Abstract: A client device that is not originally compliant with a particular security standard (e.g., FIPS) is brought into compliance through the addition of a standard-compliant software-based cryptographic library. In order to adapt the cryptographic library to integrate with the hardware-backed keystore, a non-hardware-backed software keystore is used to store keys used by the cryptographic library. Additionally, in order to provide appropriate security for the software keystore, the software keystore (and/or the keypairs within the software keystore) is protected by a password, and the password is in turn protected by the hardware-backed keystore. Thus, to obtain the password needed to obtain a keypair from the software keystore that is in turn needed to use the cryptographic library, a user must authenticate with the operating system, e.g., by providing biometric credentials.

Abstract: Methods, systems, and computer program products for implementing an administrative unit management process. An object membership request that includes a membership access change for an object for one or more administrative units of a plurality of administrative units is received at a management service from a client device. Membership evaluation information associated with the object is obtained from a directory service for the plurality of administrative units. A membership change action is determined based on the membership evaluation information. Instructions are provided to at least one administrative unit of the plurality of administrative units to implement the membership change action. A membership change notification is sent to the client device.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including identifying a resource allocation communication between first network equipment and second network equipment via a network, with the resource allocation communication including a command authority and an allocation command. In an additional operation, based on the resource allocation communication, a validation source can be selected to validate the command authority for execution of the allocation command by the second network equipment. Further operations include, based on a failure to validate by the validation source, blocking execution of the allocation command by the second network equipment.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for classical-quantum encryption and decryption. An example method for classical-quantum encryption includes receiving, by communications hardware, a symmetric key and a plaintext message, generating, by a function generator, an analytic function using the symmetric key and the plaintext message, computing, by a cryptography unit, a ciphertext based on a Taylor series expansion of the analytic function, and outputting the ciphertext. An example method for classical-quantum decryption, the method includes receiving, by communications hardware, a symmetric key and a ciphertext, deriving, by a cryptography unit and using a quantum computer, an analytic function using the ciphertext, generating, by a function generator, a plaintext message using the analytic function and the symmetric key, and outputting the plaintext message.

Abstract: The disclosure relates to systems, devices, and methods for authenticating users of any device requiring authentication, such as a medical device. The systems, devices, and methods can convert a standard USB mass storage device into a unique USB based authentication device that authenticates a user. The device can be programmed to grant access to one or more functions only upon verification of a user by inserting the USB based authentication device into the medical device.

Abstract: The present invention is a data protocol providing notarization of a data between two or more nodes on a content-addressable peer-to-peer storage network. A node generates a new data block, which is witnessed by peer nodes to increase the integrity of the data. Each peer node responds to the node's signature request with an encoded digital signature of the data using a private key. The node appends the signature from each witness node to the data block and then generates a cryptographic hash of the entire data block, which is used as the identity of the block.

Abstract: Disclosed is a method of providing a security service. The method is configured to include the steps of receiving a link connectable to a web page from a device of a user, connecting to a web page corresponding to the link through a remote browser and determining a risk of the connected web page, rendering a screen of the web page to be processed in the remote browser according to the determined risk, and streaming and transmitting the rendered web page screen to provide substantially the same user experience (UX) as a browser installed in the device.

Abstract: A quantum communications system may include a transmitter node, a receiver node, and a quantum communications channel coupling the transmitter node and receiver node. The transmitter node may include a pulse transmitter and pulse divider downstream therefrom. The receiver node may include a pulse recombiner and a pulse receiver downstream therefrom.

Abstract: Disclosed embodiments may include a system that may receive a document associated with an entity and may generate a first hash associated with the document. The system may prompt a first user to provide a first signature of the document and may generate a second hash associated with the first signature. The system may prompt the first user to provide authentication information and may determine whether received authentication information matches stored authentication information. In response to determining the authentication information matches the stored authentication information, the system may prompt a second user to provide a second signature of the document, may generate a third hash associated with the second signature, may generate a fourth hash associated with a verified record of the first, second, and third hashes, may generate a block comprising the first, second, third, and fourth hashes, and may publish the block to a blockchain.

Abstract: A device may include a processor configured to obtain a quantum key generated using quantum random numbers received from a quantum random number generator. The processor may be further configured to obtain a digital signature for a uniform resource locator (URL) associated with the obtained quantum key, wherein the digital signature is received from a security device configured to provide the quantum key to a user equipment (UE) device; receive a request from an application server to function as a proxy for a secure session with the UE device; authenticate the secure session with the UE device using the quantum key and the digital signature; and proxy the secure session between the UE device and the application server.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: An assistance device (1) includes: a first storage unit (14) storing therein characteristic words related to risks; a second storage unit (16) storing therein pieces of risk countermeasure information related to risk countermeasures; an extraction unit (13) that extracts a word from an input character string, searches in the first storage unit for a characteristic word that is same as or similar to the word, and extracts one of the pieces of risk countermeasure information corresponding to the characteristic word from the second storage unit; and a presentation unit (18) that presents the extracted piece of risk countermeasure information.

Abstract: In some aspects, a system may receive security vulnerability indicators associated with one or more cloud-based applications and/or properties associated with one or more cloud-based images used to create cloud instances. The system may determine, for each indicator and/or property, a corresponding remediation recommendation. The system may generate a graphical user interface that provides the indicators and/or properties with the corresponding remediation recommendations. The system may transmit, based on a user setting, a corresponding message for each indicator and/or property. The system may trigger, based on at least one of the indicators and/or properties, an automated remediation script that instructs a cloud environment to perform an action for a cloud-based application and/or image associated with the at least one indicator and/or property. The system may transmit one or more status indicators associated with the automated remediation script. Numerous other aspects are described.

Abstract: A computer implemented method includes determining a first level of risk based on a context of source code as stored. A second level of risk is determined based on a change history of the source code. A third level of risk is determined by assessing a nature of changes to the source code. The first, second, and third levels of risk are combined to generate an indication of trust in the source code.

Abstract: One example method includes an optimized approach to real-time utilization, data transfer, data storage, and transience in a T Hz-enabled zone that may be implemented in edge networks, data management, and machine learning. Multiple policies can be enforced based on new sets of attributes such as data type, location, and device movement within a zone or between zones.

Abstract: Methods, systems, and apparatuses for device fingerprint-based authentication are provided herein. A computing device may receive, from a user device, authentication credentials and a first device fingerprint. The device fingerprint may be encrypted using a public/private key pair and may identify one or more aspects of the user device, such as operating parameters of the user device. Based on the authentication credentials, the computing device may authenticate the user device, store the first device fingerprint, and send a token to the user device. The computing device may receive a request for access to content. The request may comprise the token and a second device fingerprint. The second device fingerprint may be different from the first device fingerprint. Based on the token and comparing the first device fingerprint to the second device fingerprint, the computing device may determine whether to authenticate the device that sent the request.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for intelligent verification of digital files via the analysis of metadata and other file characteristics. The system is adaptive, in that it can be adjusted based on the needs or goals of the user utilizing it, or may intelligently and proactively adapt based on the files or data received for processing. The system may be seamlessly embedded within existing applications or programs that the user may already use to interact with one or more entities.

Abstract: An access validation device includes a user interface and one or more processors. The user interface includes at least one of a display and an audio output device. The one or more processors cause an identity wallet to generate a credential regarding a medical status of a user using credential data representative of the status received from a distributed ledger. The one or more processors cause the identity wallet to present an indication of the status using the user interface.

Abstract: Provided is a process that includes: obtaining a fictitious data entry associated with a field present in a plurality of records associated with an online resource; sending a query to a monitoring application, the query specifying the fictitious data entry and a request to determine whether a second repository of compromised data includes the fictitious data entry; in response to the query, receiving query results indicating that the second repository of compromised data includes the fictitious data entry; in response to the received indication that the second repository of compromised data includes the fictitious data entry, identifying at least some of the first set of one or more repositories that store the data entry; designating other data entries within the at least some of the first set of one or more repositories as potentially having been breached; and storing the designation in memory.

Abstract: A system and a method for digital proof generation are provided. The system includes a data management module to manage dataset having plurality of data rows and a query execution and verification module including a commitment storage sub-module, a query execution sub-module and a result verification sub-module. The data management module receives query from the query execution sub-module, related to operation on data rows of plurality of data rows, which is processed to generate execution result associated with data rows. The execution result is transferred along with data rows to the query execution sub-module. A set of commitments associated with execution result is transferred to the commitment storage sub-module. The query execution sub-module transfers set of commitments, from the commitment storage sub-module, and data rows to the result verification sub-module for verification, and receives a verification result from the result verification sub-module.