Abstract: Embodiments provide for distributed transaction-based provenance tracking of agricultural data, secured access to authorized user accounts, auditability of the data, and transactional oversight of the data when exchanged between user accounts. A distributed ledger network including a primary node and a plurality of secondary nodes can store transactions generated based on various operations on or associated with agricultural data, including the certification of select portions of agricultural data collected by a data collection device, commands received from client devices associated with user accounts purchasing or licensing the agricultural data, and detected attempts to access the agricultural data, among other things.

Abstract: A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to create, via a visual information flow creation tool, at least one information flow object. The server is additionally configured to create, via the visual information flow creation tool, an electronic signature field in the at least one information flow object, and to provide the at least one information flow object to communicate an electronic signature request to an electronic signature system.

Abstract: A threat protection system provides for detecting links in a document and analyzing whether one of the detected links is a malicious link that may direct a user of the document to a malicious universal resource locator (URL). In one implementation of the described technology, when a user selects a link in a document, a link activation module calls a threat protection client module that performs a reputation check for the link. If the selected link is malicious, the threat protection client module sends a URL of a warning page to the link activation module.

Abstract: Quantum network devices, systems, and methods are provided to enable long-distance transmission of quantum bits (qubits) for applications such as Quantum Key Distribution (QKD), entanglement distribution, and other quantum communication applications. Such systems and methods provide for separately storing first, second, third, and fourth photons, wherein the first and second photons and the third and fourth photons are respective first and second entangled photon pairs, triggering a synchronized retrieval of the stored first, second, third, and fourth photons such that the first photon is propagated to a first node, the second and third photons are propagated to a second node, and the fourth photon is propagated to a third node, and creating a new entangled pair comprising the first and fourth photons at the first and third nodes to transmit quantum information.

Abstract: A transmitter Continuous-Variable Quantum Key Distribution (CV-QKD) device stores and transmits a quantum signal over a communication channel. A receiver CV-QKD device receives the quantum signal via the communication channel and via a reception band. The receiver CV-QKD device determines a quantum communication channel. The receiver CV-QKD device communicates the determined quantum communication channel to the transmitter CV-QKD device over an authenticated communication channel. The transmitter CV-QKD device obtains a modified quantum signal by modifying the stored quantum signal based on the determined quantum communication channel. The transmitter CV-QKD device and the receiver CV-QKD device generate a secret key using the modified quantum signal and the received quantum signal.

Abstract: Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes.

Abstract: A first permission allocated to a first identity may be identified. Permission usage information may be analyzed. The permission usage information may include permission usage history information and permission usage pattern data. An estimated probability of a future usage of the first permission by the first identity may be forecasted based, at least in part, on the permission usage information. A first recommendation relating to allocation of the first permission to the first identity may be determined based, at least in part, on the estimated probability. The first recommendation may be a recommendation for the first identity to retain the first permission or a recommendation to deallocate the first permission from the first identity. An indication of the first recommendation may be provided to a user.

Abstract: Provided herein are exemplary systems and methods including the generation of a superior strategy for deployment to real time actual conditions with dynamic feedback to the secure intelligent networked architecture in order for adjustments to be made to the strategy being deployed to the real time actual conditions and the learned generation of subsequent strategies.

Abstract: Embodiments of the present invention disclose a wireless network access control method, device, and computer readable medium. The method includes: receiving via a mobile network an access request sent by a user device for requesting Internet access by using a wireless network of a wireless access device after a sharing status of the wireless network is set to be enabled by a setting device; and performing control processing to allow the user device to access the Internet by using the wireless network, such that the wireless access device processes Internet data related to the user device via the wireless network after the user device accesses the Internet by using the wireless network.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for identifying accounts having shared credentials. In some implementations, a content management system can collect user login context data when a user logs in to or accesses a user account of the content management system. For example, the content management system can collect client device data, client application data, internet protocol (IP) address data, and/or other data from the user's device when the user logs in to the user account. The content management system can analyze the login context data to determine patterns that indicate that the user account login credentials are being shared among multiple users.

Abstract: Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

Abstract: The techniques herein are directed generally to providing access control and identity verification for communications when initiating a communication from an entity to be verified. In one embodiment an initiating device initiates a communication to a receiving device on a communication channel, wherein the receiving device is configured to determine whether an identity associated with the initiating device is verified by a verification service. The initiating device verifies the identity through a verification service client application on the initiating device, and conveys, to the verification service over a verification channel, that the identity associated with the initiating device is verified, wherein the verification service conveys, to the receiving device over the verification channel, that the identity is verified.

Abstract: This application describes methods, mediums, and systems for verifying a device for use in a messaging system. Using the device verification procedures described, a messaging system can securely authorize new devices to send and receive encrypted messages on behalf of a user, preferably without the need to share a private encryption key between the users' different devices. The application describes several techniques that can be used to provide such a system, including distributing a computer-perceptible code that encodes encryption information between a secondary device and a primary device. This allows the information to be distributed without intervention by a server. Other techniques provide unique ways to build and reverify authorized device lists, distribute encryption keys in chat channels, ensure that lists of authorized devices are distributed in the correct order and remain valid for an appropriate amount of time, add new devices to an ongoing or new conversation, and more.

Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

Abstract: A microprocessor for mitigating side channel attacks includes a memory subsystem having at least a data cache memory and configured to receive a load operation that specifies a load address. The processor performs speculative execution of instructions and executes instructions out of program order. The memory subsystem, in response to detecting that the load address misses in the data cache memory: detects a condition in which the load address specifies a location for which a valid address translation does not currently exist or permission to read from the location is not allowed, and prevents cache line data implicated by the missing load address from being filled into the data cache memory in response to detection of the condition.

Abstract: An illustrative method includes identifying, based on an output of a machine learning model that receives data associated with an operation of a hardware component as an input, an anomaly in the data, determining that the anomaly is representative of an issue associated with the hardware component, and performing, based on the determining that the anomaly is representative of the issue associated with the hardware component, a remedial action that affects a performance of the operation of the hardware component.

Abstract: A transmitter Continuous-Variable Quantum Key Distribution (CV-QKD) device stores and transmits a quantum signal over a communication channel. A receiver CV-QKD device receives the quantum signal via the communication channel and via a reception band. The receiver CV-QKD device determines a quantum communication channel. The receiver CV-QKD device communicates the determined quantum communication channel to the transmitter CV-QKD device over an authenticated communication channel. The transmitter CV-QKD device obtains a modified quantum signal by modifying the stored quantum signal based on the determined quantum communication channel. The transmitter CV-QKD device and the receiver CV-QKD device generate a secret key using the modified quantum signal and the received quantum signal.

Abstract: A processing device of a memory sub-system is configured to receive, from a host system, host data to be stored at a memory sub-system in an encrypted form; determine that the host data exceeds a threshold size associated with an encryption operation; separate the host data into a plurality of segments based on the threshold size associated with the encryption operation; determine that a particular segment of the plurality of segments does not satisfy a size requirement of data associated with the encryption operation; modify the particular segment to satisfy the size requirement of data associated with the encryption operation; encrypt each of the plurality of segments based on the encryption operation; and store the encrypted plurality of segments at the memory sub-system.

Abstract: Systems and methods are provided for protecting a plurality of electronic devices via a control server. The control server, for example, can receive one or more indications that a first electronic device is considered malicious and add it to a security threat list. Then the control server can communicate the security threat list to others of the electronic devices, networked for communication with each other, such that the other electronic devices reject all communication from any device listed on the security threat list. Next, upon receiving indication from an approved security patch-providing source that a security patch has been applied to the first electronic device, the control server can remove the first electronic device from the security threat list and communicate the updated security threat list to the other electronic devices indicating that it is safe for these electronic devices to again receive communication from the first electronic device.

Abstract: Systems and methods to control data access and usage by storing a permitted use of a set of data items. The permitted use identifies: a set of computer resources to be used to operate on the set of data items; rules for operating on the data items; and a data product to be generated from the set of computer resources operating on the set of data items. A project space provides the set of computer resources to operate on the set of data items according to the permitted use, wherein the data product is to be transferred from the project space to a user device separate from the system; and a usage monitor records operations of the set of computer resources on the set of data items in the project space for compliance with the permitted use. A data air-lock mechanism implements dynamic permissions rules based on actual usages.