Abstract: The invention relates to a method for a secure transmission of electronic data packets in a network comprising network components.

Abstract: In some examples, an electronic device includes a component comprising information, a secure storage, and a controller to generate a digital signature based on the information of the component, and detect a modification of the component based on the digital signature. The controller can also detect a receipt of an invalid credential, and log, to the secure storage, an indication of the modification of the component and an indication of the receipt of the invalid credential.

Abstract: The present disclosure provides a system for generation and verification of signatures via user specific tokens. This system allows a user to create a token to include with or use instead of a signature, with the token generally called a “Signature Token.” The Signature Token may be a numeric token, alphanumeric token, or other appropriate character set. The system may additionally determine or assign a signature level to a signature token based on the user device information, signature information, or some combination thereof. A Signature Token can be verified by a third party, thereby authenticating the user's signature. The system provides easy access for the creation of signature tokens and verifying the tokens.

Abstract: This application provides a method for issuing a digital certificate performed by a digital certificate issuing center that includes a public-private key generation module and an authentication module. The method includes: receiving a public-private key request from a node in a blockchain network; generating a public key and a private key of the node by using the public-private key generation module, and transmitting the public and private keys to the node; receiving the public key of the node and registration information of the node, and authenticating the registration information by using the authentication module; and generating, in accordance with a determination that the authentication succeeds, a digital certificate of the node by using the authentication module, and transmitting the digital certificate to the node. The embodiments of this application can improve the probative value of an issued digital certificate, thereby improving the security of data exchange in a blockchain network.

Abstract: Disclosed is a multi-signature security account control system. The present invention comprises a multi-signature security account in which at least three participating accounts have management authority, wherein the participating accounts are a first participating account corresponding to a user terminal, a second participating account corresponding to an HSM management server, and a third participating account corresponding to an exchange server, and the HSM management server may control the authority of the multi-signature security account to be controlled by using signature information provided from at least two of the participating accounts.

Abstract: A method for preparing usage data for a relay implemented in a computer network is disclosed. In one aspect, the network comprises at least one source device, one destination device, and at least one relay constituting a circuit to set up a communication between the source device and the destination device. The source device first of all retrieves the identifiers of the relays constituting the circuit and sends a proof of use (PoU) frame addressed to the destination device, each relay of the circuit adding to the PoU frame, at the time of passage, a signature made from a challenge and a key proper to the relay.

Abstract: Various embodiments enable broadcast communications security. Various embodiments enable the authentication of broadcast communications. Various embodiments may enable asymmetric authentication and integrity protection of small size messages, such as one or more signed messages totaling a length of 250 bytes or less. Various embodiments may support cryptographic signing of beacon type messages using certificates. Various embodiments may include generating a beacon type message, cryptographically signing the beacon type message at least in part using a certificate to generate a signed beacon message, and sending the signed beacon type message in one or more broadcast transmissions in conjunction with, or independently of, certificate information used to verify the signed beacon message.

Abstract: Methods, systems, and devices for security descriptor generation are described. An end device may be authenticated based on a certificate and a device key based on a security descriptor. The security descriptor may be generated based on publicly-available information such as time of day information, geographical information, or a default set of information. The security descriptor may be used for generation of a certificate accessible by a server used for authenticating the device and also may be used by an end device to generate a device key for verification by the server authenticating the device.

Abstract: A communication system configured to provide blockchain-driven certification of iterative electronic communications such as e-mail-based communications. The system provides blockchain-driven certification by storing the hash of an e-mail thread in a blockchain each time the message or its elements are modified. This allows the system to verify whether or not the thread has been tampered with since it was last modified, when the last verified message was added to the thread. The system creates a baseline that is used towards creating trust certificates ensuring the recipients of such iterative electronic communications that the message has not been breached during its iterations that are shared between two or more parties, e.g., communications participants including senders and recipients.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for validating that a software release has successfully completed multiple development stages of a development process without alteration. To illustrate, as software (e.g., one or more files or artifacts) completes at least a portion of a development process including the development stages, data components are generated. Digital signatures are generated based on the data components and a private key, and the digital signatures are stored in a secure data structure, such as a blockchain or a tree structure. Upon receipt of the data components (e.g., as validation data of a software release) by a node device, the node device generates validation signatures based on the data components and a public key and compares the validation signatures to the digital signatures stored in the secure data structure to validate the software before processing the software.

Abstract: An example operation may include one or more of receiving, by a certificate issuer node, an asset certification request from an asset producer node over a blockchain, endorsing, by the certificate issuer node, an asset certificate in response to detection of the asset certificate issued to the asset producer node by another certificate issuer node, and recording a signature of the certificate issuer node into an asset producer node certification record on the blockchain.

Abstract: A computing device may be configured to receive a set of inputs from other computing devices. The set of inputs may include inputs derived by the computing devices utilizing cryptographic keys of the computing devices. The set of inputs may be stored in a blockchain such that the inputs are tamper resistant. A symmetric key may be generated (periodically, upon expiration of a timer, according to a protocol set, upon request, etc.) from two or more of the set of inputs. The generated symmetric key may be distributed to the computing devices. The symmetric key may be utilized to encrypt and decrypt communications between two computing devices.

Abstract: A system and method for establishing secure communications over a network based on combined capabilities of classical and quantum computers. The system and method include transmitting, via a network and by a classical computer to a quantum computer, a request for client data associated with a client device. The request causes the quantum computer to retrieve client data associated with the client device. The request causes the quantum computer to generate a signed data packet by digitally signing the client data. The request causes the quantum computer to transmit the signed data packet to the classical computer.

Abstract: A request generated by an unmanaged app to access a resource is received from a mobile device. A notification is sent to the mobile device. A device level VPN connection to the mobile device is established. A unique identifier is associated with the device level VPN. App level traffic received via the device level VPN is tagged with the unique identifier. Access to the resource is allowed in response to the request based at least in part on a determination based on the tags that app level traffic from a trusted app and app level traffic from the unmanaged app are associated with the same mobile device.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may retrieve a first hash value of a key manifest public key from a one time programmable memory medium; determine a second hash value of the key manifest public key; retrieve a third hash value of an initial boot block from the boot policy manifest; determine a fourth hash value of the initial boot block; determine that the third hash matches the fourth hash value; execute the initial boot block; validate subordinate certificates with a root certificate; determine firmware hash values respectively from the firmware volumes; decrypt signatures respectively associated with the firmware volumes to obtain respective decrypted signatures, in which the signatures are decrypted with public encryption keys of the respective subordinate certificates; determine that the firmware hash values respectively match the decrypted signatures; and execute the firmware volumes.

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

Abstract: Disclosed are methods, devices, and computer-readable media for securing data in motion and at rest in a secure memory device. In one embodiment, a memory device is disclosed comprising a storage medium and a processor, the processor configured to: receive a software image, validate a digital signature associated with the software image, write the software image to the storage medium, receive a request to launch the software image from a host processor, validate the software image, and transmit the software image to the host processor.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.

Abstract: Systems and methods for vehicle message signing are provided. A method includes obtaining, by a vehicle computing system of an autonomous vehicle, a computing system state associated with the vehicle computing system and a message from at least one remote process running a computing device remote from the vehicle computing system. The message is associated with an intended recipient process running on the vehicle computing system. The method includes determining an originating sender for the message. The originating sender is indicative of a remote process that generated the message. The method includes determining a routing action for the message based on a comparison of the originating sender and the computing system state. The routing action includes at least one of a discarding action or a forwarding action to the intended recipient process. The method includes performing the routing action for the message.