Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes transmitting a first portion of an electronic communication to a client device over a non-PQC communications channel. The example method further includes transmitting a second portion of the electronic communication to the client device over a PQC communications channel. In some instances, the first portion of the electronic communication may comprise overhead data, and the second portion of the electronic communication may comprise payload data.

The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to accessing permissions data and access control data for pairs of compute resources and storage resources in the cloud environment, tracing network communication paths between the pairs of the compute resources and the storage resources based on the permissions data and the access control data, accessing sensitivity classification data for objects in the storage resources, qualifying a subset of the pairs of the compute resources and the storage resources as vulnerable to breach attack based on an evaluation of the permissions data, the access control data, and the sensitivity classification data against a set risk criterion, and generating a representation of propagation of the breach attack along the network communication paths, the representation identifying relationships between the subset of the pairs of the compute resources and the storage resources.

A user device and a server conduct a secure online transaction. The user device transmits received user login and credentials to the server, as well as one or more properties of the user device, such as a list of applications stored on the user device. The server transmits one or more restrictions back to the user device, such as which ports to close, which applications to close, and what features of applications and the operating system should be limited during the transaction. After implementing the restrictions, the user device and the server conduct the online transaction. A unique ID may be transmitted throughout the transaction and the unique ID may be a hash. After the transaction, the user device purges transaction data, restores normal operation, and notifies the server. The transaction may be conducted in a second tunnel and the other communication via a first tunnel.

A method includes establishing a multi-link security association between a transmitter upper Media Access Control (MAC) logic entity of a transmitter and a receiver upper MAC logic entity of a receiver. The transmitter includes one or more transmitter links. The receiver includes one or more receiver links.

Systems, methods and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. A computing system is communicatively coupled to a plurality of data channels configured to access entity data via at least one data channel communication network. A plurality of data sources configured to store entity data are associated with the respective data channels. A processing circuit is communicatively coupled to a particular data channel via a data channel communication network and is structured to receive, via the data channel, entity data comprising device connectivity data, parse properties from the device connectivity data where the properties correspond to particular security dimensions, identify vulnerabilities associated with the properties, determine vulnerability impact, and generate a multi-dimensional risk score for a target computer network environment associated with the entity.

In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.

System and methods are provided for receiving identification information from remote user devices associated with users. The identification information serves to obtain corresponding stored user profiles. Primary communication channels are generated for each user based upon their profiles. Each such primary channel is limited to communication with, and facilitates electronic communication between, a single corresponding enterprise data source, and users. For each respective primary channel in a subset of the primary channels of a first user, a corresponding plurality of sub-channels is generated based upon their profile. Each such plurality of sub-channels forms a corresponding hierarchical tree with the corresponding primary channel as root node and the sub-channels as child nodes. A sub-channel in a hierarchy of sub-channels enables secure bidirectional communication between (i) the remote user device associated with the first user and (ii) the enterprise data source associated with the primary channel of the hierarchy.

A system for creating a combined electronic identification that obtains user information (202) about a user of a hardware device (100), authenticates the user from the user information (202), obtains a hardware profile (208) of the device (100), the hardware profile 208 comprising user generated data stored on the device (100) and links the user information (202) and the hardware profile (208) as a combined electronic identification. The hardware device (100) can be comprised of a main processor, memory, a touchscreen interface, and a wireless communication module, such as a mobile phone, computer, or tablet computer.

Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.

A system for granting access to an account at an access device includes a computer server having a hardware processor and a memory storing a software code. The hardware processor executes the software code to receive a login request from the access device through a first communications socket, open a second communications socket between the access device and the computer server, transmit a verification request message including a required call-to-action to a verification device through a third communications socket, and receive a verification response message verifying that the required call-to-action has been completed at the verification device. Upon receiving the verification response message, the software code sends an access token for accessing the account to the access device through the second communications socket, receives the access token from the access device, and grants the access device access to the account.