Abstract: Systems and/or methods of the present disclosure enable ledger interoperability using a controller to perform an operation between a first user and a second user on separate entity-specific distributed ledgers, where the separate entity-specific distributed ledgers are both operatively linked to a membered common distributed ledger. The controller burns a first quantity of first entity-specific tokens from the first entity-specific distributed ledger and mints a second quantity of the common tokens on the membered common distributed ledger, where the first quantity of first entity-specific tokens and the second quantity of the common tokens represent an equivalency. The controller moves the second quantity of common tokens from a first encrypted storage to a second encrypted storage of the membered common distributed ledger, burns the second quantity of the common tokens and mints a third quantity of the second entity-specific tokens on the second entity-specific distributed ledger to complete the operation.

Abstract: Systems, methods, and storage media for abstraction and enforcement of protected resources in an identity infrastructure are disclosed. Exemplary implementations may: identify one or more protected resources for one or more identity domains of an identity infrastructure; receive, at the identity infrastructure, a dataflow pertaining to first identity data for a first identity domain; request the first identity session based at least in part on the first identity data; receive a request to access a first protected resource of the one or more protected resources; accept the first identity session by the first protected resource; and provide the first user access to the first protected resource.

Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes tokenizing a first value using a tokenization algorithm to generate a first token. The first value and first key are inputs of the tokenization algorithm. A message is generated. The message includes a first value identifier associated with the first value and a first key generation identifier associated with the generation of the first key. The message is associated with the first token. A second key is generated. A second value is tokenized using a tokenization algorithm to generate a second token. The second value and second key are inputs of the tokenization algorithm.

Abstract: Embodiments are directed to systems that attempt to establish trust in relation to operations on a customer endpoint of a computer network. The systems monitor, in real-time, operations to file systems, registries, application processes and threads, and OS kernels at the customer endpoint. The systems maintain compute components affected by the operation in a quarantine state. The systems then attempt to establish trust in the affected compute components (e.g., by applying rule-based policies). The systems remove the affected compute components from the quarantine state, if trust of the one or more affected compute components is established. The systems execute callback routines to mitigate results of the operation, if trust of the affected compute components is not established.

Abstract: Methods, systems, and apparatus for transmitting qubits encoding quantum information with reduced risk of interception from an eavesdropper. In one aspect, a method includes encoding quantum information into an information qubit; encrypting the information qubit, comprising performing i) a parity operation on the information qubit and a parity control qubit and ii) a phase operation on the information qubit and a phase control qubit; performing, by a sender party, a sequence of one or more quantum logic gates on the phase control qubit; sending the information qubit, parity control qubit, and phase control qubit to a recipient party; and sending data identifying the sequence of one or more quantum logic gates to the recipient party, wherein the recipient party obtains the quantum information encoded into the information qubit using the information qubit, parity control qubit, phase control qubit, and data identifying the sequence of one or more quantum logic gates.

Abstract: Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges.

Abstract: Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.

Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

Abstract: A method is provided for automating management of automatic renewal of a public key infrastructure (PKI) certificate issued by a certificate authority (CA) for a subscriber. The method includes steps of causing the subscriber to (i) transmit a first alert to a management entity for initiating renewal of the PKI certificate, and (ii) transmit a certificate signing request (CSR) to a registration authority (RA) for issuance of a renewal certificate. The method further includes steps of (iii) transmitting, from the RA to the CA, the CSR signed by the RA, (iv) receiving, at the RA from the CA, an issued renewal certificate signed by the CA, (v) sending, from the RA to the subscriber, the issued renewal certificate signed by the CA, and (vi) causing the subscriber to transmit a second alert to a management entity indicating renewal of the PKI certificate.

Abstract: A computer-implemented method for protecting data on devices may include (i) identifying a device that is operated by a user and that comprises private data pertaining to the user, (ii) determining that stalkerware on the device is sending the private data to an unauthorized device not operated by the user, (iii) requesting, in response to determining that the stalkerware is sending the private data to the unauthorized device, that the user select at least one safety plan step from a set of safety plan options, and (iv) modifying, at least in part based on the safety plan step selected by the user, outgoing data sent by the stalkerware to the unauthorized device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: Embodiments provide for distributed transaction-based provenance tracking of agricultural data, secured access to authorized user accounts, auditability of the data, and transactional oversight of the data when exchanged between user accounts. A distributed ledger network including a primary node and a plurality of secondary nodes can store transactions generated based on various operations on or associated with agricultural data, including the certification of select portions of agricultural data collected by a data collection device, commands received from client devices associated with user accounts purchasing or licensing the agricultural data, and detected attempts to access the agricultural data, among other things.

Abstract: A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to create, via a visual information flow creation tool, at least one information flow object. The server is additionally configured to create, via the visual information flow creation tool, an electronic signature field in the at least one information flow object, and to provide the at least one information flow object to communicate an electronic signature request to an electronic signature system.

Abstract: A threat protection system provides for detecting links in a document and analyzing whether one of the detected links is a malicious link that may direct a user of the document to a malicious universal resource locator (URL). In one implementation of the described technology, when a user selects a link in a document, a link activation module calls a threat protection client module that performs a reputation check for the link. If the selected link is malicious, the threat protection client module sends a URL of a warning page to the link activation module.

Abstract: Quantum network devices, systems, and methods are provided to enable long-distance transmission of quantum bits (qubits) for applications such as Quantum Key Distribution (QKD), entanglement distribution, and other quantum communication applications. Such systems and methods provide for separately storing first, second, third, and fourth photons, wherein the first and second photons and the third and fourth photons are respective first and second entangled photon pairs, triggering a synchronized retrieval of the stored first, second, third, and fourth photons such that the first photon is propagated to a first node, the second and third photons are propagated to a second node, and the fourth photon is propagated to a third node, and creating a new entangled pair comprising the first and fourth photons at the first and third nodes to transmit quantum information.

Abstract: Provided herein are exemplary systems and methods including the generation of a superior strategy for deployment to real time actual conditions with dynamic feedback to the secure intelligent networked architecture in order for adjustments to be made to the strategy being deployed to the real time actual conditions and the learned generation of subsequent strategies.

Abstract: Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes.

Abstract: A transmitter Continuous-Variable Quantum Key Distribution (CV-QKD) device stores and transmits a quantum signal over a communication channel. A receiver CV-QKD device receives the quantum signal via the communication channel and via a reception band. The receiver CV-QKD device determines a quantum communication channel. The receiver CV-QKD device communicates the determined quantum communication channel to the transmitter CV-QKD device over an authenticated communication channel. The transmitter CV-QKD device obtains a modified quantum signal by modifying the stored quantum signal based on the determined quantum communication channel. The transmitter CV-QKD device and the receiver CV-QKD device generate a secret key using the modified quantum signal and the received quantum signal.

Abstract: A first permission allocated to a first identity may be identified. Permission usage information may be analyzed. The permission usage information may include permission usage history information and permission usage pattern data. An estimated probability of a future usage of the first permission by the first identity may be forecasted based, at least in part, on the permission usage information. A first recommendation relating to allocation of the first permission to the first identity may be determined based, at least in part, on the estimated probability. The first recommendation may be a recommendation for the first identity to retain the first permission or a recommendation to deallocate the first permission from the first identity. An indication of the first recommendation may be provided to a user.