A network element and a method for execution by such network element. The method comprises processing a plurality of information streams transiting the network element to identify a particular data stream as a suspected bearer of encrypted media, the particular data stream established between a first node and a second node. The method also comprises establishing a first control stream with the first node and a second control stream with the second node, wherein the first control stream is established using credentials associated with the second node. The method further comprises obtaining a cryptographic key sent by the first node over the first control stream and destined for the second node, sending the cryptographic key to the second node over the second control stream, obtaining encrypted media sent by the second node and destined for the first node and decrypting the encrypted media based on the cryptographic key.

Systems and methods for message format communication among resource-constrained devices are generally described. In some examples, a first message sent by an edge computing device may be received. A determination may be made that the first message comprises a first data format identifier. A determination may be made that the first message comprises a first data format patch. A determination may be made that the first data format identifier was previously stored in a data structure in association with a first data format. In various examples, the first data format may be modified using the first data format patch to generate a first modified data format. The first modified data format may be stored in the data structure in association with the first data format identifier. In some examples, a payload of the first message may be read using the first modified data format.

A quantum resistant method is provided for supporting user equipment (UE) roaming across APs/eNBs/gNBs belonging to various Wireless LAN Controllers (WLCs) in enterprise 5G and WiFi co-located deployments. The method may include initializing a SKS server in an electrical communication with a master WLC with a random post-quantum common secret seed (PQSEED) to generate a post-quantum pre-shared key (PQPSK) and a respective PQPSK-ID. The method may also include sending an encrypted PQSEED along with a PQPSK-ID to a second WLC. The method may further include joining AP (WiFi) to the master WLC using a CAPWAP/DTLS protocol. The method may further include sending the PQPSK-ID from the master WLC to the UE in an EAP success packet when the UE is associated with the AP (WiFi).

This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

A communication brokering device receives, from a first device, a measurement of at least one of a bit-error-rate (BER) or a signal-to-noise ratio (SNR) associated with receipt of a transmission at the first device. The communication brokering device determines whether the first device is vulnerable to message interception or eavesdropping based on the measurement of the at least one of the BER or the SNR. The communication brokering device controls communications between at least one second device and the first device based on the determination of whether the first device is vulnerable to message interception or eavesdropping.

A method of reporting differences between a plurality of computing cluster configurations for executing containerized software applications may comprise routinely retrieving, at preset time intervals, cluster configuration files stored at computing clusters for configuring the computing clusters for execution of a containerized software application, receiving a user selection of a first cluster configuration file and a second cluster configuration file within the stored cluster configuration files, and comparing the first cluster configuration file and the second cluster configuration file. The method may also include displaying a difference between the first cluster configuration file and the second cluster configuration file resulting in the first cluster configuration file configuring one or more computing clusters for execution of the containerized software application differently than the second cluster configuration file configures one or more computing clusters for execution of the containerized software application.

A system is provided for exchanging symmetric cryptographic keys using computer network port knocking. The system may receive, from a networked computing device, a first series of packets on a first series of ports which may signify a request to open a secure network connection. Once the secure network connection has been opened, the system may receive a second series of packets on a second series of ports which may be used as seed values to generate a symmetric cryptographic key. Finally, the system may then receive a third series of packets on a third series of ports which may signify the end of the second series of packets (e.g., the seed values). In this way, the system may exchange symmetric key values with the networked computing device which may then be used to open secure communication channels between the system and the computing device.

Techniques for securing access to protected resources are provided. In the method and apparatus, an access key and proof of successful completion of a first authentication is obtained in connection to a request. The proof of completion of the first authentication and the access key are verified. The access key is then used to generate a determination that information in the access key indicates that a second authentication was successfully completed prior to allowing the request to be fulfilled.

Embodiments of the invention are directed to systems, methods, and computer program products for onboarding digital content to a platform designed specifically for seamless creation and user-friendly management of non-fungible tokens. The invention allows for users with zero knowledge of decentralized protocols to leverage the benefits of such technologies by providing a system for uploading existing digital content, automating the creation of one or more non-fungible tokens, managing permissioned access to the non-fungible tokens, and facilitating the ownership transfer of the non-fungible tokens.

The disclosure relates to, among other things, systems and methods for facilitating the secure recording of assertions made by entities tied to identities. Embodiments of the disclosed systems and methods may allow users to make non-revocable, difficult to forge, cryptographic assertions tied to their identities through the posting of entries in an immutable ledger. In certain embodiments, a user's cryptographic assertions may be preceded by ledger entries which feature certificates from trusted authorities that tie the keys used for making assertions to the user's identity. Further embodiments provide for a mechanism for disabling further entries posted under a user's key, either automatically or at the user's initiation.