Abstract: A computing device obtains prescribed sequences of code points for respective pictographs (e.g., “emojis”) from a prescribed destination, determines identifiable graphical subcomponents from the prescribed sequence of code points for each pictograph, and maps the identifiable graphical subcomponents into distinct pattern marker types used for generation of a selected pictograph. The mapping includes aggregating selected graphical subcomponents from among the pictographs as distinct options for an identified one of the pattern marker types. The computing device causes display of the pictographs as a grouping together of respective variations relative to a root pictograph that is based on the identified one of the pattern marker types, where the grouping is based on arranging the distinct options for the pattern marker types relative to the root pictograph, enabling a user selection of the selected pictograph within the grouping relative to the root pictograph.

Abstract: A secure executable container executed by a first endpoint device in a secure peer-to-peer data network detects that a second endpoint device is unavailable for execution of a secure asynchronous transaction with the first endpoint device, and generates a secure request for an assisting device (the second endpoint device or a third network device) requesting an indication once the second endpoint device is available for execution of the secure asynchronous transaction. The secure request does not contain any user-generated data. Upon the secure executable container receiving the indication generated by the assisting device that the second endpoint device is available for the execution of the secure asynchronous transaction, the secure executable container causes autonomic execution for completing the secure asynchronous transaction with the second endpoint device.

Abstract: A secure executable container executed by a network device generates a secure private key and a secure public key for secure communications in a secure peer-to-peer data network, and establishes a trusted two-way relationship with a second network device based on receiving a second secure public key generated by the second network device and the second network device receiving the secure public key. The secure executable container encrypts a data structure into an encrypted data structure using the secure private key, and autonomically replicates the data structure based on securely sending a copy of the data structure (or the encrypted data structure) to the second network device using the second secure public key. The secure executable container autonomically executes a secure recovery of the copy, from the second network device, in response to detecting an unusability of the encrypted data structure stored in the network device.

Abstract: A secure keyboard resource executed in a network device detects a user input, and generates a user input data structure representing the user input relative to input options presented to the user, the user input data structure based on the secure keyboard resource identifying a position of the user input relative to the input options. The secure keyboard resource sends the user input data structure to one or more executable destination resources, having requested supply of the user input data structure responsive to a user selection, only via a corresponding data path providing the destination resource with access to the user input data structure, for execution of a service by the one or more executable destination resources based on the user input data structure. The secure keyboard resource thus minimizes spying by limiting access of the user input data structure to the destination resource via the data path.

Abstract: Secure access recovery to a network device includes encrypting a user password into an encrypted target password using a secret regenerative key, and adding a one-time password seed and the encrypted target password into a secure recovery container, which is stored securely in the network device and a trusted recovery device. In response to a recovery request, a one-time password can be generated using the one-time password seed to retrieve the encrypted target password from the recovery device. A decrypted recovery password is generated based on executing decryption on an input string based on the secret regenerative key. The encrypted target password, retrieved from the secure recovery container in the network device, is decrypted into a decrypted target password based on the secret regenerative key. Secure access is recovered in response to determining the decrypted recovery password matches at least a part of the decrypted target password.

Abstract: In one embodiment, a method comprises: first determining, by a secure executable container executed by a network device, whether an input string entered by a user of the network device starts with a valid user access password for access via the secure executable container to one or more secure services; second determining, by the secure executable container, whether the input string further includes a prescribed delimiter contiguously following the valid user access password; third determining, by the secure executable container, whether the user has input a valid command password contiguously following the prescribed delimiter; and selectively executing, by the secure executable container, a prescribed command associated with the valid command password based on determining the user has input the valid command password contiguously following the prescribed delimiter.

Abstract: In one embodiment, a method comprises: establishing, by a secure executable container executed by a network device, a two-way trusted relationship with a verified subscriber that enables secure user access by the verified subscriber to a secure peer-to-peer data network, including creating a secure public key and a first device identifier uniquely identifying the network device, for insertion into a first device identity container that provides secure identification of the network device in the secure peer-to-peer data network; obtaining a second device identity container for a second network device and comprising a second public key owned by the second network device and a second device identifier uniquely identifying the second network device; and establishing a corresponding two-way trusted relationship with the second network device based on executing a prescribed secure salutation protocol with the second network device based on the second public key and the second device identifier.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by a network device, a request initiated by a user for a community forum in a secure data network, the user having generated the request via an endpoint device and the user having established a two-way trusted relationship with the endpoint device in the secure data network; processing, by the secure executable container, the request for the community forum in the secure data network, the processing including causing a network device executing a community server to post the community forum in the secure data network according to identifiable features selected by the user; and preventing, by the secure executable container, any executable resource in the network device from accessing the secure data network without authorized access via a prescribed Application Programming Interface (API) required by the secure executable container.

Abstract: In one embodiment, a method comprises: generating, by a secure executable container executed by an endpoint device in a secure peer-to-peer data network, a secure private key and a first secure public key; first establishing, by the secure executable container, a two-way trusted relationship with a second endpoint device, including receiving a second secure public key of the second endpoint device; second establishing, by the secure executable container, a two-way trusted relationship with a replicator device, including receiving a third secure public key of the replicator device; generating, by the secure executable container using the second secure public key, a secure data packet destined for the second endpoint device, including generating an encrypted payload for the secure data packet; and generating and outputting to the replicator device, by the secure executable container using the third secure public key, a secure tunneled data packet, including encrypting the secure data packet.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by an endpoint device, a request from an originating entity for initiating a secure peer-to-peer communication with a second network entity via a secure data network, the originating entity and second network entity having established a two-way trusted relationship in the secure data network; processing, by the secure executable container, the request based on providing the originating entity sole and exclusive authority to control the secure peer-to-peer communication, including cryptographically secure termination and removal of the secure peer-to-peer communication from any network device in the secure data network; and initiating, by the secure executable container, the secure peer-to-peer communication by securely sending, to the second network entity via the secure data network, a secure peer-to-peer invitation for the second network entity to join the secure peer-to-peer communication.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by a network device, a request initiated by a user for a community forum in a secure data network, the user having generated the request via an endpoint device and the user having established a two-way trusted relationship with the endpoint device in the secure data network; processing, by the secure executable container, the request for the community forum in the secure data network, the processing including causing a network device executing a community server to post the community forum in the secure data network according to identifiable features selected by the user; and preventing, by the secure executable container, any executable resource in the network device from accessing the secure data network without authorized access via a prescribed Application Programming Interface (API) required by the secure executable container.

Abstract: In one embodiment, a method comprises: initiating, by an executable agent within a secure executable container executed by a network device, a monitoring of a network-based service between the network device and a second network device having a two-way trusted relationship with the network device within a secure peer-to-peer data network, the network-based service based on a securely-stored secure data structure or a securely-transmitted secure data structure in the secure peer-to-peer data network; executing, by the executable agent, a secure machine learning operation based on one or more user actions associated with the network-based service, wherein the secure executable container prevents any access of any unencrypted data structure, or accessing the secure peer-to-peer data network, without authorized access via a prescribed Application Programming Interface (API); and autonomically executing, by the executable agent, an improved operation for the network-based service based on the machine learning.

Abstract: In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.

Abstract: The systems and methods of enabling a collaborative application on a private network, comprising: establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys; hosting an application on a computing device associated with a first profile on the whitelist; enabling the application to accept content using an application program interface, broadcasting the application with digital signature of the first profile to the profiles on the whitelist of the private network; receiving a request to send content to the application with digital signature from a second profile on the whitelist; automatically updating the content of the application after validation of the request; broadcasting the update notification to all the profiles on the whitelist of the private network.

Abstract: In one embodiment, a method comprises: tracking, by a first security agent executed within a user network device, a plurality of wireless data networks that are available for connection by the user network device for secure communications with a second network device in a secure peer-to-peer data network, and maintaining a history of each of the wireless data networks; determining for each of the wireless data networks, by the first security agent, a corresponding risk assessment that identifies a corresponding risk in encountering a cyber threat on the corresponding wireless data network; and supplying, to a second security agent executed within the user network device, a recommendation for connecting to a wireless data link identified as avoiding the cyber threat during the secure communications, wherein the user network device has a two-way trusted relationship with the second network device in the secure peer-to-peer data network.

Abstract: In one embodiment, a method comprises: monitoring, by a first security agent executed within a network device, for real-time detection of a cyber threat in the network device, the network device configured for secure communications in a secure peer-to-peer data network, the monitoring including detecting a detected cyber threat; communicating by the first security agent with at least one notified agent about the detected cyber threat, the at least one notified agent one of a second security agent executed within the network device, or a corresponding first security agent in a second network device having a two-way trusted relationship with the network device in the secure peer-to-peer data network; and executing, by the first security agent, a corrective action to at least mitigate the cyber threat based on the communicating with the at least one notified agent of the detected cyber threat.

Abstract: In one embodiment, a method comprises: securing, by a security agent executed within a network device, first secure data structures for secure storage in the network device and second secure data structures for secure communications in a secure peer-to-peer data network; monitoring, by the security agent, a corresponding mandatory lifecycle policy for each of the first secure data structures; and cryptographically erasing one of the first secure data structures in response to expiration of the corresponding mandatory lifecycle policy.

Abstract: In one embodiment, a method comprises: generating and maintaining, by a replicator device in a secure peer-to-peer data network, a secure private key and secure public key; establishing a two-way trusted relationship with a second replicator device for a pairwise topology of two-way trusted replicator devices; establishing a two-way trusted relationship with a first endpoint device based on validating a secure attachment request using the secure private key, and obtaining a second secure public key of the first endpoint device; validating, using the second secure public key, a secure data packet from the first endpoint device and destined for the second endpoint device, and obtaining information for reaching the second endpoint device via the second replicator device; and securely signing the secure data packet, received from the first endpoint device and destined for the second endpoint device, into a secure forwarded packet for secure transmission to the second replicator device.

Abstract: In one embodiment, a method comprises: receiving, by a network device, a request from a requesting party to register the network device as an endpoint device in a secure peer-to-peer data network; cryptographically generating a secure private key and a secure public key associated with the requesting party utilizing the network device; generating and sending a registration request, including the secure public key and an external network address for reaching the requesting party via an external data network, to a prescribed destination associated with the secure peer-to-peer data network; and selectively registering the network device as the endpoint device in response to verifying a validation response having been sent to the external network address and that includes the secure public key, including creating a federation identifier associated with the external network address and an endpoint identifier uniquely identifying the endpoint device, and associating the endpoint identifier with the federation ident

Abstract: In one embodiment, a method comprises: generating and maintaining, by a network device in a secure peer-to-peer data network, a secure private key and a corresponding secure public key; establishing, by the network device, a two-way trusted relationship with a second network device in the secure peer-to-peer data network; generating by the network device a temporal key, and encrypting a data packet payload using the temporal key into an encrypted payload; encrypting, by the network device, the temporal key into an encrypted temporal key using a second secure public key of the second network device; and generating and outputting a secure data packet comprising the encrypted temporal key and the encrypted payload, enabling a receiving network device to verify the secure data packet is not a copy based on a determined absence of a prior prescribed hash of at least a portion of the encrypted temporal key.