On June 25, 2026 a patent application published that is directed to a way of putting post-quantum cryptography in front of network traffic without rewriting the software that generates it. Titled "Proxy Interception And Double Encryption System And Methods," the application is assigned to QuSecure, Inc. and carried at US20260178754A1. The label first: this is a published application, not a granted patent. It records what QuSecure filed and what the independent claims request, not anything the company can yet enforce. With that fixed, the question worth asking is what claim 1 actually covers.

Independent claim 1 is a method claim, and its structure is unusually compact for the area. The method is performed from a first computing device, which sends a second computing device instructions to initiate a proxy. The proxy is then configured to do three things: intercept a message of a user agent associated with the second device; perform custom cryptography on that message to obtain a modified message, where the custom cryptography comprises post-quantum cryptography; and send the modified message to at least one of the user agent, a reverse proxy, or a third computing device. Everything load-bearing sits in that proxy configuration. The cryptography is not something the user agent does to its own outbound data; it is something an interposed proxy does to a message it has intercepted — and that interception-then-transform shape is what distinguishes the claim from an ordinary "encrypt your traffic with algorithm X" filing.

A method of enabling custom cryptography, comprising sending, by a first computing device and to a second computing device, instructions to initiate a proxy, wherein the proxy is configured to: intercept a message of a user agent, wherein the user agent is associated with the second computing device; perform custom cryptography based on the message to obtain a modified message, wherein the custom cryptography comprises post-quantum cryptography; and send the modified message to at least one of the user agent, a reverse proxy, or a third computing device.— Proxy Interception And Double Encryption System And Methods, US20260178754A1

The post-quantum content is supplied partly in claim 1, which requires the custom cryptography to comprise post-quantum cryptography, and partly in dependent claim 2, which narrows that to at least one of a Quantum Secure Layer (QSL) protocol, a Post-Quantum Transport Layer Security (PQTLS) protocol, a Kyber algorithm, a SABER algorithm, an Enhanced McEliece algorithm, an RLCE algorithm, or a NIST candidate post-quantum algorithm. The named set spans two families the NIST process has worked through: lattice and module-lattice schemes such as Kyber and SABER, and code-based schemes such as Enhanced McEliece and RLCE. As filed, claim 1 does not bind to any single one; the algorithms arrive as a dependent limitation. Prosecution will determine which survive into any issued claim, and the scope an examiner allows may be narrower than the published language reads.

The CPC class points at transmission control, and the "double encryption" is in the claim set too

The classification is the tell. The application carries G06F 21/606 as its main class — within G06F 21 (security arrangements for protecting computers and data against unauthorized activity), the 21/60 branch is for protecting data, and the 21/606 subclass is specifically for protecting data by controlling its transmission. That placement is consistent with the disclosure: the claimed contribution is not a new cipher and not a storage-encryption scheme, but a control point in the path the data travels — a proxy that decides what cryptography a message receives in transit. It sits in the data-in-transit territory of G06F 21, adjacent to but distinct from the H04L 9/ cryptographic-mechanism classes where a new key-exchange or encryption primitive would land — the CPC reads this as a transmission-control invention rather than a cipher invention.

The title's "double encryption" is borne out in the dependent claims. Claim 7 recites that the user agent is configured to perform a first encryption and/or decryption based on the message, and that the custom cryptography comprises a second encryption and/or decryption — two layers, one from the application's existing transport security and one added by the proxy. Claim 4 adds an encapsulation mechanic: the proxy is further configured to encapsulate the message as a payload within an outer message, or to extract an inner payload from a message. Claim 5 encapsulates the original header within that payload and generates a modified header for the outer message, and claim 6 ties the modified header to a modified destination path. Read together, these claims describe the proxy wrapping the application's already-formed message inside a post-quantum-protected envelope and rewriting the outer routing — which lets the post-quantum layer ride on top of unchanged application traffic.

How the proxy gets there without modifying the application

The mechanism behind the hook — adding post-quantum cryptography without modifying the application — is a dependent-claim detail worth reading exactly. Claim 14 recites that the instructions to initiate the proxy comprise instructions to overload a library of the user agent with script instructions configured to implement the proxy, and to execute, by the user agent, those script instructions. Claim 12 fixes the user agent as a browser, the second computing device as a client device; claim 13 makes the first computing device a custom-cryptography server. So in the disclosed arrangement, a cryptography server tells a client's browser to overload one of its own libraries with script that stands up the proxy in place, and from then on the browser's messages are intercepted and re-protected by code injected into the user agent rather than by a modified application binary. Claim 8 supplies a variant in which the proxy initiates portable binary instructions within a secure virtualized environment associated with the user agent. The throughline is the same: the post-quantum layer is introduced at the user agent's runtime, not by editing the application that produced the traffic.

The application also claims the same invention in two other statutory forms. Independent claim 15 is a computing-system claim — a memory and at least one processor configured to send a second device the instructions to initiate the proxy, mirroring claim 1 — and independent claim 23 is a non-transitory computer-readable-medium claim covering executable instructions to implement a proxy configured the same way. Their dependents reach both ends of the connection: claim 28 specifies a client-implemented forward proxy, while claim 31 specifies a server-implemented reverse proxy. As with claim 1, what these claims request is one thing; what issues after prosecution is for the examiner to decide.

Where it sits in the week's cryptography drop

Read against the rest of the June 25 drop, the QuSecure application is the proxy-and-transit entry in a cluster of encryption-mechanism filings that otherwise sit closer to the cipher itself. US20260180782A1, "Standard Encryption Using Pre-And Post-Transformations," wraps a standard cipher in extra rounds of pre- and post-encryption transformations, optionally under white-box protection. US20260178757A1, "Chaining Message Authentication Codes," is directed to host-to-peripheral authenticated encryption in which the sender shares only a subset of the authentication tag and caches the rest, and US20260180795A1 is directed to authenticated encryption that extends nonce length from block-cipher-based intermediate values. Two more land at the storage and memory layer rather than the wire: US20260180806A1 ties per-chunk encryption keys to garbage collection in a log filesystem, and US20260178438A1, a memory-controller circuit, uses a MAC tag as the initialization vector for a counter-based stream cipher. Across the drop the common thread is encryption mechanics; the QuSecure hero is the one that locates its claimed contribution at an intercepting proxy in the data path and names post-quantum algorithms as the cryptography that proxy applies. What it claims, on the face of the published record, is a method, system, and medium for instructing a remote device to run a proxy that intercepts a user agent's messages and re-protects them with post-quantum cryptography. What the issued claims will cover is for prosecution to decide.