Abstract: Systems and methods for enforcing contract/protocol/law execution having a wide range of applicability. The disclosed systems and methods have very low latency between a transaction and its validation and have strong scalability. One example embodiment is a system for enforcing execution of a protocol among a plurality of parties. The example system includes a controller provider configured to manage a plurality of automated controllers. The system also includes a ledger and an inspector. The plurality of automated controllers correspond to the plurality of parties. Each automated controller is configured to enforce execution of the protocol using a computer program integrated with the automated controller. The controller provider intercepts messages sent or received by the automated controllers and stores them in the ledger. The ledger, thus, represents the history of events or operations between the parties, and the treatment of those events or operations by the controllers.

Abstract: This document describes techniques and apparatuses directed at preventing eavesdropping resources from acquiring unauthorized data via mechanically excitable sensors. In aspects, an electronic device includes a privacy manager configured to analyze one or more signals generated by a mechanically excitable sensor. Responsive to the analysis, the privacy manager may extract unauthorized data from the one or more signals based on a signal received at a mechanical transducer, and further based on calibration data collected during an interaction between the mechanically excitable sensor and the mechanical transducer during a prior calibration sequence.

Abstract: Systems and methods to detect attacks on the clocks of devices in time sensitive networks are described. Particularly, the disclosed systems and methods provide detection and mitigation of timing synchronization attacks based on pseudo-random numbers generated and used to select and authenticate timing of transmission of messages in protected transmission windows.

Abstract: A security platform of a data network is provided that includes security services for computing devices in communication with the data network. The security platform may apply a security policy to the computing devices when accessing the Internet via a home network (or other customer network) and when accessing the Internet via a public or third party network. To provide security services to computing devices via the home network, the security platform may communicate with a security agent application executed on the router (or other gateway device) of the home network. In addition, each of the devices identified by the security profile for the home network may be instructed or otherwise be provided a security agent application for execution on the computing devices. The security agent application may communicate with the security platform when the computing device connects to the Internet over a third party or public access point.

Abstract: A system includes a processing device, operatively coupled to memory, to obtain one or more ciphers that are supported by a device that is coupled to a network, determine, by the processing device, a value associated with the device, based on whether each of the one or more ciphers that are supported by the device is quantum-safe, and generate a notification based on the value.

Abstract: A method of generating a nonce includes measuring a TOA and a corresponding first or second state value of a plurality of first photons, wherein respective ones of the plurality of first photons are entangled with respective ones of a plurality of second photons in a first basis, which is time, and entangled in a second basis. A first ordered list of the measured TOAs of the plurality of first photons is generated. A TOA and a corresponding first or second state value of the plurality of second photons are measured. A second ordered list of the measured TOA of the plurality of second photons is generated. TOA matches between the first ordered list and the second ordered list are determined. The first or second state values that correspond to the determined TOA matches between the first ordered list and the second ordered list are determined. A shared secret random number is determined using the first or second state values that correspond to the determined TOA matches.

Abstract: This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type.

Abstract: Disclosed are an access security system using a security card and a mobile terminal, and a security method for same. The present disclosure configures a mutual security function for storing an encrypted public key in a security card (E-card), and storing a private key, which can decrypt the encrypted public key, in a mobile terminal. Accordingly, a security function that is strengthened to the next level is achieved which: only allows secure access at an entrance by means of a mutual certification procedure through an NFC connection between the security card and the mobile terminal; increases the security efficiency of access management while preventing the security of a secure server from being neutralized by an information leak that has occurred due to the loss, theft, hacking, duplication, or the like of the security card; and in particular, fundamentally prevents abnormal connections by third parties to IoT equipment that can be connected to the secure server as a result of the neutralization of security.

Abstract: Methods, systems and apparatus for implementing a secure quantum swap operation on a first and second qubit. In one aspect a method includes establishing, by a first party and with a second party, an agreement to use a secure swap protocol; performing the quantum swap operation, comprising, for each two-qubit gate included in the quantum swap operation: performing, by the first party and according to the secure swap protocol, a respective preceding quantum gate cipher on the first qubit; performing, by the first party and the second party, the two-qubit gate on the first qubit and the second qubit; and performing, by the first party and according to the secure swap protocol, a respective succeeding quantum gate cipher on the first qubit. The preceding and succeeding quantum gate ciphers comprise computational bases that anti-commute with a computational basis of the two-qubit gate across a second axis of the Bloch sphere.

Abstract: An application operation control device includes processing circuitry configured to store associated file information that indicates, in association with each other, an application and an associated file that is a file whose integrity is to be verified when integrity of the application is determined, and associated application information that indicates, in association with each other, the application and an associated application that is an application that is potentially affected when the integrity of the application is damaged, determine integrity of the associated file of the application, and in a case where, among a plurality of the associated files of the application, integrity of any of the plurality of the associated files is determined to be damaged, extract, as a target application for operation control, an application associated with an associated file the integrity of which is determined to be damaged from the associated file information.

Abstract: A token-based security risk assessment service for multi-factor authentication (MFA) is described. An enterprise may utilize the security risk assessment service, and a telecommunication service provider may provide the security risk assessment service as a network-based service. The security risk assessment service may be configured to monitor identifiers (IDs) of elements associated with users associated with an enterprise to determine if any have changed. Any changes may be factored into an adjustment to the user's security profile. Furthermore, the enterprise can utilize the security risk assessment service to implement a token-based MFA scheme where Short Message Service (SMS) is used as an authentication factor.

Abstract: The present invention relates to methods for secure computation and/or communication. Entangled photons (118) are generated such that each participating party receives a series of optical pulses. Each party has private information (110, 112) which are never transmitted through public or private communication channels. Instead, each party converts their respective private information (110, 112) into measurement bases via an encryption process (114, 116) which are then applied to the entangled photons (118). After the measurement process, e.g., quantum frequency conversion (122, 124), reference indices are announced (124, 126) so that computation can be performed (128) without revealing the private information directly or indirectly.

Abstract: A computer implemented method searches data. A number of processor units generates a candidate search result using an index for a data source in response to a search query by a user, wherein the candidate search result comprises files accessible by the user based on access control information in the index. The number of processor units generates a completed search result with a set of the files from the candidate search result having a confidentiality level less than or equal to a threshold confidentiality level. The number of processor units determines whether the user has access to a file in the candidate search result in which the file has the confidentiality level greater than the threshold confidentiality level for the data source. The number of processor units adds the file to the completed search result in response to the file being accessible by the user in the data source.

Abstract: One example method includes providing temporary access to a computing system and to providing temporary access as a service. The features of a temporary access can be defined by an entity and a user may be able to obtain a token that includes these features, which may be embedded in the token as claims. The user's access is then controlled in accordance with the embedded claims. The temporary access as a service can be federated. The token may include trust levels and tolerance limits. Further, aspects of the temporary access can be monitored and/or changed. Adjustments to trust levels can be automated or manually performed. Further trust for specific users can be gained or lost over time based on at least previous accesses.

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

Abstract: A method of encrypting and decrypting multiple individual pieces or sets of data in which a computing device randomly selects a group of seeds that it then uses to generate irrational numbers. Sections of the generated irrational numbers can be used as one-time pads or keys to encrypt the corresponding data sets. Intended recipients can then reverse the process using their allowed keys to access data for which they have authorization.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A Data Security Management System using a communications interface configured to receive and transmit one or more portions of Post Quantum Resistant Encrypted data within a network comprising a plurality of endpoints. Using End-to-End (E2E) Post Quantum Resistant encryption techniques to protect the data, the Data Security Management System provides the flexibility for multiple data schemes in a distributive environment such as, but not limited to, Hyperledger. The system uses a Policy Manager to perform the base configuration of the session to be transmitted or received in an encrypted state. This encrypted state comprises Post Quantum Cryptographic algorithm in use for that session, inclusive with associated keys or digital signatures. The Policy Manager is further configured to verify an identity of endpoint by a multifactor cryptographic authentication mechanism or a biometric authentication mechanism to validate a connection to or from an endpoint.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.