The post-quantum problem is easy to state and hard to act on. A sufficiently powerful quantum computer could break the public-key cryptography — RSA, elliptic curve — that secures most of today's internet traffic. Such a machine may not exist yet, but data stolen and stored now could be decrypted later, which means the clock is already running. Post-quantum cryptography is the set of algorithms built to withstand that future attack.

Two granted patents describe a notably pragmatic way to make the transition. US12003629B2, "Secure server digital signature generation for post-quantum cryptography key encapsulations" (issued June 4, 2024; CPC H04L 9/0861 — key exchange), and the related US11722296B2, "Device securing communications using two post-quantum cryptography key encapsulation mechanisms" (issued August 8, 2023), describe using two key-encapsulation mechanisms together. Read them at US12003629B2 and US11722296B2.

The way this actually works is a hedge. A key-encapsulation mechanism (KEM) is how two parties agree on a shared secret key over an insecure channel. The post-quantum algorithms are new and less battle-tested than the classical ones — so combining two of them (or a classical and a post-quantum one) means an attacker would have to break both to recover the secret. If one mechanism turns out to have a flaw, the other still protects the connection. It's belt-and-suspenders cryptography for an uncertain transition.

One analogy, then gone: it's two locks on the same door, from two different manufacturers. If a master key turns up for one brand, the second lock — built differently — still holds. You don't bet everything on one mechanism whose long-term strength nobody can yet guarantee.

Why this matters for the business of security: the PQC migration is a generational, sector-wide project. Standards bodies have finalized post-quantum algorithms, and every vendor that ships encryption — TLS libraries, VPNs, identity providers, hardware security modules — has to migrate. That's years of mandated work and a wave of product refresh cycles, which is precisely the kind of durable demand that shows up in security vendors' roadmaps. The hybrid "two-KEM" approach in these grants is the cautious default for getting there without betting on an unproven algorithm.

The grounded takeaway: PQC is encryption built to survive quantum attack, and the practical migration path is hybrid — run a classical and a post-quantum mechanism together until confidence builds. These grants name that hedge precisely. The threat is future-tense; the engineering, as the filings show, is present-tense.