Abstract: The concepts and technologies disclosed herein are directed to quantum key distribution (“QKD”) networking as a service. According to one aspect disclosed herein, a microservices controller can establish a plurality of quantum connections with a plurality of virtual quantum connection managers (“vQCMs”) deployed in association with a set of quantum user nodes (“QUNs”) in a QKD network. The microservices controller can receive a request to initialize the QKD network. The microservices controller can coordinate with the plurality of vQCMs to handle initialization of the QKD network. The microservices controller can receive a QKD service request from a QKD network operator. The microservices controller can invoke a plurality of microservices to handle the QKD service request.

Abstract: Embodiments are disclosed for a method for private transfer learning. The method includes generating a machine learning model comprising a training application programming interface (API) and an inferencing API. The method further includes encrypting the machine learning model using a predetermined encryption mechanism. The method additionally includes copying the encrypted machine learning model to a trusted execution environment. The method also includes executing the machine learning model in the trusted execution environment using the inferencing API.

Abstract: An example operation may include one or more of identifying blockchain transactions for a particular blockchain, identifying blockchain transaction metrics from the blockchain transactions, determining whether the blockchain transaction metrics require a change to current blockchain operating rules, and when the blockchain transaction metrics require the change to the current blockchain operating rules, modifying the current blockchain operating rules.

Abstract: The technology disclosed herein provides network bound encryption that enables a node management device to orchestrate workloads with encrypted data without sharing the decryption key. An example method may include: obtaining an asymmetric key pair comprising a public asymmetric key and a private asymmetric key; establishing a symmetric key using a key establishment service, wherein the symmetric key is established in view of the private asymmetric key of a first computing device and a public asymmetric key of the key establishment service; transmitting sensitive data encrypted using the symmetric key to a persistent storage device accessible to a second computing device; initiating a creation of an execution environment on the second computing device; and providing, by the first computing device, the public asymmetric key and the location data to the second computing device, wherein the location data corresponds to the key establishment service.

Abstract: A method for mitigating network abuse includes obtaining a first set of network traffic messages of network traffic currently received by a network service and determining, via a first model, whether network abuse is occurring based on the first set of network traffic messages. When the network abuse is occurring, the method includes obtaining a second set of current network traffic messages. The method also includes, for each network traffic message in the second set of network traffic messages, labeling, via a second model, the network traffic message as an abusing network traffic message or a non-abusing network traffic message. The method also includes generating, via a third model, at least one network traffic rule. Each network traffic rule, when implemented, reduces an effect of the abusing network traffic messages.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An arrangement of particles corresponding to the first entities and the second entities may be generated. Charges associated with the particles may be determined based upon the first network profile. The particles may be rearranged to a second arrangement of particles based upon the charges. One or more clusters of particles in the second arrangement of particles may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the one or more clusters of particles.

Abstract: A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: A method for providing access to media content from a media content provider is performed at an electronic device. The method includes receiving, from a client device, a request for access to a media item. The request for access includes a self-describing user-identifier. The method includes, in response to the request for access to the media item, initiating an analysis to determine whether the client device is authorized to access the media item, the analysis including an examination of a media consumption log associated with the client device. The media consumption log stores data representing self-describing user-identifiers. The analysis includes, based on the examination of the media consumption log, detecting multiple requests from different self-describing user identifiers corresponding to the client device to determine whether the client device has reached an access limit and, when the client device has reached the access limit, terminating access to the media item.

Abstract: Methods and systems are provided for identifying suspect Internet Protocol (IP) addresses, in accordance with embodiments described herein. In particular, embodiments described herein include obtaining a set of login pairs comprising login identifiers (e.g., user identifiers) and IP addresses used in attempts to login to a source. A set of IP clusters is generated using the set of login pairs. Each IP cluster can include one or more IP addresses identified as related based on a login identifier being used to attempt to login to the source via multiple IP addresses or an IP address being used to attempt to login to the source via multiple login identifiers. Thereafter, it is determined that a particular IP cluster exceeds a threshold amount of IP addresses. Each of the IP addresses within the particular IP cluster is designated as a suspect IP address.

Abstract: In one example, a non-transitory computer readable medium for component verification and revocation includes instructions for a processor to verify that a component in a device is valid using a verification service and consequently enable a premium service. The processor may later use information from the verification service that the component is no longer valid and consequently alter the premium service.

Abstract: Provision of a virtual secure cryptoprocessor (VSC) for a guest virtual machine (VM), part of a first guest, of a hypervisor of a computer system, includes (i) storing guest VM state and VSC state together in an encrypted virtual hard disk drive file, (ii) storing a decryption key in a sealed partition, of a second guest, sealed against a physical secure cryptoprocessor, (iii) based on verifying that a host computing environment of the computer system is in a trusted state and on booting the hypervisor thereon, unsealing the sealed partition of the second guest, the unsealing providing the decryption key, and decrypting the encrypted virtual hard disk drive file using the decryption key, where the decrypting decrypts the stored guest VM state for execution of the guest VM and decrypts the VSC state to provide the VSC for use by the guest VM.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. In some embodiments, the processing chip includes immutable hardware that is enabled, without a use of any CPUs, to determine and/or confirm an expected configuration of one or more external memory chips (such as with a Serial Presence Detect operation), and/or to enable communication with the one or more external memory chips. The immutable hardware is further enabled to copy executable code from a non-volatile one of the one or more external memory chips to another of the one or more external memory chips so that a CPU of the processing chip is able to securely boot by fetching initial instructions from the copy of the executable code.

Abstract: A technique for generating a diversified encryption key for a contactless legacy magnetic stripe card is disclosed. The diversified key can be generated using a master key, a key diversification value and an encryption algorithm. In one example embodiment, the key diversification value can be provided by the user as a fingerprint, numeric code or photo. The user can provide the key diversification value to the card or a cellphone. The card can generate the diversified key using the user provided key diversification value. The card or the cellphone can transmit the user provided diversification value to the server and the server can regenerate the diversified key using the user provided diversification value.

Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

Abstract: In some embodiments, there is provided a method for updating a gateway in a substation. The method includes receiving, at a gateway from a server, an update package assigned with a first identifier, the update package including at least one of: a configuration associated with at least one monitoring device connected to the gateway; and an application configurable to collect data from the at least one monitoring device; in response to receiving the update package, determining whether the first identifier matches a second identifier of the gateway; and in response to determining that the first identifier matches the second identifier of the gateway, updating the gateway with the received update package.

Abstract: Systems and methods for detecting network anomalies are described. These may include determining burst scores for external network resources, determining burst scores for internal network resources, and using the burst scores to construct a burst graph where the edges are weighted by the number of connections between each resource. The graph is then analyzed by a graph convolutional neural network to identify patterns from which anomalous network traffic can be detected and from which corrective action can be taken. These techniques can allow for better detection and mitigation of abusive network traffic, improve computer network security, and provide more robust access to networked computer resources.

Abstract: A user authentication device includes a user authentication setter that enables or disables a predetermined plurality of authentication methods, and a user authenticator that accepts user authentication by the authentication method that the user authentication setter enables, and a controller that controls the user authentication setter and the user authenticator. When the user authentication setter accepts a setting that enables a single authentication method among the plurality of authentication methods, the controller controls the user authentication setter to disable all authentication methods other than the single authentication method, and the user authenticator accepts only user authentication by the single authentication method.

Abstract: A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.

Abstract: A method for hosted payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). The method further comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. Also, the method comprises reconfiguring a host payload according to unencrypted host commands, and reconfiguring a hosted payload according to unencrypted hosted commands. Additionally, the method comprises transmitting host payload data to a host receiving antenna. Also, the method comprises transmitting hosted payload data to a hosted receiving antenna and/or the host receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, encrypted host telemetry to the host SOC; and transmitting, by a hosted telemetry transmitter, encrypted hosted telemetry to the host SOC.