Abstract: One or more aspects of the present disclosure are directed to network optimization solutions provided as software agents (applications) executed on network nodes in a heterogenous multi-vendor environment to provide cross-layer network optimization and ensure availability of network resources to meet associated Quality of Experience (QoE) and Quality of Service (QoS). In one aspect, a network slicing engine is configured to receive at least one request from at least one network endpoint for access to the heterogeneous multi-vendor network for data transmission; receive information on state of operation of a plurality of communication links between the plurality of nodes; determine a set of data transmission routes for the request; assign a network slice for serving the request; determine, from the set of data transmission routes, an end-to-end route for the network slice; and send network traffic associated with the request using the network slice and over the end-to-end route.

Abstract: One or more aspects of the present disclosure are directed to network optimization solutions provided as software agents (applications) executed on network nodes in a heterogenous multi-vendor environment to provide cross-layer network optimization and ensure availability of network resources to meet associated Quality of Experience (QoE) and Quality of Service (QoS). In one aspect, a network slicing engine is configured to receive at least one request from at least one network endpoint for access to the heterogeneous multi-vendor network for data transmission; receive information on state of operation of a plurality of communication links between the plurality of nodes; determine a set of data transmission routes for the request; assign a network slice for serving the request; determine, from the set of data transmission routes, an end-to-end route for the network slice; and send network traffic associated with the request using the network slice and over the end-to-end route.

Abstract: A method of dynamically routing packets to a destination node performed by a computing device is disclosed. The method includes: (1) detecting a status of a plurality of links to the destination node across a plurality of communications modalities; (2) determining a set of links to use for routing packets to the destination node based on the detected statuses; and (3) sending packets to the destination node via the determined set of links. A related computer program product, apparatus, and system are also disclosed.

Abstract: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier. The device may generate a shared key associated with the universal client device identifier, and may determine that the SPA packet matches a comparison message authentication code (MAC) generated based on the shared key. The device may provide, based on the SPA packet matching the comparison MAC, a MAC associated with the SPA packet to the client device to enable the client device to validate the device.

Abstract: A system uses a keyboard application to encrypt and decrypt e-mail, messages, and other digital data. By using quantum random number generators, the system has improved data security. Using a quantum random number, an agent (at a sender side) generates an encryption key which is used to automatically encrypt a message. The encryption key is stored at a key server. The encrypted message will be sent by an application using its standard transmission means such as SMTP, SMS, and others. The encrypted message can be automatically unencrypted by using an agent (at a recipient side) and retrieving the key from the key server. The system also provides an optional double encryption, where the message is encrypted with a user-generated password before being encrypted using the encryption key.

Abstract: A system encrypts and decrypts e-mail, messages, and other digital data. By using quantum random number generators, the system has improved data security. Using a quantum random number, an agent (at a sender side) generates an encryption key which is used to automatically encrypt a message. The encryption key is stored at a key server. The encrypted message will be sent by an application using its standard transmission means such as SMTP, SMS, and others. The encrypted message can be automatically unencrypted by using an agent (at a recipient side) and retrieving the key from the key server. The system also provides an optional double encryption, where the message is encrypted with a user-generated password before being encrypted using the encryption key.

Abstract: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier. The device may generate a shared key associated with the universal client device identifier, and may determine that the SPA packet matches a comparison message authentication code (MAC) generated based on the shared key. The device may provide, based on the SPA packet matching the comparison MAC, a MAC associated with the SPA packet to the client device to enable the client device to validate the device.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to receive a request for quantum random numbers from a client device. The processor may be further configured to establish a secure communication channel with the client device; obtain a stream of quantum random numbers from a quantum random number generator appliance; and provide a set of quantum random numbers from the obtained stream of quantum random numbers to the client device via the established secure communication channel.

Abstract: A system uses a keyboard application to encrypt and decrypt e-mail, messages, and other digital data. By using quantum random number generators, the system has improved data security. Using a quantum random number, an agent (at a sender side) generates an encryption key which is used to automatically encrypt a message. The encryption key is stored at a key server. The encrypted message will be sent by an application using its standard transmission means such as SMTP, SMS, and others. The encrypted message can be automatically unencrypted by using an agent (at a recipient side) and retrieving the key from the key server. The system also provides an optional double encryption, where the message is encrypted with a user-generated password before being encrypted using the encryption key.

Abstract: A device may establish a connection with a first server device based on a request to establish a peer-to-peer connection between a first client device, associated with the first server device, and a second client device associated with a second server device, and may generate a plurality of quantum random numbers based on establishing the connection with the first server device and based on the request to establish the peer-to-peer connection. The device may generate encryption keys for the first client device and the second client device based on the plurality of quantum random numbers, and may provide the encryption keys to the first client device and the second client device to cause an encrypted peer-to-peer connection to be established between the first client device and the second client device, via an interface provided between the first server device and the second server device.

Abstract: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier (UID), a counter, a first one-time password generated based on a first shared key, the UID, and the counter. The device may generate a second shared key associated with the UID, and may compare the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the UID, and the counter. The device may determine whether the SPA packet matches the comparison MAC, and may validate the client device when the SPA packet matches the comparison MAC. The device may provide a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication based on establishing a pre-master key with the client device.

Abstract: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier (UID), a counter, a first one-time password generated based on a first shared key, the UID, and the counter. The device may generate a second shared key associated with the UID, and may compare the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the UID, and the counter. The device may determine whether the SPA packet matches the comparison MAC, and may validate the client device when the SPA packet matches the comparison MAC. The device may provide a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication based on establishing a pre-master key with the client device.

Abstract: A device may establish a connection with a first server device based on a request to establish a peer-to-peer connection between a first client device, associated with the first server device, and a second client device associated with a second server device, and may generate a plurality of quantum random numbers based on establishing the connection with the first server device and based on the request to establish the peer-to-peer connection. The device may generate encryption keys for the first client device and the second client device based on the plurality of quantum random numbers, and may provide the encryption keys to the first client device and the second client device to cause an encrypted peer-to-peer connection to be established between the first client device and the second client device, via an interface provided between the first server device and the second server device.

Abstract: Systems and methods validate that subscriber identity module (SIM) number of an end device connected to a network is the same number that was activated for that device. A network device in a network obtains a SIM number and a universal identifier (UID) for the end device during an activation procedure. The network device generates a unique SIM authentication code based on the SIM number, the UID, and a master key. The network device sends the unique SIM authentication code to the end device as part of the activation procedure. After activation, the network device receives, from the end device, an authentication message that includes a first one-time password (OTP), the UID, a time value, the SIM number, and the SIM authentication code. The network device generates a second OTP based on the UID, the time value, the SIM number, and the master key and validates a pairing of the end device and the SIM number when the two OTPs match.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to receive a request for quantum random numbers from a client device. The processor may be further configured to establish a secure communication channel with the client device; obtain a stream of quantum random numbers from a quantum random number generator appliance; and provide a set of quantum random numbers from the obtained stream of quantum random numbers to the client device via the established secure communication channel.

Abstract: Systems and methods validate that a subscriber identity module (SIM) number of an end device connected to a network is the same number that was activated for that device. A network device obtains a SIM number and a device universal identifier (UID) during an activation procedure. The network device generates a unique SIM authentication code based on the SIM number, the UID, and a master key. The network device sends the SIM authentication code to the end device during activation. After activation, the network device receives, from the end device, an authentication message that includes a first one-time password (OTP), the UID, a time value, the SIM number, and the SIM authentication code. The network device generates a second OTP based on the UID, the time value, the SIM number, and the master key and validates pairing of the end device and the SIM number when the two OTPs match.

Abstract: The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.

Abstract: A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.

Abstract: The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.

Abstract: A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information.