Abstract: The present invention relates to methods for secure computation and/or communication. Entangled photons (118) are generated such that each participating party receives a series of optical pulses. Each party has private information (110, 112) which are never transmitted through public or private communication channels. Instead, each party converts their respective private information (110, 112) into measurement bases via an encryption process (114, 116) which are then applied to the entangled photons (118). After the measurement process, e.g., quantum frequency conversion (122, 124), reference indices are announced (124, 126) so that computation can be performed (128) without revealing the private information directly or indirectly.

Abstract: A computer implemented method searches data. A number of processor units generates a candidate search result using an index for a data source in response to a search query by a user, wherein the candidate search result comprises files accessible by the user based on access control information in the index. The number of processor units generates a completed search result with a set of the files from the candidate search result having a confidentiality level less than or equal to a threshold confidentiality level. The number of processor units determines whether the user has access to a file in the candidate search result in which the file has the confidentiality level greater than the threshold confidentiality level for the data source. The number of processor units adds the file to the completed search result in response to the file being accessible by the user in the data source.

Abstract: One example method includes providing temporary access to a computing system and to providing temporary access as a service. The features of a temporary access can be defined by an entity and a user may be able to obtain a token that includes these features, which may be embedded in the token as claims. The user's access is then controlled in accordance with the embedded claims. The temporary access as a service can be federated. The token may include trust levels and tolerance limits. Further, aspects of the temporary access can be monitored and/or changed. Adjustments to trust levels can be automated or manually performed. Further trust for specific users can be gained or lost over time based on at least previous accesses.

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

Abstract: A method of encrypting and decrypting multiple individual pieces or sets of data in which a computing device randomly selects a group of seeds that it then uses to generate irrational numbers. Sections of the generated irrational numbers can be used as one-time pads or keys to encrypt the corresponding data sets. Intended recipients can then reverse the process using their allowed keys to access data for which they have authorization.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A Data Security Management System using a communications interface configured to receive and transmit one or more portions of Post Quantum Resistant Encrypted data within a network comprising a plurality of endpoints. Using End-to-End (E2E) Post Quantum Resistant encryption techniques to protect the data, the Data Security Management System provides the flexibility for multiple data schemes in a distributive environment such as, but not limited to, Hyperledger. The system uses a Policy Manager to perform the base configuration of the session to be transmitted or received in an encrypted state. This encrypted state comprises Post Quantum Cryptographic algorithm in use for that session, inclusive with associated keys or digital signatures. The Policy Manager is further configured to verify an identity of endpoint by a multifactor cryptographic authentication mechanism or a biometric authentication mechanism to validate a connection to or from an endpoint.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A quantum communications system includes a communications system that operates with a quantum key distribution (QKD) system, which includes a transmitter node, a receiver node, and a quantum communications channel coupling the transmitter node and receiver node. The transmitter node may be configured to transmit to the receiver node a bit stream of optical pulses, and switch between first and second QKD protocols based upon at least one channel condition.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A system and method are provided for mitigating key-exhaustion attacks in a key exchange protocol. The method includes computationally confirming an exchange of key bits has provided fresh shared key material before information theoretically confirming the exchange of key bits has provided fresh shared key material, while maintaining synchronization between messaging parties. In one implementation, maintaining synchronization includes updating keys in between each post-processing message session and managing a local state of each messaging party in the key exchange protocol prior to sending a next post-processing message. In another implementation, maintaining synchronization includes hiding a message containing the information theoretic authenticator by executing a decoy authentication process, prior to using an information theoretical key.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for user authentication. In one embodiment, the user authentication occurs using a multi-provider platform. The multi-provider platform enables the use and retrieval of user information from the given provider for the use and assessment of information associated with the user. User information may also be received over a web link communicated at least in part by a risk checkpoint component to a user device, wherein the user information received and that retrieved may be jointly used for determining user authentication.

Abstract: Disclosed are a quantum color image encrypting method based on modification direction and corresponding circuit, respectively providing quantum modular circuits design for a parallel adder, a parallel subtractor, a comparator, a cyclic shift add 1, and a cyclic shift subtract 1; and based on these modular circuits, circuit for implementing quantum color image steganography is provided. From the complexity analysis of implementing quantum circuit for color image steganography, it is seen that for a two-dimensional quantum color image with 22n pixels and the R, G, and B channels of which are respectively represented by q number of quantum bits, the steganography algorithm is an efficient transformation method, and the circuit complexity is O(q2+n), which can hardly be achieved by classical geometric transformation. The disclosure is applicable for many practical image processing applications, e.g.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Embodiments are disclosed for a quantum key distribution (QKD) enabled intra-datacenter network. An example system includes a first QKD device and a second QKD device. The first QKD device includes a first quantum-enabled port and a first network port. The second QKD device includes a second quantum-enabled port and a second network port. The first quantum-enabled port of the first QKD device is communicatively coupled to the second quantum-enabled port of the second QKD device via a QKD link associated with quantum communication. Furthermore, the first network port of the first QKD device is communicatively coupled to a first network switch via a first classical link associated with classical network communication. The second network port of the second QKD device is communicatively coupled to a second network switch via a second classical link associated with classical network communication.

Abstract: In one embodiment, an apparatus includes: a clock generator to receive a reference clock signal and generate a first clock signal using the reference clock signal; a counter coupled to the clock generator to maintain a first count regarding a number of cycles of the first clock signal; and a controller coupled to the counter. The controller may be configured to detect a potential security violation when the first count varies from a predetermined value.

Abstract: Systems and methods are provided for context-based authentication, via a decentralized network. One example method includes receiving, at a mobile device, from a relying party, a request for an attribute of a user in connection with an interaction between the user and the relying party and determining a type of authentication to be used for the interaction, based on an authentication policy of the relying party and multiple context signals stored in the mobile device prior to providing the attribute to the relying party. The multiple context signals are indicative of one or more patterns indicative of the user and/or the mobile device. The method also includes soliciting authentication data from the user consistent with the determined type of authentication, receiving, by the mobile device, the solicited authentication from the user, and providing the attribute to the relying party in response to the user being authenticated at the mobile device.

Abstract: Systems, methods, and non-transitory computer readable media are provided for security-aware caching of resources. An offline version of a resource may be prepared for a computing device. The offline version of the resource may include a security parameter. The security parameter may define a security rule to be enforced with respect to offline usage of the resource. The offline version of the resource may be provided for caching by the computing device. The cache of the offline version of the resource may enable the offline usage of the resource by the computing device. The security rule for the offline usage of the resource may be enforced by the computing device based on the security parameter.

Abstract: Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, a method of operation for a number theoretic transform (NTT) butterfly circuit is disclosed. The (NTT) butterfly circuit includes a high input word path cross-coupled with a low word path. The high input word path includes a first adder/subtractor, and a first multiplier. The low input word path includes a second adder/subtractor, and a second multiplier. The method includes selectively bypassing the second adder/subtractor and the second multiplier, and reconfiguring the low and high input word paths into different logic processing units in response to different mode control signals.