Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: The techniques herein are directed generally to providing access control and persona validation for interactions. In one embodiment, a method for a first device comprises: interacting with a second device on a communication channel; determining, over a verification channel with a verification service, that an identity of a user communicating on the second device is a verified identity according to the verification service; determining a persona of the user; querying a third-party entity to make a determination whether the persona is validated and to correspondingly determine a current privilege level; and managing interaction with the second device according to the determination whether the persona is validated and the corresponding current privilege level. Another embodiment comprises a verification server's perspective of facilitating the interaction between the first and second devices, where the verification server queries the third-party entity to validate the persona.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.

Abstract: Techniques for visualizing IoT device management are disclosed. A system utilizing such techniques can include an IoT device risk assessment system and an IoT device management visualization system. A method utilizing such techniques can include grouping IoT devices into an IoT device dimension group based on IoT device dimensions defining the group and controlling presentation of management data for the IoT devices based on the grouping of the IoT devices into the IoT device dimension group.

Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.

Abstract: A method for securing a webpage or a webapp processed by a browser executing on a client system, the method comprising the browser executing an instance of white-box protected code, wherein execution of the instance of white-box protected code causes the client system to: generate a message comprising message data for use by a control system to perform one or more security tests, the control system communicably connected to the client system via a network; send the message to the control system to enable the control system to perform the one or more security tests using the message data; receive a response from the control system based, at least in part, on the message; and process the response.

Abstract: Systems, methods, and apparatus for a virtual transponder utilizing inband commanding are disclosed. In one or more embodiments, a disclosed method comprises receiving, by a payload antenna on a vehicle via a hosted receiving antenna, encrypted hosted commands transmitted from a hosted payload (HoP) operation center (HOC). The method further comprises receiving, by the vehicle, encrypted host commands transmitted from a host spacecraft operations center (SOC). Also, the method comprises reconfiguring a payload on the vehicle according to the unencrypted host commands and/or the unencrypted hosted commands. In addition, the method comprises transmitting, by the payload antenna, payload data to a host receiving antenna and/or the hosted receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, the encrypted host telemetry to the host SOC.

Abstract: Described are techniques for preserving data security for sensitive information. The techniques including identifying sensitive information in first audio data from a first client device. The techniques further comprise generating second audio data including hashed sensitive information, where the hashed sensitive information comprises an audio clip that replaces the sensitive information and that is based on the sensitive information. The techniques further comprise transmitting the second data including the hashed sensitive information to a second client device. The techniques further comprise receiving third audio data including the hashed sensitive information from the second client device. The techniques further comprise generating fourth audio data by replacing the hashed sensitive information with the sensitive information and transmitting the fourth audio data including the sensitive information to the first client device.

Abstract: Embodiments are disclosed for a quantum key distribution enabled intra-datacenter network. An example system includes a first vertical cavity surface emitting laser (VCSEL), a second VCSEL and a network interface controller. The first VCSEL is configured to emit a first optical signal associated with data. The second VCSEL is configured to emit a second optical signal associated with quantum key distribution (QKD). Furthermore, the network interface controller is configured to manage transmission of the first optical signal associated with the first VCSEL and the second optical signal associated with the second VCSEL via an optical communication channel coupled to a network interface module.

Abstract: A method of operating an Internet of Things device is described. In the method, an electrical power is supplied to electrical circuitry in the Internet of Things device. The Internet of Things device is communicatively coupled to a computer network using circuitry of a transceiver and a communications module of the Internet of Things device. A detecting circuit is operated to indirectly monitor a level of activity of the communications module. If the level of activity of the communications module is determined to exceed a threshold value, a volume of communications between the Internet of Things device and the computer network is curtailed.

Abstract: A computer system detects, at time period one, that a first user of a computing device has not paid a transmitted invoice. In response to the detecting, at time period one, that the first user of the computing device has not paid the transmitted invoice, the computer system applies one or more restrictions to a first social media account corresponding to the first user. In response to the detecting, at time period two, that the first user has paid the transmitted invoice, the computer system removes the one or more restrictions from the first social media account, wherein time period two is after time period one.

Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.

Abstract: A network device includes a transmitter and a receiver to establish a secure connection with one or more network nodes as part of a Autonomic Control Plane (ACP) network. The network device also includes a processor coupled to the transmitter and receiver. The processor receives a request from an application to initiate a connection with a destination network node. The processor also receives packets from the application for transmission toward the destination network node. When the packets from the application are unencrypted, the processor end-to-end encrypts the unencrypted packets without notifying the application. The transmitter then transmits the encrypted packets towards the destination network node across the ACP network.

Abstract: A system and method are described for proactively performing key swaps among nodes in a quantum key distribution (QKD) network. The method includes determining a routing solution for nodes in the QKD network; making the routing solution available to the nodes in the QKD network; and initiating key swaps among the nodes in the QKD network according to the routing solution, prior to key requests being made within the QKD network. The method can also include continuously performing key swaps among the nodes in the QKD network according to the routing solution; detecting a change in capacity and/or a change in demand on one or more links within the QKD network; determining a new routing solution based on the detected change; and continuously preforming subsequent key swaps according to the new routing solution.

Abstract: Described in detail herein is a method for encrypting or encoding time-stamped location data associated with a computing device. The method converts time and location information associated with the computing device into a vector format. The method generates a code vector based on the converted time and location vector. The method sorts entries in the code vector based at least in part on a predetermined ordering scheme. The method executes a random modification to each of the sorted entries. The method compares the code vector to at least one other code vector associated with another computing device. The method identifies other code vectors within a specified distance of the given code vector. The method concludes that the computing device and the at least one other computing device were in proximity to each other during a time period corresponding to the time information.

Abstract: A system and method are provided for proactively buffering quantum key distribution (QKD) key material. The method includes monitoring key generation rates and surpluses at QKD devices at each node of a QKD link in a QKD network, retrieving surplus key material from the QKD devices at one or both nodes of the QKD link, and buffering the surplus key material in a local storage at one or both nodes in the QKD link. The surplus key material can be used to offset overhead introduced in securely relaying keys between non-adjacent demand pairs in the QKD network. The surplus key material can also be used to offset future transient decreases in key generation rates.

Abstract: A data security system, including a security manager computer making network application programming interface (API) calls to a cloud-based service that (i) performs data exchange transactions for end users, and (ii) includes a mechanism for an end user to invoke in order to report a transaction received by the end user to a central authority as being a potentially harmful or deceptive transaction, the API calls remotely controlling the cloud-based service so that the security manager computer accesses transactions that have entered the cloud-based service, and a data inspector operative to analyze a transaction as being harmful or deceptive, by applying machine learning, wherein the security manager computer controls the cloud-based service so as to transmit transactions reported by the mechanism to the security manager, instead of or in addition to the central authority, for analysis by the data inspector.

Abstract: Methods and systems for expedited authentication for mobile applications are described herein. A user of a mobile device may authenticate with an enterprise system, and thereby be granted access to enterprise applications and services on the mobile device. The user may then activate an application in a managed partition of the mobile device. The application may determine that the enterprise system supports expedited authentication. The application may request expedited authentication, and the request may be compared to policies for expedited authentication. If the request is permitted, the application may be granted access to an authorization code for expedited authentication. The application may then perform the expedited authentication, and the user may be granted access to the application when the expedited authentication has completed.