Abstract: Systems and methods for utilizing X509 certificates for granting access, such as for location tracking access, physical location access, access to digital content, and the like, include receiving a request for access from a requestor, wherein the request includes one or more of a time, a time period, a location, and a type of access, wherein the access is one of access to a user's location on a user device, access to a physical location, and access to content controlled by the user; issuing a certificate to the requestor based on the request, wherein the certificate includes the time period; one of allowing the requestor to perform the access until expiration of the time period and revoking the certificate prior to the expiration thereby preventing the access.

Abstract: Systems and methods for a blockchain-based OCSP responder using smart contracts and custom URI scheme for certificate revocation management. Various embodiments include, responsive to a requirement to determine status of a digital certificate, obtaining blockchain information from the digital certificate; interacting with a specified blockchain network based on the blockchain information; and determining a status of the digital certificate based on the Interacting.

Abstract: Systems and methods, implemented by a host machine, include, responsive to a peripheral device being coupled to the host machine and responsive to being granted access to data on the peripheral device, determining a presence of a change log on the peripheral device; responsive to a lack of the presence of the change log on the peripheral device, preventing access to the peripheral device; and, responsive to the presence of the change log on the peripheral device, allowing access to the peripheral device based on the change log.

Abstract: Cryptographic systems and methods are provided. A method, according to one implementation, includes a step of generating a plurality of key pairs in response to receiving a request from a client for one or more digital certificates. The key pairs are associated respectively with the one or more digital certificates. Also, each key pair includes a public key and a private key. The method further includes a step of utilizing at least the plurality of key pairs to generate the one or more digital certificates. Also, the method includes a step of encrypting the one or more digital certificates and respective private keys using a single Advanced Encryption Standard (AES) key. The method also includes a step of sending the encrypted one or more digital certificates and private keys back to the client.

Abstract: Systems and methods for applying a digitally signed QR code to a vehicle are provided. In one implementation, a method includes the step of receiving, from a requesting entity, a Certificate Signing Request (CSR) and object-related information associated with an object. The method further includes the step of issuing a digital certificate to authenticate the object and/or the requesting entity. Also, the method includes the step of digitally signing a machine-detectable code configured to reference a database associated with the digital certificate and the object-related information. The method also includes the step of sending the digitally signed machine-detectable code to the requesting entity.

Abstract: Systems and methods for determining digital trust of a device and a user for access permission include monitoring a client device and its access to a network and to resources connected to the network; analyzing behavior-based factors and posture-based factors to determine a digital trust rating at a given time for the client device, wherein the posture-based factors include a rating of certificates associated with the client device and a rating of a Domain Name System (DNS) server associated with the client device; and providing the digital trust rating at the given time for the client device for use in access permission of the client device to the network and/or to the resources.

Abstract: Techniques are disclosed for identifying and authenticating prospective certificate authority customers of a secure socket layer (SSL) certificate prior to receiving an order from the customer. The CA generates a list of prospective customers of digital certificates (e.g., by scanning networked servers via the Internet for the presence of an installed digital certificate). The CA retrieves data for each customer on the list and determines, based on a set of approval criteria, which prospective customers to target in enrollment campaigns. For each approved customer, the CA initiates an enrollment process prior to receiving a request from the customer to provide a certificate.

Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Abstract: Systems and methods for verifying the authenticity of a manufactured product are provided. In one implementation, a method includes a step of receiving a scanned image of an encoded security seal printed on a print medium associated with a package configured for protecting a manufactured product. The method also includes a step of extracting a set of coded information from the scanned image of the encoded security seal. In response to analyzing the set of coded information, the method further includes a step of determining whether the manufactured product is authentic.

Abstract: An Internet of Things (IoT) device with zero touch provisioning includes one or more processing devices; a secure element; and memory storing software that, when executed in the one or more processing devices, cause the one or more processing devices to: install one or more clients on the IoT device for provisioning, enrollment, and updating, based on a device configuration; store an immutable device identity and a signing certificate in the secure element; and responsive to the IoT device being powered-on, cause the one or more clients and the secure element to perform the zero touch provisioning of the IoT device. The one or more clients on the IoT device for provisioning, enrollment, and updating operate with corresponding services with all communicating being encrypted, thereby protecting against cloning and counterfeiting of IoT devices.

Abstract: Features are disclosed for the validation of an image and the verification of the validation of a validated image. A computing device can receive a request to validate an image. The computing device can validate the image and generate a validated image. The computing device may embed a signed token in the validated image. The signed token may include a digital certificate associated with a publisher of the image, a hash of a portion of the image, and metadata associated with the image. The computing device may store the hash of the portion of the image on a blockchain and provide the validated image. A client computing device may verify the validation of the validated image using the digital certificate, the hash of the portion of the image stored in the signed token, the hash of the portion of the image stored on the blockchain, and the metadata.

Abstract: A method of building a device historian, across a supply chain of device manufactures and managers, by a plurality of device management services comprising an enrollment service, an update service, a policy service, and an analytics service, a transaction connector, a blockchain broker service participating as a node in a blockchain network, and transaction filters. The method comprises sending, by the plurality of device management services a transaction record over the transaction connector to the blockchain broker service, receiving, by the blockchain broker service, the transaction record, filtering, by the blockchain broker service, information in the transaction record based on the transaction filters, preparing, by the blockchain broker service, a versioned block based on the filtered information from the transaction record, and adding, by the blockchain broker service, the versioned block to the blockchain network.

Abstract: Systems and methods are provided for creating authentic baseline data from high-resolution and high-definition audio and video data and for using the authentic baseline data to determine if an unknown video is real or fake. A method, according to one implementation, includes examining a questionable video of a prominent individual, wherein the questionable video shows the prominent individual speaking. The method also includes detecting speech characteristics of the prominent individual from the questionable video and detecting bodily movements of the prominent individual from the questionable video while the prominent individual is speaking. Furthermore, the method includes comparing the detected speech characteristics and detected bodily movements with reliable baseline characteristics that are certified as authentic. Based on the comparing step, the method also includes tagging the questionable video as fake or real.

Abstract: Features are disclosed for a dynamic security seal indicating a security of an application. A computing device can receive a request to implement a dynamic security seal for an application. The computing device can validate a relationship between an entity and the application and between an image and the application. Based on validating these relationships, the computing device can generate a dynamic security seal. When implemented, the dynamic security seal may display a plurality of faces. A face of the plurality of faces may be the image. The dynamic security seal can sequentially display the plurality of faces based on various criteria.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: A trust chain having client system and a remote system in a secure connection, wherein an intermediary system associated with the network flow path serves as a signing entity to establish an end to end transitive trust. The intermediate system is a corroborative entity in the operations technology realm of the client system. The remote system serves as the host for a plurality of services in the information technology realm. A two way handshake during the initial secure exchange protocol between a local client application and a remote service is extended to a three way handshake that includes a nonce issued by the remote service on the remote system and a digital signature for the nonce issued by a signature service on an associated intermediate system. The nonce signature is verified authoritatively at the remote system based on the signing certificate of the intermediate system for explicit proof of association.

Abstract: A system and method for digitally signing an object. An object signing agent sends a signing request for an object to a remote signing server, which, in response to receiving the request, generates a virtual machine executing code for signing the object. The object is signed within the virtual machine and returned to the object signing agent.

Abstract: A method, system and apparatus for authenticating target recipients for digital certificates. A certificate authority authentication system receives a request from an entity for a digital certificate including untrusted certificate validation data. The authentication system initiates a communication link using to untrusted certificate validation data to generate verified untrusted certificate validation data. Subsequently or concurrently, the system obtains, from a confirmation computing system, trusted certificate validation data. The authentication system compares the verified untrusted certificate validation data with the trusted certificate validation data and, based on the comparison, authenticates the entity and issues the requested digital certificate.

Abstract: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.

Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.