Abstract: A Data Security Management System using a communications interface configured to receive and transmit one or more portions of Post Quantum Resistant Encrypted data within a network comprising a plurality of endpoints. Using End-to-End (E2E) Post Quantum Resistant encryption techniques to protect the data, the Data Security Management System provides the flexibility for multiple data schemes in a distributive environment such as, but not limited to, Hyperledger. The system uses a Policy Manager to perform the base configuration of the session to be transmitted or received in an encrypted state. This encrypted state comprises Post Quantum Cryptographic algorithm in use for that session, inclusive with associated keys or digital signatures. The Policy Manager is further configured to verify an identity of endpoint by a multifactor cryptographic authentication mechanism or a biometric authentication mechanism to validate a connection to or from an endpoint.

Abstract: A system and method for verifying a cryptographic access code is provided. If a set of cryptographic access components are quantum-aware, the system can obtain a post-quantum encryption and/or decryption algorithm from a context-specific non-critical extension in a private OID namespace, such as SABER, Kyber, Enhanced McEliece, or RLCE. If the set of cryptographic access components are quantum-aware, the system can obtain a post-quantum signature or verification algorithm from the private OID namespace. The system can validate a root of trust specified in a TAL record; confirm that a respective certificate, CRL, or TAL is specified in at least one Manifest record; confirm that a hash of the respective certificate, CRL, or TAL matches a recorded hash in a respective Manifest listing the respective certificate, CRL, or TAL; and confirm that a respective CRL or Manifest is fresh.

Abstract: A method for forward security Quantum Secure Layer (QSL), where the method causing a server to hold long-term public/private Key Encapsulation Mechanism (KEM) keypair; uses KEM to establish a pre-master shared secret; causing the server to send ephemeral KEM public key to the client; uses KEM to establish master shared secret; and generates a session key by the server and encrypted to the client using the master shared secret. A method for forward secrecy Quantum Secure Layer (QSL), where the method causing a server to hold a pre-shared ephemeral public/private Key Encapsulation Mechanism (KEM) keypair; uses KEM to establish a master shared secret; and generates a session key by the server and encrypted to the client using the master shared secret.

Abstract: A method to allow a client to communicate with a server, specifically to conduct a key management service, in order to obtain encryption/decryption keys for data-at-rest, wherein the method comprises: causing the client to use Authenticated Encryption with Associated Data (AEAD) to encrypt data according to a moving target design and causing the client, at a later time, to use AEAD to check the integrity of the data and decrypt the data according to the moving target design.

Abstract: A Data Security Management System using a communications interface configured to receive and transmit one or more portions of Post Quantum Resistant Encrypted data within a network comprising a plurality of endpoints. Using End-to-End (E2E) Post Quantum Resistant encryption techniques to protect the data, the Data Security Management System provides the flexibility for multiple data schemes in a distributive environment such as, but not limited to, Hyperledger. The system uses a Policy Manager to perform the base configuration of the session to be transmitted or received in an encrypted state. This encrypted state comprises Post Quantum Cryptographic algorithm in use for that session, inclusive with associated keys or digital signatures. The Policy Manager is further configured to verify an identity of endpoint by a multifactor cryptographic authentication mechanism or a biometric authentication mechanism to validate a connection to or from an endpoint.