Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for receiving, by a client from a terminal, an External Pre-Shared Key (EPKS) package comprising a transaction key, wherein the transaction key is derived by the terminal using an Initial Key (IK) and a counter, sending, by the client to a server, a first message comprising the TID and the counter, receiving, by the client from the server, a second message in response to the first message, determining, by the client, a session key using the EPKS package, and communicating by the client with the server via a communication session using the session key.

Abstract: The arrangements disclosed herein relate to generating, by a first server, a first seed using a Hash-Based Message Authentication Code (HMAC) based at least in part on a Hash Key (HK), providing, by the first server to each of a first device and a second device, the first seed, providing, by a second server to each of the first device or the second device, a second seed. The second seed is based at least in part on a stream of photons. Each of the first device or the second device generates a Derived Key (DK) based at least in part on the first seed and the second seed. Each of the first device or the second device generates a first key based at least in part on the DK and a first random number generated by a Quantum Random Number Generator (QRNG). The first device encrypts first data using the first key to obtain first ciphertext and provides the first ciphertext to the second device. The second device derives the first key and decrypts the first ciphertext using the first key.

Abstract: The arrangements disclosed herein relate to generating, by a first server, a first seed using a Hash-Based Message Authentication Code (HMAC) based at least in part on a Hash Key (HK), providing, by the first server to each of a first device and a second device, the first seed, providing, by a second server to each of the first device or the second device, a second seed. The second seed is based at least in part on a stream of photons. Each of the first device or the second device generates a Derived Key (DK) based at least in part on the first seed and the second seed. Each of the first device or the second device generates a first key based at least in part on the DK and a first random number generated by a Quantum Random Number Generator (QRNG). The first device encrypts first data using the first key to obtain first ciphertext and provides the first ciphertext to the second device. The second device derives the first key and decrypts the first ciphertext using the first key.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media for generating, by a first node, an encrypted protected message. Generating the encrypted protected message includes generating an obfuscated message by intercalating a second message into the first message, generating a protected message by applying a plurality of data protection mechanisms to the obfuscated message, and generating the encrypted protected message by applying a plurality of confidentiality techniques to the protected message. The first node transmits to a second node the encrypted protected message using a plurality of communication channels.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for a network of plurality of roving cryptography devices. Each of the plurality of roving cryptography devices includes a locomotion system configured to move each of the plurality of roving cryptography devices to a respective one of a plurality of locations of the plurality of roving cryptography devices, a network interface circuit configured to provide wireless communication services to a user device of a plurality of user devices through a network of the plurality of roving cryptography devices, and a cryptography service system configured to provide cryptographic material to the user device. The plurality of roving cryptography devices at the plurality of locations form the network for providing the wireless communication services and the cryptographic materials to the plurality of user devices.

Abstract: The arrangements disclosed herein relate to receiving, by a key management node, a first encrypted message element which is encrypted using a first symmetric key established between the key management node and a first node, decrypting, by the key management node, the first encrypted message element using the first symmetric key to obtain a first message element of a message, encrypting, by the key management node, the first message element using a second symmetric key established between the key management node and a second node to obtain a second encrypted message element, and sending, by the key management node, the second encrypted message element.

Abstract: In one arrangement, a non-transitory computer readable media having computer-executable instructions embodied therein that, when executed by at least one processor of a computing system, cause the computing system to process an electronic transaction using a schema. The schema includes a first unique entity object identifier identifying a sender, a second unique entity object identifier identifying a receiver, and a first transaction object identifier identifying the transaction. The first transaction object identifier is located at a top level of a hierarchy of a plurality of transaction object identifiers. The schema further includes transaction information comprising the first unique entity object identifier, the second unique entity object identifier, and the unique transaction object identifier.

Abstract: A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.

Abstract: The present disclosure relate to exchanging information between a start node and an end node. Based on the information session keys for a connection comprising the start node, the end node, and at least one intermediate node are established. The session keys include a data encryption session key and a Message Authentication Code (MAC) session key. The data is encrypted using the data encryption session key at the start node. MAC is generated using the MAC session key. The encrypted data is relayed, via the at least one intermediate node, from the start node to the end node without the at least one intermediate node re-encrypting the data.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for a network of plurality of roving cryptography devices. Each of the plurality of roving cryptography devices includes a locomotion system configured to move each of the plurality of roving cryptography devices to a respective one of a plurality of locations of the plurality of roving cryptography devices, a network interface circuit configured to provide wireless communication services to a user device of a plurality of user devices through a network of the plurality of roving cryptography devices, and a cryptography service system configured to provide cryptographic material to the user device. The plurality of roving cryptography devices at the plurality of locations form the network for providing the wireless communication services and the cryptographic materials to the plurality of user devices.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media including generating a token using an electronic file, the electronic file having a title and a content, and the token including a title hash based on the title of the electronic file and a file hash based on the content of the file and verifying the token based on at least one of the title hash, the file hash, and the signature.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for Quantum for DUKPT (Q-DUKPT), where an Initialization Key (IK) using a Quantum Random Number Generator (QRNG). An identifier for a device is generated by performing XOR on a Base Derivation Key (BDK) and the IK. The device derives a key for each transaction to encrypt original data using IK or a previous key. The host receives from the device the encrypted original, the identifier, and a counter that indicates a current number of transactions. The host runs the same derive function used by the device for a number of iterations equal to the current number of transactions with IK as the initial input, to derive the key used to by the device to encrypt the original data.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for receiving, by a server from a first device via a quantum channel, first verification information associated with a user of the first device. The server determines that the first verification information fails to verify against second verification information. In response to determining that the first verification information fails to verify against second verification information, the server stores the first verification information. In response to receiving, by the server from a second device, the first verification information and device information of the second device, the server flags the device information of the second device as a potential origin of fraud.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for receiving, by a client from a terminal, an External Pre-Shared Key (EPKS) package comprising a transaction key, wherein the transaction key is derived by the terminal using an Initial Key (IK) and a counter, sending, by the client to a server, a first message comprising the TID and the counter, receiving, by the client from the server, a second message in response to the first message, determining, by the client, a session key using the EPKS package, and communicating by the client with the server via a communication session using the session key.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining, by a browser, data cipher by encrypting data using a first encryption key, the first encryption key is generated using a first random number, a second random number, and a third random number. The browser sends to a server, the data cipher. The browser determines a key cipher by encrypting the third random number using a certificate of the server. The browser sends to the server the key cipher.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media for generating a first signature on a first certificate of the plurality of certificates using a first digital signature generation algorithm based on a first private key. The first signature is validated by a relying party device using a first public key in certificate chain validation. The first public key and the first private key form a first public/private key pair. A second signature is generated on a second certificate of the plurality of certificates using a second digital signature generation algorithm based on a second private key. The second signature is validated by the relying party device using a second public key in the certificate chain validation. The second public key and the second private key form a second public/private key pair. The relying party device uses a third public key in the second certificate to verify a third signature on signed data.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media including receiving, by a Time Stamp Authority (TSA) computing system from a requestor computing system, hashed data corresponding to original data, generating, by the TSA, a Time Stamp Token (TST) for the hashed data, publishing, by the TSA, the TST to a blockchain, and sending, by the TSA to the requestor computing system, the TST.

Abstract: A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media including generating a token using an electronic file, the electronic file having a title and a content, and the token including a title hash based on the title of the electronic file and a file hash based on the content of the file and verifying the token based on at least one of the title hash, the file hash, and the signature.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for receiving, by a server from a first device via a quantum channel, first verification information associated with a user of the first device. The server determines that the first verification information fails to verify against second verification information. In response to determining that the first verification information fails to verify against second verification information, the server stores the first verification information. In response to receiving, by the server from a second device, the first verification information and device information of the second device, the server flags the device information of the second device as a potential origin of fraud.