Abstract: Systems and methods for quantum-safe key infrastructures are disclosed. A method may include: (1) generating, by a first symmetric key device at a first location with a second symmetric key device at a second location, and over a symmetric key distribution channel, a symmetric key; (2) receiving, by a first encryptor at the first location, data from a first server or application; (3) encrypting, by the first encryptor, the data using the symmetric key; (4) communicating, by the first encryptor, the encrypted data to a second encryptor at the second location over a quantum-safe communication channel; (5) receiving, by the second encryptor, the symmetric key from the second symmetric key device; (6) decrypting, by the second encryptor, the encrypted data with the symmetric key; and (7) providing, by the second encryptor, the data to a second server or application.

Abstract: Systems and methods for high-performance quantum-safe key management are disclosed. A method may include: (1) receiving, by a client service router, a client request for an operation involving a key from a client computer program; (2) authenticating, by the client service router and using a credentials operations service, the client request; (3) verifying, by the client service router and using a credentials operating service, permission for the client request; (4) routing, by the client service router, the request to a cryptoprocessor, wherein the cryptoprocessor is configured to execute the operation; (5) receiving, by the client service router, a result of the execution of the operation from the cryptoprocessor; and (6) returning, by the client service router, the result to the client computer program.

Abstract: A first verifier and second verifier may share a secret string, a first and second random input; may generate a challenge according to a certified randomness protocol and may encrypt the challenge using a keyed cryptographic hash function. The first verifier may send the encrypted challenge, the first random input, and the random hash key to a prover. The second verifier may send second random input to the prover. The prover may decrypt the encrypted challenge and may execute a random quantum computation based on the certified randomness protocol and the challenge and may send a result of the random quantum computation to both the first verifier and the second verifier. The first and second verifiers may determine the results were received within a time threshold, may compare the results to ensure that they match, and may determine the result passes the certified randomness protocol.

Abstract: Systems and methods for bridging gaps in cryptographic secret distribution using line-of-sight-secured networks are disclosed. In one embodiment, a system may include: a first physical location providing a cryptographic secret; a second physical location comprising a space-based vehicle transceiver that receives the cryptographic secret from the first physical location over a secure communication channel; a space-based vehicle that receives the cryptographic secret from the second physical location over a first line-of-sight communication channel; and a third physical location that receives the cryptographic secret from the space-based vehicle over a second line-of-sight communication channel, encrypts data with the cryptographic secret, and communicates the encrypted data to the first physical location over a communication network; wherein the first physical location receives the encrypted data and decrypts the encrypted data using the cryptographic secret.

Abstract: A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encrypts the browser secret key with the shared secret key, and provides the browser secret key encrypted with the shared secret key and session information the client application over a second secure connection that is protected with the shared key material; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof.

Abstract: A method may include: (1) receiving, at a quantum key distribution node in a network of a plurality of quantum key distribution nodes, a quantum key; (2) distributing, by the quantum key distribution node, the quantum key to the other quantum key distribution nodes over a subset of the direct connections; (3) communicating, by one of the plurality of quantum key distribution nodes, the quantum key to a central key management service node, wherein the central key management service node is hardwired to the quantum key distribution node; (4) communicating, by the central key management service node, the quantum key to a secondary key management service node; (5) communicating, by the secondary key management service node, the quantum key to a last mile device; and (6) using, by the last mile device, the quantum key to encrypt or decrypt data.

Abstract: A method may include a first verifier computer program receiving an interaction with a first prover computer program for a client that requires verification comprising an identifier for the client; generating a challenge using a public identification key; issuing the challenge to the first prover computer program and to a second prover computer program; receiving a first response from the first prover computer program and a second response from the second prover computer program; determining that the first response and the second response were received within a predetermined amount of time; determining the first response and the second response are consistent; and informing the first prover computer program that the verification was successful.

Abstract: A method may include: receiving, from a streaming interface, a plurality of words for a first factor in a modular multiplication problem; as each word is received: counting, by a counting module, a number of the plurality of words received; multiplying, by a multiplier module, the word by a second; shifting left, by a left shifter module, an output of the multiplier module; accumulating, by an accumulator module, an output of the left shifter module with a partially reduced output for a prior word; receiving, by the modular reducer module, a modulus and performing partial modular reduction on an output of the accumulator module; providing, by the modular reducer module, an output of the modular reducer module to the accumulator module; and repeating until all words are received from the streaming interface; performing, by the modular reducer module, final modular reduction.

Abstract: Systems and methods for secure cryptographic secret distribution are disclosed. In one embodiment, a method for secure cryptographic secret distribution may include: (1) receiving, at a key relay station, a cryptographic secret from a webserver over a first communication network; (2) storing, by the key relay station, the cryptographic secret; (3) authenticating, by the key relay station, an end user via an end user electronic device; and (4) securely communicating, by the key relay station, the cryptographic secret to the end user electronic device. The end user electronic device is configured to store the cryptographic secret in secure storage on the end user electronic device, to encrypt data with the cryptographic secret, and to communicate the encrypted data to the webserver over a second communication network.

Abstract: A method may include a first verifier computer program receiving an interaction with a first prover computer program for a client that requires verification comprising an identifier for the client; generating a challenge using a public identification key; issuing the challenge to the first prover computer program and to a second prover computer program; receiving a first response from the first prover computer program and a second response from the second prover computer program; determining that the first response and the second response were received within a predetermined amount of time; determining the first response and the second response are consistent; and informing the first prover computer program that the verification was successful.

Abstract: Systems and methods for quantum-safe key infrastructures are disclosed. A method may include: (1) generating, by a first symmetric key device at a first location with a second symmetric key device at a second location, and over a symmetric key distribution channel, a symmetric key; (2) receiving, by a first encryptor at the first location, data from a first server or application; (3) encrypting, by the first encryptor, the data using the symmetric key; (4) communicating, by the first encryptor, the encrypted data to a second encryptor at the second location over a quantum-safe communication channel; (5) receiving, by the second encryptor, the symmetric key from the second symmetric key device; (6) decrypting, by the second encryptor, the encrypted data with the symmetric key; and (7) providing, by the second encryptor, the data to a second server or application.

Abstract: Users exploiting near-to-eye (NR2I) displays for augmented reality and/or correction of low vision are typically wearing these NR2I displays for specific tasks or for extended periods of time, potentially all their time awake. Conflicting tradeoffs between user comfort and minimal fatigue and strain during use, ease of attachment, minimizing intrusiveness and aesthetics should be concurrently balanced with providing an optical vision system that provides the user with a wide field of view, high image resolution, and a large exit pupil for eye placement with sufficient eye clearance. Accordingly, embodiments of the invention provide NR2I displays meeting these conflicts whilst also addressing the inherent variations between user in respect of their head dimensions, head and eye geometry, as well as adapting the displayed content to reflect the user's task at-hand, visual defects or degradations, visual focus and intent upon various regions-of-interest within their field of view.

Abstract: A method may include: sharing, by a client computer program and a server computer program, a set of identification keys, each identification key associated with a key label, and an authentication key; selecting, by the client computer program and the server computer program, one of the key labels; preparing, by the client computer program, quantum systems using a basis, randomly chosen bit values, and intensities; sending, by the client computer program, the quantum systems to the server computer program over a quantum communication channel, wherein the server computer program may be configured to measure the quantum systems using the basis and to announce quantum systems with photon detection; and generating, by the client computer program, a client tag using a shared keyed hash function executed on the authentication key and chosen bit values from the quantum systems with photon detection, and forwarding the client tag to the server computer program.

Abstract: A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encrypts the browser secret key with the shared secret key, and provides the browser secret key encrypted with the shared secret key and session information the client application over a second secure connection that is protected with the shared key material; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof.

Abstract: Systems and methods for bridging gaps in cryptographic secret distribution using line-of-sight-secured networks are disclosed. In one embodiment, a system may include: a first physical location providing a cryptographic secret; a second physical location comprising a space-based vehicle transceiver that receives the cryptographic secret from the first physical location over a secure communication channel; a space-based vehicle that receives the cryptographic secret from the second physical location over a first line-of-sight communication channel; and a third physical location that receives the cryptographic secret from the space-based vehicle over a second line-of-sight communication channel, encrypts data with the cryptographic secret, and communicates the encrypted data to the first physical location over a communication network; wherein the first physical location receives the encrypted data and decrypts the encrypted data using the cryptographic secret.

Abstract: Systems and methods for secure cryptographic secret distribution are disclosed. In one embodiment, a method for secure cryptographic secret distribution may include: (1) receiving, at a key relay station, a cryptographic secret from a webserver over a first communication network; (2) storing, by the key relay station, the cryptographic secret; (3) authenticating, by the key relay station, an end user via an end user electronic device; and (4) securely communicating, by the key relay station, the cryptographic secret to the end user electronic device. The end user electronic device is configured to store the cryptographic secret in secure storage on the end user electronic device, to encrypt data with the cryptographic secret, and to communicate the encrypted data to the webserver over a second communication network.

Abstract: Systems and methods for quantum key distribution (QKD) secured vault-based application-to-application communication are disclosed. A method may include: receiving, at a vault application at a first facility, a request for a shared quantum key for communication of a secret in a vault at the first facility to an application at a second facility; distilling, by quantum devices at the first and the second facility and over a quantum communication channel, a shared quantum key using a QKD protocol; receiving, by an encryptor at the first facility, the secret; encrypting, by the encryptor at the first facility, the secret with the shared quantum key, communicating, the encrypted secret to the second facility over a communication network; decrypting, by an encryptor at the second facility, the encrypted secret with the shared quantum key; and receiving, by the application at the second facility, the secret from the encryptor at the second facility.

Abstract: The invention relates to a Quantum Key Distribution system comprising a transmitter 300 and a receiver 400 for exchanging a quantum key via a quantum channel 600 through a decoy-state three state protocol wherein the transmitter comprises a transmitter processing unit 340 adapted to use random numbers from a quantum random generator to select a quantum state to encode from different states of intensity and basis, a Pulsed light source 310 adapted to generate an optical pulse, a time-bin interferometer 320 through which the generated optical pulse passes and which transforms generated optical pulse into two coherent pulses separated by the time bin duration, a single intensity modulator 360 adapted to change the intensity of the two pulses individually according to the choice made by the transmitter processing unit 340, and a variable optical attenuator 370 adapted to reduce the overall signal intensity to the optimum photon number per pulse.

Abstract: Users exploiting near-to-eye (NR2I) displays for augmented reality and/or correction of low vision are typically wearing these NR2I displays for specific tasks or for extended periods of time, potentially all their time awake. Conflicting tradeoffs between user comfort and minimal fatigue and strain during use, ease of attachment, minimizing intrusiveness and aesthetics should be concurrently balanced with providing an optical vision system that provides the user with a wide field of view, high image resolution, and a large exit pupil for eye placement with sufficient eye clearance. Accordingly, embodiments of the invention provide NR2I displays meeting these conflicts whilst also addressing the inherent variations between user in respect of their head dimensions, head and eye geometry, as well as adapting the displayed content to reflect the user's task at-hand, visual defects or degradations, visual focus and intent upon various regions-of-interest within their field of view.

Abstract: The invention relates to a Quantum Key Distribution system comprising a transmitter 300 and a receiver 400 for exchanging a quantum key via a quantum channel 600 through a decoy-state three state protocol wherein the transmitter comprises a transmitter processing unit 340 adapted to use random numbers from a quantum random generator to select a quantum state to encode from different states of intensity and basis, a Pulsed light source 310 adapted to generate an optical pulse, a time-bin interferometer 320 through which the generated optical pulse passes and which transforms generated optical pulse into two coherent pulses separated by the time bin duration, a single intensity modulator 360 adapted to change the intensity of the two pulses individually according to the choice made by the transmitter processing unit 340, and a variable optical attenuator 370 adapted to reduce the overall signal intensity to the optimum photon number per pulse.