Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

Abstract: Systems, methods, and other embodiments described herein relate to securing personally identifiable information associated with riding in a vehicle. In one embodiment, a method includes, in response to receiving, in a mobile device from the vehicle, telematics data about a current trip of the vehicle, securing the telematics data according to at least a mobile cryptographic key associated with the mobile device to provide the telematics data as secured data that is obfuscated. The method includes generating, by the mobile device, a secure packet including at least the secured data and a signature from the vehicle associated with the secured data. The method includes communicating, by the mobile device, the secure packet to a remote computing device to cause the remote computing device to securely store the secured data without identifying a user associated with the mobile device.

Abstract: An enhanced certificate authority system and method allows for the enhanced security, validation and Multi-Factor Authentication of user's within a digital signature and transaction system through the creation and management of a user's Digital Identity certificate so that through an enhanced certificate authority a user's identity and bona fides may be both protected and established across a diversity of electronic devices and transactions.

Abstract: Various systems and methods are provided for propagating information throughout a data center or other network environment. For instance, in certain embodiments, the functionality disclosed herein includes determines propagation rules, and then either stores and/or propagates those rules throughout the datacenter or other network environment. Propagation rules define various conditions or other variables that govern propagation of information throughout a system, such as those systems described herein. The propagation rules can then be used to perform various other functionality. For instance, the functionality described herein can be used to process updates to entities. The functionality described herein can also be used to process updates to propagation metadata. Additionally, the functionality described herein can be used to process the creation of new relationships. The functionality described herein can also be used to process the deletion of objects and/or relationships.

Abstract: A song may be matched with information in a song categorization database so that one or more categories associated with the song are identified. Specifically, a method and system for associating one or more advertising categories with a song includes receiving a set of child categories and receiving a wordnet graph. Synsets from the wordnet graph are assigned to function as activators for one or more categories. Next, a set of parent categories relative to the child categories are received. One or more scores are assigned to the parent categories based on their relationships to the child categories. Synsets from a work, such as a song lyric, are compared to the wordnet graph. Relevant child categories are identified based on synsets which match one or more activators. Matching activators are found by using only hypernym relationships between a synset from a work and an activator.

Abstract: One example provides a method for authenticating a computing device received from a manufacturer, the method including establishing a secured connection with the computing device, receiving, from the computing device, a first set of security artifacts, and retrieving, from a secure cloud storage location, a second set of security artifacts, the second set of security artifacts including the EK public key and the PCR values for the computing device obtained during manufacturing. The method further comprises, when the first set of security artifacts matches the second set of security artifacts, then verifying the computing device as trusted and permitting communication between the computing device and a secured computing environment, and when the first set of security artifacts does not match the second set of security artifacts, then not verifying the computing device as trusted and not permitting communication between the computing device and the secured computing environment.

Abstract: Methods and systems relating incentivizing a data provider to participate in a match making protocol between a business (second entity) to a user (first entity) are shown. Encryption techniques maintain the secrecy of the data providers data such as proprietary analytics of user information such that the data is need not be shared with users or businesses. Businesses can verify that the user has desired properties without learning the actual raw data owned by the data provider. Users initiate data sharing by explicit request but do not learn the actual raw data known to the data provider, only whether or not they satisfy the properties of interest. The data provider is incentivized because the business compensates the data provider for access to proofs of properties about user data.

Abstract: Verification of the identities of parties participating in network-based communication, such as telephone communication, including SMS/text communication, email communication and the like is provided. Communication identifiers (IDs) (e.g., telephone numbers, email addresses or the like) are verified as being associated with one or more communication parties and, in response, a verified communication (ID) database is established. The verified communication ID database is relied upon when a user/communication is selecting a communication ID as an address for an impending communication or receiving a communication for determining whether the communication ID is verifiably associated with a known communication party. If the communication ID is determined to be verifiably associated with a known communication party, a visual or audible output may be provided on the user's device or within the communication that indicates that the communication ID is verifiably associated with the known communication party.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: Methods, systems, and apparatus for providing secure communication. The device includes a trusted environment having a memory that is configured to store an application. The device includes one or more processors configured to perform operations of the application that execute within the trusted environment. The operations include sending an access request to connect with a second device, receiving an authentication request from the second device that requests the application to provide a zero-knowledge password proof and obtaining the zero-knowledge password proof. The operations also include sending the zero-knowledge password proof to the second device and establishing a communication channel with the second device.

Abstract: A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g. audit, inspection). Events may be audited to ensure that the data gathered is not tampered with or corrupted and to provably establish an evidence chain of custody. Metadata may mark recorded data of an event, in whole or in part, for later review. Metadata may be identified as an audit tag which may identify particular occurrences during an event. An audit tag may be urgent or non-urgent. Notice of an urgent audit tag may be sent to a server prior to sending the recorded data associated with the audit tag. Recorded data may be cryptographically signed to protect the recorded data from tampering.

Abstract: A method of communication, within a processing system of a gas turbine engine, between a first electronic component and a second electronic component, comprising: generating by the first electronic component, a request, comprising a digital certificate, intern comprising a first host public key and a first client public key, signed with a first host private key, to initiate a trusted communication session with a second electronic component; encrypting at the first electronic component, at least a portion of the request with a first client private key; transmitting the request to the second electronic component; the first host private key and the first host public key defining a first asymmetric keypair and the first client private key and the first client public key defining a second asymmetric keypair.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: A communication device capable of performing encrypted communication with other communication device with use of a common key, obtains, from the other communication device, a certificate including a public key and identification information on the other communication device, verifies validity of the certificate on a basis of the identification information on the other communication device included in the certificate, and transmits the common key encrypted by the public key to the other communication device to perform the encrypted communication in a case where the certificate is valid as a result of the verification.

Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.

Abstract: Systems and methods relating to an extension of a group signature scheme certificate that allows group users to conduct anonymous transactions in public, with the ability to subsequently audit and confirm signer identity. Auditing and confirmatory functions may include group signature openers that are configured to reveal the identity of a signer that is a member of a group by their signature. Auditing and confirmatory functions may also include group signature linkers that are configured to link two signatures to the same signer using a linking key or linking base.

Abstract: Embodiments herein describe providing a certificate signed by a local CA to an unauthenticated server rather than obtaining a certificated signed by a third-party CA. A server that already has a certificate that was signed by a third-party CA may want to establish secure connection with an unauthenticated server which does not have a signed certificate. The unauthenticated server needs a certificate signed by a CA trusted by the server that already has a signed certificate (referred to herein as the authenticated server). To do so, the unauthenticated server sends login credentials to the authenticated server so that this server knows it can trust the unauthenticated server. In turn, the authenticated server can send its signed certificate to the unauthenticated server so it can verify the authenticated server. Once verified, the authenticated server generates a signed certificate for the unauthenticated server using a local CA.

Abstract: A method for re-provisioning a user equipment (UE, 140) after a first digital security certificate for the UE (140) has expired includes communicating content data to a controller (130) over a first secure communication channel after verification of a validity of a first digital security certificate. Once it is realized the first digital security certificate has expired, the UE (140) sends a certificate provisioning request message over an unsecure channel to the controller (130) as a request to the controller (130) to provision a second digital security certificate. The UE (140) signs the certificate provisioning request message with the private key for the now expired first digital security certificate. A second digital security certificate is signed by the rescue-secret private key at the controller (130) and sent to the UE (140), which verifies its authenticity with the corresponding rescue-secret public key.

Abstract: Disclosed are various approaches for encrypting documents using mobile devices. A first application receives, from a second application a file and an identifier of a user account. The first application then sends a request for a certificate to a certificate authority and receives a certificate in response. The file is then encrypted using the certificate, and the encrypted file is returned to the second application. The second application can identify the user account as the recipient of a file. Then, the second application can send an encryption request that includes the identifier of the user account and the file to the first application. In response to the request, the second application receives the encrypted file and then provides the encrypted file to the recipient.

Abstract: The present disclosure includes apparatuses, methods, and systems for verifying a vehicular identity. An example includes a processing resource, memory, and a vehicular communication component configured to verify an identity of the particular vehicle using a public key, wherein the public key is received in response to a departure of the particular vehicle, and request, in response to verifying the identity of the particular vehicle, data corresponding to information associated with the departure of the particular vehicle.

Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.

Abstract: System and method for dynamically managing message flow. According to the example embodiments, an intermediary network device or a client device dynamically manages the flow of messages received from an electronic exchange by analyzing the client device's capabilities, such as CPU utilization. Based on a percentage of total CPU utilization, the level of throttling is dynamically adjusted, such that if the percentage of CPU utilization, or load, increases, then throttling is increased from a lower level to a higher level. Similarly, if the percentage of CPU utilization decreases significantly enough, then throttling is decreased to a lower level.

Abstract: A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.

Abstract: Among other things, techniques are described for provisioning and authentication of devices in vehicles. In one aspect, a device in a vehicle establishes a communication session with a network server that manages provisioning of devices corresponding to an enterprise associated with the vehicle. The device receives instructions from the network server to generate cryptographic keys, and in response, generates a public and private key pair. The device sends, to the network server, a certificate signing request that includes the public key and an identifier of the device. In response, the device receives a digital security certificate for the device, and a security certificate of a signing certificate authority. The device authenticates the security certificate of the certificate authority using a known enterprise root certificate, and upon successful authentication, stores the device security certificate and the security certificate of the signing certificate authority.

Abstract: Methods, systems, and computer-readable media for template-based onboarding of internet-connectible devices are disclosed. A device onboarding service receives an onboarding request comprising a proof and context of identity (PCI) of an Internet-connectible device (ICD). The service determines an account associated with the ICD based at least in part on the onboarding request. The account is associated with an account policy in an onboarding template that is determined at least in part by an owner of the account. If the PCI is verified against one or more criteria of the onboarding template, then a device configuration is determined based at least in part on the onboarding template. The service sends the device configuration to the ICD, and the ICD's behavior is determined at least in part on the device configuration. The ICD uses the access credentials of the device configuration to communicate with an application in a cloud computing environment.

Abstract: Techniques for providing a digital certificate management for blockchain technologies are described. One example method includes a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. The consensus verification result is compared to a predetermined threshold value. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.

Abstract: An application installed on a user device (e.g., a mobile device, a smart device, a communication device, a computing device, etc.) may be used to validate, authenticate, and/or authorize another application installed on and/or associated with the user device.

Abstract: Disclosed herein are methods, systems, and media for providing Bluetooth connection between Bluetooth devices. One of the methods comprises: generating, by a first Bluetooth device, a code; encrypting the code to generate a first ciphertext in response to detecting that a Bluetooth connection is disconnected; generating, by the first Bluetooth device, a broadcast packet based on the first ciphertext, and broadcasting the broadcast packet to a second Bluetooth device; receiving a scanning request from the second Bluetooth device, the scanning request including a random private address; verifying the scanning request based on the random private address; sending, in response to verifying the scanning request, a scanning response to the second Bluetooth device based on the random private address in the scanning request; and establishing a Bluetooth connection with the second Bluetooth device in response to determining that a connection request from the second Bluetooth device is received.

Abstract: A communication continuity device configured to automatically switch to alternative communication service providers and/or communication channels in response to a predicted or identified communication degradation event. The communication continuity device includes a communication hub configured to receive communication channels from different sources, and an intelligent switch device that is configured to select a communication channel to provide connectivity between an internal network within an organization and an external network outside of the organization.

Abstract: Some implementations of the disclosure are directed to: receiving an encrypted message from an entity, the encrypted message including a request to determine if a claimant of a distributed attestation is a holder of the distributed attestation; decrypting the encrypted message; using at least a public key of the entity to determine whether the entity is authorized to obtain information about the distributed attestation; and if the entity is authorized to obtain information about the distributed attestation, transmitting a response message to the entity indicating if the claimant of the distributed attestation is the holder of the distributed attestation. Authorization of the entity to obtain information about the distributed attestation may be based on role based access control rights to obtain information about the distributed attestation.

Abstract: A method is provided for verifying an authentication request to a computer network. The method may include receiving a network packet and extracting an authentication request from the network packet. The authentication request may be encrypted to store attribute-value pairs, and the method may further include decrypting the authentication request to access the attribute-value pairs. The method may also include extracting a target name and a device name from the attribute-value pairs, wherein the device name indicates an identified target device, and determining whether the target name refers to the identified target device identified by the device name.

Abstract: Electronic laboratory notebook (ELN) system (1), comprises an ELN managing application (3) of an ELN service provider and being accessible for clients via the Internet and being configured for managing the access of the clients on the electronic laboratory notebook represented by ELN data in an ELN database hosted by the ELN service provider, a client computer (2) being located on premises of the client and connected to the internet (4), the client computer (2) running a client software (7) to communicate with the ELN managing application (3) via the Internet (4), a local storage server (5) being located on premises of the client, the local storage server being configured for storing ELN-files, which include content of the ELN, and the ELN application (3) being configured for controlling, in dependence on the client's access rights, the transfer of the ELN-files between the local storage server and the client computer.

Abstract: The present disclosure provides an approach for a certificate authority (CA) that is distributed among nodes of a network, such that only a portion of the network nodes are required to sign and issue a digital certificate. Each node of the network includes a partial private key, the partial private key having been obtained by sharding the full private key. The sharding may be performed by a process known in the art, such as Shamir Secret Sharing and Distributed Key Generation. Systems that are inherently distributed may use the techniques herein to create a CA that is not centralized. The techniques herein leverage a database in the form of a distributed blockchain to store issued certificates and status of the certificates.

Abstract: Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

Abstract: The invention is applicable for use in conjunction with a system for connected vehicle communications in which each vehicle in the system is issued a limited number of unique pseudonym certificates that are used by the vehicle to establish trust in messages sent by the vehicle by signing each message with a pseudonym certificate. A method is set forth for selecting a pseudonym certificate for use, from among the vehicle's pseudonym certificates, so as to protect the privacy of the vehicle's activity against attacks by eavesdroppers, including the steps of: tracking and storing vehicle location data; computing, from inputs that include the vehicle location data, the vehicle's relative achievable anonymity in particular geographical regions; prioritizing the pseudonym certificates; and selecting a pseudonym certificate for use from among the pseudonym certificates having a priority that is determined by the relative achievable anonymity for the geographical region in which the certificate is to be used.

Abstract: According to some embodiments, methods and systems may include a provisioning application platform processor to receive a user request for an integration service. The provisioning application platform processor may then transmit information to a platform resource manager processor to facilitate creation of a plurality of microservices resulting in implementation of the integration service for a tenant associated with the user. A multi-tenant keystore management service, automatically deployed upon implementation of the integration service, may automatically call a trusted authority platform. The multi-tenant keystore management service may then receive a signed security certificate from the trusted authority platform and add the signed security certificate to a keystore deployed to the tenant.

Abstract: Systems and methods for providing call verification to prevent voice phishing, comprising: receiving a first API call, wherein the first API call is a call request from a service provider to establish a call with a client device associated with a client of the service provider; verifying an identity of the service provider, wherein verifying the identity of the service provider comprises: generating a second API call; transmitting the second API to a verification system; and receiving verification of the service provider from the verification system; transmitting a notification to the client device that includes an indication that an incoming call is from a verified service provider; verifying the identity of the client; and establishing the call between the service provider and the client after both the identity of the service provider and the identity of the client are verified.

Abstract: An information processing apparatus generates a public key pair in accordance with a certificate issuance request, generates a certificate signing request based on the public key pair and transmits an electronic certificate issuance request to an external apparatus. The information processing apparatus receives a response transmitted from the external apparatus as a response to the electronic certificate issuance request, obtains an electronic certificate included in the received response and causes an application to enable its use of the obtained electronic certificate.

Abstract: A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.

Abstract: A method for distributed training in a parameter dataset; the method for at least one coordinating node; a network of at least one distributed node; receiving a parameter dataset from a first distributed node; decrypting the received dataset; training the parameter dataset based on a training data record to obtain a trained parameter dataset; and forwarding the trained parameter dataset to a second distributed node.

Abstract: Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

Abstract: A method is provided for automating management of automatic renewal of a public key infrastructure (PKI) certificate issued by a certificate authority (CA) for a subscriber. The method includes steps of causing the subscriber to (i) transmit a first alert to a management entity for initiating renewal of the PKI certificate, and (ii) transmit a certificate signing request (CSR) to a registration authority (RA) for issuance of a renewal certificate. The method further includes steps of (iii) transmitting, from the RA to the CA, the CSR signed by the RA, (iv) receiving, at the RA from the CA, an issued renewal certificate signed by the CA, (v) sending, from the RA to the subscriber, the issued renewal certificate signed by the CA, and (vi) causing the subscriber to transmit a second alert to a management entity indicating renewal of the PKI certificate.

Abstract: A management device installed in a vehicle includes a master key storing part configured to share the master key that is used to generate an initial key held by an ECU together with an identifier of the ECU; a communication part configured to communicate with the ECU; a key generation part configured to generate the initial key of the ECU by use of the master key stored on the master key storing part and the identifier of the ECU received from the ECU via the communication part; and an initial key storing part configured to store the initial key of the ECU that is generated by the key generation part in connection with the identifier of the ECU.

Abstract: Various embodiments of systems, apparatus, and/or methods are described for restricting user devices from accessing a communication network. In one implementation, multiple user devices are assigned to a user profile. At least one access parameter is designated for the user profile. An access device monitors data usage, time usage, and content usage of each of the devices associated with the user profile. In some examples, the access device may consolidate the data usage and time usage of all of the devices. If one or more of the consolidated data usage, consolidated time usage, or content usage violates the access parameter of the user profile, the access device restricts at least one of the multiple user devices from accessing the communication network.

Abstract: Provided in embodiments of the present disclosure are a method and a device for bearing a multicast virtual private network. The method includes: assigning, by a BFIR accessing a VRF, a global VPN identifier to a multicast VRF, and carrying the global VPN identifier to notify a route to a BFER accessing the multicast VRF; after receiving a packet of the multicast VRF, encapsulating, by the BFIR, the packet with a BIER header and forwarding the packet, the forwarded packet carrying the global VPN identifier.

Abstract: A device is provided that is used by a user that transmits an authentication request including a parameter for verification to a connected mobile terminal in a case where an operation request is generated, receives, from the mobile terminal, a response including signature data generated according to biometric authentication in the mobile terminal, and executes the operation request in a case where verification of the signature data using a public key received from a service provision system is successful.

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

Abstract: An apparatus and methods are disclosed for monitoring the operation of an electrical power-transfer system and detecting and handling hazardous and undesirable system states. In accordance with one embodiment, an electrical signal is injected into the electrical power-transfer system. During or after the injection of the electrical signal, the following are measured: (1) an electrical property between a first sensor and a second sensor to obtain a first measurement, (2) the electrical property between the second sensor and a third sensor to obtain a second measurement, and (3) the electrical property between the first sensor and the third sensor to obtain a third measurement. The electrical power-transfer system is determined to be in a hazardous state based on the first measurement, the second measurement, and the third measurement, and in response to the determination one or more actions are performed to correct the hazardous state.

Abstract: A method is provided for authenticating a first device to a second device using a self-signed digital certificate, when the first device is requested to authenticate itself to the second device. Responsive to the request, a self-signed digital certificate is sent from the first device to the second device. The self-signed digital certificate includes a hash of a password that has been previously provisioned in the first device. The password previously provisioned in the first device is hashed. The hash of the password previously provisioned in the first device is compared, using the second device, with the hash of the password included in the self-signed digital certificate. The first device is authenticated if the second device confirms that the hash of the password previously provisioned in the first device matches the hash of the password included in the self-signed digital certificate.