Path computation engine and method of configuring an optical path for quantum key distribution

Abstract

A path computation engine, PCE, (100) for an optical communications network comprising a plurality of nodes and a plurality of links. The PCE comprises a processor and memory comprising instructions executable by the processor whereby the PCE is operative to: receive a request to configure a quantum key, Qkey, path from a first node to a second node in the optical communications network for a quantum key distribution, QKD, signal for a quantum key for a secure data transmission signal; calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and generate a control signal comprising instructions arranged to configure said feasible Qkey path.

Claims

1. A path computation engine for an optical communications network, the optical communications network comprising a plurality of nodes and a plurality of links, wherein the path computation engine comprises a processor and memory, the memory comprising instructions executable by the processor whereby the path computation engine is configured to: receive a request to configure a quantum key (Qkey) path from a first node to a second node in the optical communications network for a quantum key distribution (QKD) signal for a quantum key for a secure data transmission signal; calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and generate a control signal comprising instructions arranged to configure said feasible Qkey path.

2. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is further configured to calculate at least one of: a raw key bit rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path; and a quantum bit error rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path.

3. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is further configured to: receive a request to configure a new Qkey path from the first node to the second node for a new quantum key for the secure data transmission signal; and calculate a new feasible Qkey path from the first node to the second node that is logically different to the traffic path from the first node to the second node and is different to a previous Qkey path from the first node to the second node for a previous quantum key.

4. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is configured to calculate a feasible Qkey path by: calculating a plurality of feasible Qkey paths from the first node to the second node, each calculated Qkey path being logically different to the traffic path; and randomly selecting one of said plurality of feasible Qkey paths.

5. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is operative to assign a respective randomly calculated weight value to each link of the optical communications network and to calculate a feasible Qkey path depending on said weight values.

6. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is configured to calculate a feasible Qkey path from the first node to the second node that is physically different to the traffic path from the first node to the second node.

7. The path computation engine of claim 1, wherein the memory comprises instructions executable by the processor whereby the path computation engine is configured to calculate a feasible Qkey path from the first node to the second node that does not include a repeater.

8. A secure data transmission apparatus for an optical communications network, the secure data transmission apparatus comprising: a traffic path computation engine comprising a processor and memory comprising instructions executable by the processor whereby the traffic path computation engine is configured to: receive a request to configure a traffic path from a first node to a second node in the optical communications network for a secure data transmission signal; calculate a traffic path from the first node to the second node for the secure data transmission signal; and generate a control signal comprising instructions arranged to configure the calculated traffic path; and a path computation engine comprising a processor and memory, the memory comprising instructions executable by the processor whereby the path computation engine is configured to: receive, from the traffic path computation engine, a request to configure a quantum key (Qkey) path from a first node to a second node in the optical communications network for a quantum key distribution (QKD) signal for a quantum key for a secure data transmission signal; calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and generate a control signal comprising instructions arranged to configure said feasible Qkey path.

9. The secure data transmission apparatus of claim 8, wherein the apparatus is configured to periodically calculate a new Qkey path for a new quantum key.

10. An optical communications network node comprising a path computation engine comprising a processor and memory, the memory comprising instructions executable by the processor whereby the path computation engine is configured to: receive a request to configure a quantum key (Qkey) path from a first node to a second node in the optical communications network for a quantum key distribution (QKD) signal for a quantum key for a secure data transmission signal; calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and generate a control signal comprising instructions arranged to configure said feasible Qkey path.

11. A method of configuring an optical path for quantum key distribution in an optical communications network, the method comprising steps of: receiving a request to configure a quantum key (Qkey) path from a first node to a second node in the optical communications network for a quantum key distribution (QKD) signal for a quantum key for a secure data transmission signal; calculating a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and generating a control signal comprising instructions arranged to configure said feasible Qkey path.

12. The method of claim 11, further comprising calculating at least one of: a raw key bit rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path; and a quantum bit error rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path.

13. The method of claim 11, further comprising: receiving a request to configure a new Qkey path from the first node to the second node for a new quantum key for the secure data transmission signal; and calculating a new feasible Qkey path from the first node to the second node that is logically different to the traffic path from the first node to the second node and is different to a previous Qkey path from the first node to the second node for a previous quantum key.

14. The method of claim 13, wherein calculating a feasible Qkey path comprises: calculating a plurality of feasible Qkey paths from the first node to the second node, each calculated Qkey path being logically different to the traffic path; and randomly selecting one of said plurality of feasible Qkey paths.

15. The method of claim 13, wherein calculating a feasible Qkey path comprises: assigning a respective randomly calculated weight value to each link of the optical communications network; and calculating a feasible Qkey path depending on said weight values.

16. The method of claim 11, wherein the method comprises calculating a feasible Qkey path from the first node to the second node that is physically different to the traffic path from the first node to the second node.

17. The method of claim 10, wherein the method comprises calculating a feasible Qkey path from the first node to the second node that does not include a repeater.

18. The method of claim 11, wherein the method comprises periodically calculating a new Qkey path for a new quantum key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a schematic representation of a path computation engine of an optical communications network according to an embodiment of the invention;

(2) FIGS. 2 and 3 are schematic representations of secure data transmission apparatus for an optical communications network according to an embodiment of the invention;

(3) FIG. 4 is a schematic representation of an optical communications network node according to an embodiment of the invention;

(4) FIGS. 5 to 8 illustrate steps of methods of configuring an optical path for quantum key distribution in an optical communications network according to embodiments of the invention; and

(5) FIG. 9 illustrates steps of a method of secure data transmission in an optical communications network according to an embodiment of the invention.

DETAILED DESCRIPTION

(6) The same reference numbers will used for corresponding features in different embodiments.

(7) Referring to FIG. 1, an embodiment of the invention provides a path computation engine, PCE, 100 for an optical communications network, the optical communications network comprising a plurality of nodes and a plurality of links. The PCE 100 comprises a processor and memory. The memory comprises instructions executable by the processor whereby the path computation engine is operative to receive a request to configure a quantum key, Qkey, path from a first node to a second node in the optical communications network for a quantum key distribution, QKD, signal for a quantum key for a secure data transmission signal. The memory comprises further instructions executable by the processor whereby the path computation engine is operative to calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal.

(8) The Qkey path is feasible if an optical signal power, originating from the secure data transmission signal, within the Qkey path is below a predetermined threshold value. Optical interference may occur between the secure data transmission signal and the QKD signal, resulting in some optical power from the secure data transmission signal being present within the Qkey path. The optical interference may be due to one or more of: spontaneous Raman scattering, four-wave mixing, and channel crosstalk. If the amount of optical signal power that is scattered, mixed, etc, from the secure data transmission signal into the Qkey path is below a predetermined threshold, the Qkey path is feasible.

(9) The memory comprises further instructions executable by the processor whereby the path computation engine is operative to generate a control signal comprising instructions arranged to configure the calculated feasible Qkey path.

(10) The PCE 100 may be provided within the network management system, NMS, 110 of the optical communications network.

(11) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to calculate a raw key bit rate for transmission of a quantum key on the QKD signal. The raw key bit rate is calculated depending on transmission characteristics of the calculated feasible Qkey path. The memory may additionally or alternatively comprise instructions executable by the processor whereby the PCE 100 is operative to calculate a quantum bit error rate for transmission of a quantum key on the QKD signal. The quantum bit error rate is calculated depending on transmission characteristics of the calculated feasible Qkey path. The calculations may be made using the models for estimating these parameters disclosed, for example, in D. Stucki et al “Quantum key distribution over 67 km with a plug & play system”, New J. Phys., vol. 4., 2002, 41.1-41.8.

(12) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to receive a request to configure a new Qkey path from the first node to the second node for a new quantum key for the secure data transmission signal. The memory comprises further instructions executable by the processor whereby the PCE is operative to calculate a new feasible Qkey path from the first node to the second node that is logically different to the traffic path from the first node to the second node. The new feasible Qkey path is also different to a previous Qkey path from the first node to the second node for a previous quantum key; the previous Qkey path may be the Qkey path that the new Qkey path is replacing or any previously configured Qkey path used for the QKD signal, over a time limited period or over an unlimited time period.

(13) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to calculate a feasible Qkey path by calculating a plurality of feasible Qkey paths from the first node to the second node and randomly select one of the calculated plurality of feasible optical paths. Each calculated Qkey path is logically different to the traffic path from the first node to the second node.

(14) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to receive a random number and to select one of the plurality of feasible Qkey paths based on the received random number.

(15) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to assign a respective randomly calculated weight value to each link of the optical communications network and to calculate a feasible Qkey path depending on the randomly calculated weight values assigned to the links.

(16) The memory may comprise instructions executable by the processor whereby the PCE 100 is operative to receive random numbers, for example from a quantum random number generator, QRNG.

(17) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to calculate a feasible Qkey path from the first node to the second node that is physically different to the traffic path from the first node to the second node.

(18) In an embodiment, the memory comprises instructions executable by the processor whereby the PCE 100 is operative to calculate a feasible Qkey path from the first node to the second node that does not include a repeater, such as a 3R (reamplification, reshaping and retiming) regenerator or an optical amplifier.

(19) Corresponding embodiments equally apply to the optical communications network node described with reference to FIG. 4 below.

(20) Referring to FIG. 2, an embodiment of the invention provides secure data transmission apparatus 200 for an optical communications network comprising a traffic path computation engine, PCE.sub.T, and a quantum key distribution, QKD, path computation engine, PCE.sub.Q, 100 as described above with reference to FIG. 1.

(21) The PCE.sub.T 210 comprises a processor and memory. The memory comprises instructions executable by the PCE.sub.T processor whereby the PCE.sub.T is operative to receive a request to configure a traffic path from a first node to a second node in the optical communications network for a secure data transmission signal. The PCE.sub.T memory comprises instructions executable by the PCE.sub.T processor whereby the PCE.sub.T is operative to calculate a traffic path from the first node to the second node for the secure data transmission signal. The PCE.sub.T memory comprises instructions executable by the PCE.sub.T processor whereby the PCE.sub.T is operative to generate a control signal comprising instructions arranged to configure the calculated traffic path.

(22) The PCE.sub.Q memory comprises instructions executable by the PCE.sub.Q processor whereby the PCE.sub.Q is operative to receive a request from the PCE.sub.T to configure a Qkey path from a first node to a second node in the optical communications network for a QKD signal for a quantum key for the secure data transmission signal.

(23) The PCE.sub.Q 100 and the PCE.sub.T 210 may be provided within a network management system, NMS, 220 of an optical communications network.

(24) In an embodiment, the PCE.sub.T 210 is provided at a network node of the optical communications network and the PCE.sub.Q 100 is provided at a network node of a secure data centre within the optical communications network.

(25) In an embodiment, the PCE.sub.T memory comprises instructions executable by the PCE.sub.T processor whereby the PCE.sub.T 210 is operative to calculate a traffic path from the first node to the second node based on a first path calculation algorithm and a first cost function. The PCE.sub.Q memory comprises instructions executable by the PCE.sub.Q processor whereby the PCE.sub.Q 100 is operative to calculate a Qkey path from the first node to the second node based on a second path calculation algorithm, different to the first path calculation algorithm and a second cost function, different to the first cost function.

(26) In an embodiment, the secure data transmission apparatus 200 is configured to periodically calculate a new Qkey path for a new quantum key. The PCE.sub.T memory comprises instructions executable by the PCE.sub.T processor whereby the PCE.sub.T 210 is operative to periodically receive an indication that a new quantum key is to be distributed and to send a request to the PCE.sub.Q 100 to configure a new Qkey path for the new quantum key.

(27) A time period of the periodic calculation is lower than a predefined time. The predefined time depends on the encryption algorithm used to generate the quantum key and should be shorter than a time needed to hack the QKD signal. The predefined time can be updated, typically it would be expected to be shortened, with development of computation devices and techniques used for code breaking.

(28) In an embodiment, the apparatus further comprises a quantum random number generator configured to generate random numbers.

(29) FIG. 3 illustrates secure data transmission apparatus 250 for an optical communications network 260 comprising a plurality of nodes A-F 262 and a plurality of links 264. The apparatus 250 comprises a traffic path computation engine, PCE.sub.T, 210 as described above with reference to FIG. 2, and a quantum key distribution, QKD, path computation engine, PCE.sub.Q, 100 as described above with reference to FIG. 1.

(30) The PCE.sub.T receives a request to securely route data traffic from node A to node D, using a quantum secured optical signal. In addition to configuring a traffic path from node A to node D for a secure data transmission signal, a Qkey path must also be configured from node A to node D for a QKD signal for a quantum key for the secure data transmission signal.

(31) In order to keep the routing calculations for the traffic path and the Qkey path logically separated, the apparatus 250 comprises two logically distinct PCEs; one for the data traffic, PCE.sub.T 210, and one for the QKD signal, PCE.sub.Q 100. The two PCEs may also be hosted at different sites, with the PCE.sub.Q preferably being hosted within a secure data centre to ensure security of the quantum key and the QKD signal.

(32) The PCE.sub.T is operative to configure the traffic path according to well-known routing techniques, such as Dijkstra or Bellman-Ford. Parameters used for routing are, for example, administrative cost, wavelength continuity, and impairments related limitations.

(33) The PCE.sub.T is operative to then communicate with the PCE.sub.Q to request the PCE.sub.Q to configure a Qkey path from node A to node D for a QKD signal. The PCE.sub.Q operates according to different criteria than the PCE.sub.T. For example, if a service channel is dedicated to QKD within the network 260, the PCE.sub.Q does not need to perform wavelength assignment but just has to check possible wavelength contentions of the channel on the network links 264. Alternatively, for example, wavelength assignment for the QKD signal could be performed based on wavelength continuity constraints and feasibility assessed based on propagation impairments; using calculation rules that are different to those use by the PCE.sub.T.

(34) In this example, the PCE.sub.T configures traffic path A-B-C-D 270 and PCE.sub.Q configures Qkey path A-E-D 280. The Qkey path from node A to node D across the network 260 is therefore physically different from the traffic path from node A to node D; the two paths share only the end nodes A and D.

(35) The PCE.sub.Q is operative to periodically calculate a new Qkey path, while the traffic path remains the same. The time period of the periodic calculation is lower than a predetermined time. This time depends on the encryption algorithm used to generate the quantum key and should be lower than the estimated time required for an eavesdropper to hack the quantum key. For example, if the quantum key is generated using the AES algorithm, to ensure a minimal advantage to an eavesdropper of ½.sup.32 a new optical path must be calculated after encrypting 2.sup.48 blocks of data. A new quantum key may also be generated for transmission on the QKD signal on the new Qkey path.

(36) In calculating the new Qkey path, a random weight (cost) of each link may be generated to make the result unpredictable to an eavesdropper. Alternatively, a set of feasible Qkey paths may be calculated in advance and one of them then randomly selected for use. In both cases, the apparatus 250 may comprise a Quantum Random Number Generator, QRNG, operative to generate random numbers or may be configured to receive random numbers. The apparatus is operative to provide the random numbers to the PCE.sub.Q. The PCE.sub.Q is operative to use the random numbers in calculating the new Qkey path, either as the random weights for the links or to select one of the feasible Qkey paths. Both approaches make the new Qkey path unpredictable.

(37) As result of a new calculation, with the links having different random weights, the PCE.sub.Q may, for example, find that Qkey path A-F-E-D has a lower cost than Qkey path A-E-D, so Qkey path A-F-E-D would be selected.

(38) Once the Qkey path has been configured, a raw key bit rate and a quantum bit error rate are estimated for the QKD signal for the configured Qkey path. This estimation may optimize performance of the QKD signal on the configured Qkey path since the feasible raw key bit rate and the quantum bit error rate may vary with the transmission characteristics of the configured Qkey path. The calculations may be made using the models for estimating these parameters disclosed, for example, in D. Stucki et al “Quantum key distribution over 67 km with a plug & play system”, New J. Phys., vol. 4., 2002, 41.1-41.8. The main parameters considered are the transmission distance, the characteristic of the laser and detector, the amount of noise in the QKD optical signal and the quantum protocols employed. For example, transmitting a QKD optical signal, using the phase-encoding BB84 protocol, across a 50 km optical path in the presence of a set of data transmission signals having a throughput of 6.38 Tbps and having different wavelengths, and detecting the QKD signal using a single-photon avalanche diode, SPAD, detector with a detection efficiency of 0.1, one would estimate to achieve a net quantum key bit rate of 14.8 kbps. Increasing the distance to 80 km would lead to a new reduced quantum key rate of 1 kbps, as shown in D. Stucki et al “Quantum key distribution over 67 km with a plug & play system”, New J. Phys., vol. 4., 2002, 41.1-41.8. Once a feasible quantum bit error rate has also been estimated, the quantum key can be transmitted safely on the QKD signal.

(39) Referring to FIG. 4, an embodiment of the invention provides an optical communications network node 300 comprising a path computation engine, PCE, 320. The PCE 320 is substantially the same as the PCE 100 described above and comprises a processor 330 and memory 340. The memory 340 comprises instructions executable by the processor whereby the PCE 320 is operative to:

(40) receive a request to configure a Qkey path from a first node to a second node in the optical communications network for a quantum key distribution, QKD, signal for a quantum key for a secure data transmission signal;

(41) calculate a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal, wherein the Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value; and

(42) generate a control signal comprising instructions arranged to configure said feasible Qkey path.

(43) In an embodiment, the optical communications network node 300 further comprises a QRNG configured to generate random numbers for use by the PCE 320.

(44) In an embodiment, the optical communications network node is configured to receive a quantum encrypted signal carrying random numbers for use by the PCE 320.

(45) Referring to FIG. 5, an embodiment of the invention provides a method 400 of configuring an optical path for quantum key distribution in an optical communications network. The method comprises a step of receiving 410 a request to configure quantum key, Qkey, path from a first node to a second node in the optical communications network for a QKD signal for a quantum key for a secure data transmission signal. The method comprises a step of calculating 412 a feasible Qkey path from the first node to the second node that is logically different to a traffic path from the first node to the second node for the secure data transmission signal. The Qkey path is feasible if an optical signal power originating from the secure data transmission signal within the Qkey path, caused by optical interference of the secure data transmission signal with the QKD signal, is below a predetermined threshold value. The method comprises a step of generating 414 a control signal comprising instructions arranged to configure said feasible Qkey path.

(46) In an embodiment, the method further comprises, once the Qkey path has been configured, calculating a raw key bit rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path. The method may alternatively or additionally comprise calculating a quantum bit error rate for transmission of a quantum key on the QKD signal depending on transmission characteristics of the calculated feasible Qkey path.

(47) The calculations may be made using the models for estimating these parameters disclosed, for example, in D. Stucki et al “Quantum key distribution over 67 km with a plug & play system”, New J. Phys., vol. 4., 2002, 41.1-41.8.

(48) Referring to FIG. 6, in an embodiment, the method 500 further comprises receiving 510 a request to configure a new Qkey path from the first node to the second node for a new quantum key for the secure data transmission signal. The method further comprises calculating 520 a new feasible Qkey path from the first node to the second node that is logically different to the traffic path from the first node to the second node and is different to a previous Qkey path from the first node to the second node for a previous quantum key. The previous Qkey path may be the Qkey path that the new Qkey path is replacing or any previously configured Qkey path used for the QKD signal.

(49) Referring to FIG. 7, in an embodiment, the step of calculating 520 a feasible Qkey path comprises calculating 522 a plurality of feasible Qkey paths from the first node to the second node. Each calculated Qkey path is logically different to the traffic path. One of the calculated feasible Qkey paths is then randomly selected 524 for use.

(50) In an embodiment, the method comprises receiving a random number and selecting one of the calculated feasible Qkey paths based on the received random number.

(51) Referring to FIG. 8, in an embodiment, the step of calculating 520 a feasible Qkey path comprises assigning 526 a respective randomly calculated weight value to each link of the optical communications network. The step of calculating 520 a feasible Qkey path comprises calculating 528 a feasible Qkey path depending on the assigned randomly calculated weight values.

(52) In an embodiment, the method comprises receiving random numbers and assigning a respective random number to each link as the weight value for the link.

(53) In an embodiment, the step of calculating a feasible v path comprises calculating a feasible Qkey path from the first node to the second node that is physically different to the traffic path from the first node to the second node.

(54) In an embodiment, the step of calculating a feasible Qkey path comprises calculating a feasible Qkey path from the first node to the second node for the QKD signal that does not include a repeater.

(55) In an embodiment, the method comprises periodically calculating a new Qkey path for a new quantum key. A time period of the periodic calculation is lower than a predefined time. The predefined time depends on the encryption algorithm used to generate the quantum key and should be shorter than a time needed to hack the QKD signal. The predefined time can be updated, typically it would be expected to be shortened, with development of computation devices and techniques used for code breaking.

(56) An embodiment of the invention provides a computer program, comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out any of the above steps of the method 400, 500 of configuring an optical path for quantum key distribution in an optical communications network.

(57) An embodiment of the invention provides a carrier containing a computer program, comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out any of the above steps of the method 400, 500 of configuring an optical path for quantum key distribution in an optical communications network. The carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

(58) Referring to FIG. 9, an embodiment of the invention provides a method 600 of secure data transmission in an optical communications network.

(59) The method comprises steps of:

(60) receiving 610 a request to configure a traffic path from a first node to a second node in the optical communications network for a secure data transmission signal;

(61) calculating 612 a traffic path from the first node to the second node for the secure data transmission signal;

(62) generating 614 a control signal comprising instructions arranged to configure the calculated traffic path.

(63) The method further comprises steps of configuring an optical path for quantum key distribution in the optical communications network according to the method 400, 500 described above with reference to any of FIGS. 5 to 8.

(64) In an embodiment, the traffic path from the first node to the second node is calculated based on a first path calculation algorithm and a first cost function. The Qkey path from the first node to the second node is calculated based on a second path calculation algorithm, different to the first path calculation algorithm and a second cost function, different to the first cost function.

(65) In an embodiment, the method 600 comprises periodically calculating a new Qkey path for a new quantum key. A time period of the periodic calculation is lower than a predefined time. The predefined time depends on the encryption algorithm used to generate the quantum key and should be shorter than a time needed to hack the QKD signal. The predefined time can be updated, typically it would be expected to be shortened, with development of computation devices and techniques used for code breaking.

(66) An embodiment of the invention provides a computer program, comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out any of the above steps of the method 600 of secure data transmission in an optical communications network.

(67) An embodiment of the invention provides a carrier containing a computer program, comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out any of the above steps of the method 600 of secure data transmission in an optical communications network. The carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

Path computation engine and method of configuring an optical path for quantum key distribution

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/0855

ELECTRICITY

Classification Explorer

H04J14/0267

ELECTRICITY

Classification Explorer

H04B10/70

ELECTRICITY

Classification Explorer

H04L45/62

ELECTRICITY

International classification

Classification Explorer

H04B10/70

ELECTRICITY

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04J14/02

ELECTRICITY

Abstract

Claims

Description