurality of candidate values that are values equal to or smaller than 1. Further, the output apparatus includes a light intensity determination unit that determines whether or not a light intensity of a second pulsed laser light is in a predetermined range, and an information output unit that outputs specifying information for specifying the first pulsed laser light corresponding to second pulsed laser light of which the light intensity is not in the predetermined range to an input apparatus.

An active feedback control method for a quantum communication system based on machine learning is disclosed. In the transmission process of a quantum key distribution system, the present invention uses a pre-trained double-layer LSTM network to predict, according to a real-time ambient temperature, humidity and laser light intensity fluctuation, as well as voltage changes in the past moment, a zero-phase voltage value of a phase modulator at a receiving end at the next moment, and updates the network at a fixed time interval, so that the LSTM network can accurately predict for a long time, ensuring that the quantum key distribution system operates stably and efficiently for a long time. The present invention greatly improves the transmission efficiency of the quantum key distribution system by method of active prediction and feedback control. The present invention is not limited to being applied to quantum key distribution systems or phase encoding systems, and also applicable to quantum key distribution systems or quantum communication networks based on other encoding methods.

A phase coder-decoder for quantum key distribution including a beam splitter, two reflecting devices with an orthogonal rotation of polarization optically coupled with the beam splitter via two arms, and a phase modulator provided on one of the two arms. The reflecting devices including a polarization beam splitter having an input and two output ports, and coupled to a corresponding arm via the input port, the output ports optically coupled to each other via a polarization maintaining optical fiber twisted by 90 degrees such that optical pulses output by the output ports are coupled to an axis of the polarization maintaining optical fiber for transmission. The phase coder-decoder is configured to stably perform interference on input optical pulses with an arbitrary polarization state for coding and decoding purpose.

An apparatus for random key transmission comprising a laser (101) configured to generate a coherent source optical signal; a quantum random number generator, QRNG, (105) configured to generate random bits (R1); an electro-optical modulator (107) configured to modulate the coherent source optical signal to generate a modulated optical signal including Quadrature Phase Shift Keying, QPSK, pilot symbols temporally multiplexed with quantum key distribution, QKD, symbols representing the random bits, wherein quadratures values of the modulated optical signal follow a modulation map, wherein the modulation map is a quadrature amplitude modulation, QAM, based Probabilistic Constellation Shaping, PCS, modulation map defining a mapping function for the random bits.