Abstract: In one embodiment, a method comprises: initiating, by an executable agent within a secure executable container executed by a network device, a monitoring of a network-based service between the network device and a second network device having a two-way trusted relationship with the network device within a secure peer-to-peer data network, the network-based service based on a securely-stored secure data structure or a securely-transmitted secure data structure in the secure peer-to-peer data network; executing, by the executable agent, a secure machine learning operation based on one or more user actions associated with the network-based service, wherein the secure executable container prevents any access of any unencrypted data structure, or accessing the secure peer-to-peer data network, without authorized access via a prescribed Application Programming Interface (API); and autonomically executing, by the executable agent, an improved operation for the network-based service based on the machine learning.

Abstract: In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.

Abstract: A secure executable container executed by an endpoint device determines physical attributes associated with the endpoint device reaching destination endpoint devices within a secure data network, and determines destination endpoint attributes for each of the destination endpoint devices. The secure executable container selects one or more of the destination endpoint devices for establishment of a corresponding secure peer-to-peer connection based on the physical attributes relative to the destination endpoint attributes of the one or more destination endpoint devices, each secure peer-to-peer connection bypassing a core network device in the secure data network. The secure executable container selects remaining destination endpoint devices for respective secure hybrid peer-to-peer connections via the core network device, based on the physical attributes relative to the respective destination endpoint attributes of the remaining ones of the destination endpoint devices.

Abstract: A secure keyboard resource executed in a network device detects a user input, and generates a user input data structure representing the user input relative to input options presented to the user, the user input data structure based on the secure keyboard resource identifying a position of the user input relative to the input options. The secure keyboard resource sends the user input data structure to one or more executable destination resources, having requested supply of the user input data structure responsive to a user selection, only via a corresponding data path providing the destination resource with access to the user input data structure, for execution of a service by the one or more executable destination resources based on the user input data structure. The secure keyboard resource thus minimizes spying by limiting access of the user input data structure to the destination resource via the data path.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by an endpoint device, a request from an originating entity for initiating a secure peer-to-peer communication with a second network entity via a secure data network, the originating entity and second network entity having established a two-way trusted relationship in the secure data network; processing, by the secure executable container, the request based on providing the originating entity sole and exclusive authority to control the secure peer-to-peer communication, including cryptographically secure termination and removal of the secure peer-to-peer communication from any network device in the secure data network; and initiating, by the secure executable container, the secure peer-to-peer communication by securely sending, to the second network entity via the secure data network, a secure peer-to-peer invitation for the second network entity to join the secure peer-to-peer communication.

Abstract: In one embodiment, a method comprises: generating and maintaining, by a network device in a secure peer-to-peer data network, a secure private key and a corresponding secure public key; establishing, by the network device, a two-way trusted relationship with a second network device in the secure peer-to-peer data network; generating by the network device a temporal key, and encrypting a data packet payload using the temporal key into an encrypted payload; encrypting, by the network device, the temporal key into an encrypted temporal key using a second secure public key of the second network device; and generating and outputting a secure data packet comprising the encrypted temporal key and the encrypted payload, enabling a receiving network device to verify the secure data packet is not a copy based on a determined absence of a prior prescribed hash of at least a portion of the encrypted temporal key.

Abstract: In one embodiment, a method comprises: generating and maintaining, by a replicator device in a secure peer-to-peer data network, a secure private key and secure public key; establishing a two-way trusted relationship with a second replicator device for a pairwise topology of two-way trusted replicator devices; establishing a two-way trusted relationship with a first endpoint device based on validating a secure attachment request using the secure private key, and obtaining a second secure public key of the first endpoint device; validating, using the second secure public key, a secure data packet from the first endpoint device and destined for the second endpoint device, and obtaining information for reaching the second endpoint device via the second replicator device; and securely signing the secure data packet, received from the first endpoint device and destined for the second endpoint device, into a secure forwarded packet for secure transmission to the second replicator device.

Abstract: In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.

Abstract: A secure keyboard resource executed in a network device detects a user input, and generates a user input data structure representing the user input relative to input options presented to the user, the user input data structure based on the secure keyboard resource identifying a position of the user input relative to the input options. The secure keyboard resource sends the user input data structure to one or more executable destination resources, having requested supply of the user input data structure responsive to a user selection, only via a corresponding data path providing the destination resource with access to the user input data structure, for execution of a service by the one or more executable destination resources based on the user input data structure. The secure keyboard resource thus minimizes spying by limiting access of the user input data structure to the destination resource via the data path.

Abstract: In one embodiment, a method comprises: securing, by a security agent executed within a network device, first secure data structures for secure storage in the network device and second secure data structures for secure communications in a secure peer-to-peer data network; monitoring, by the security agent, a corresponding mandatory lifecycle policy for each of the first secure data structures; and cryptographically erasing one of the first secure data structures in response to expiration of the corresponding mandatory lifecycle policy.

Abstract: A secure executable container executed by an endpoint device receives a request by an originating entity for initiating a secure peer-to-peer transfer of a data object to at least a second network entity via a second network device in a secure data network. The secure executable container establishes a two-way trusted relationship between the originating entity and the endpoint device, and between the endpoint device and the second network device. The secure executable container generates a root data object containing metadata identifying the data object and comprising a list identifying message objects containing respective data chunks of the data object, and causes the second network device to execute a secure autonomic synchronization of the root data object via the secure data network, enabling the second network entity to execute the secure peer-to-peer transfer of at least a selected portion of the data object as a hyperlinked hypercontent object.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by an endpoint device, a request from an originating entity for initiating a secure peer-to-peer communication with a second network entity via a secure data network, the originating entity and second network entity having established a two-way trusted relationship in the secure data network; processing, by the secure executable container, the request based on providing the originating entity sole and exclusive authority to control the secure peer-to-peer communication, including cryptographically secure termination and removal of the secure peer-to-peer communication from any network device in the secure data network; and initiating, by the secure executable container, the secure peer-to-peer communication by securely sending, to the second network entity via the secure data network, a secure peer-to-peer invitation for the second network entity to join the secure peer-to-peer communication.

Abstract: In one embodiment, a method comprises: generating, by a secure executable container executed by an endpoint device in a secure peer-to-peer data network, a secure private key and a first secure public key; first establishing, by the secure executable container, a two-way trusted relationship with a second endpoint device, including receiving a second secure public key of the second endpoint device; second establishing, by the secure executable container, a two-way trusted relationship with a replicator device, including receiving a third secure public key of the replicator device; generating, by the secure executable container using the second secure public key, a secure data packet destined for the second endpoint device, including generating an encrypted payload for the secure data packet; and generating and outputting to the replicator device, by the secure executable container using the third secure public key, a secure tunneled data packet, including encrypting the secure data packet.

Abstract: In one embodiment, a method comprises: first determining, by a secure executable container executed by a network device, whether an input string entered by a user of the network device starts with a valid user access password for access via the secure executable container to one or more secure services; second determining, by the secure executable container, whether the input string further includes a prescribed delimiter contiguously following the valid user access password; third determining, by the secure executable container, whether the user has input a valid command password contiguously following the prescribed delimiter; and selectively executing, by the secure executable container, a prescribed command associated with the valid command password based on determining the user has input the valid command password contiguously following the prescribed delimiter.

Abstract: In one embodiment, a method comprises: receiving, by a network device, a request from a requesting party to register the network device as an endpoint device in a secure peer-to-peer data network; cryptographically generating a secure private key and a secure public key associated with the requesting party utilizing the network device; generating and sending a registration request, including the secure public key and an external network address for reaching the requesting party via an external data network, to a prescribed destination associated with the secure peer-to-peer data network; and selectively registering the network device as the endpoint device in response to verifying a validation response having been sent to the external network address and that includes the secure public key, including creating a federation identifier associated with the external network address and an endpoint identifier uniquely identifying the endpoint device, and associating the endpoint identifier with the federation ident

Abstract: A secure peer-to-peer streaming media session is initiated in a secure data network based on a secure executable container executed by an endpoint device receiving a request, by an originating entity, for initiating the session with a second network entity having a two-way trusted relationship with the endpoint device in the secure data network via a second network device. The secure executable container: generates a conversation object identifying the second network entity as a participant in the session, and causes secure autonomic synchronization of the conversation object with the second network device; generates a message object and adds a reference to the conversation object; and updates a hypercontent body in the message object with streaming media data received from an executable media source in the endpoint device. The updating causes the second network device to retrieve each update of the streaming media data in the hypercontent body during the session.

Abstract: A secure executable container executed by a first endpoint device in a secure peer-to-peer data network detects that a second endpoint device is unavailable for execution of a secure asynchronous transaction with the first endpoint device, and generates a secure request for an assisting device (the second endpoint device or a third network device) requesting an indication once the second endpoint device is available for execution of the secure asynchronous transaction. The secure request does not contain any user-generated data. Upon the secure executable container receiving the indication generated by the assisting device that the second endpoint device is available for the execution of the secure asynchronous transaction, the secure executable container causes autonomic execution for completing the secure asynchronous transaction with the second endpoint device.

Abstract: A secure executable container executed by an endpoint device establishes a two-way trusted relationship in a secure peer-to-peer data network with a user entity, generates an endpoint identifier for the endpoint device in the secure peer-to-peer data network, and associates the endpoint device with a federation identifier identifying the user entity in the secure peer-to-peer data network. The secure executable container also: establishes a two-way trusted relationship between the endpoint device and a target network device; securely obtains, via the secure peer-to-peer data network, a user interface element definition describing a user interface element executable by the target network device; and supplies the user interface element definition to a secure keyboard resource executed in the endpoint device, causing the secure keyboard resource to generate a local representation of the user interface element for control of the target network device via the secure keyboard resource.

Abstract: In one embodiment, a method comprises: tracking, by a first security agent executed within a user network device, a plurality of wireless data networks that are available for connection by the user network device for secure communications with a second network device in a secure peer-to-peer data network, and maintaining a history of each of the wireless data networks; determining for each of the wireless data networks, by the first security agent, a corresponding risk assessment that identifies a corresponding risk in encountering a cyber threat on the corresponding wireless data network; and supplying, to a second security agent executed within the user network device, a recommendation for connecting to a wireless data link identified as avoiding the cyber threat during the secure communications, wherein the user network device has a two-way trusted relationship with the second network device in the secure peer-to-peer data network.

Abstract: In one embodiment, a method comprises: generating and maintaining, by a replicator device in a secure peer-to-peer data network, a secure private key and secure public key; establishing a two-way trusted relationship with a second replicator device for a pairwise topology of two-way trusted replicator devices; establishing a two-way trusted relationship with a first endpoint device based on validating a secure attachment request using the secure private key, and obtaining a second secure public key of the first endpoint device; validating, using the second secure public key, a secure data packet from the first endpoint device and destined for the second endpoint device, and obtaining information for reaching the second endpoint device via the second replicator device; and securely signing the secure data packet, received from the first endpoint device and destined for the second endpoint device, into a secure forwarded packet for secure transmission to the second replicator device.