Abstract: Systems and methods for coordination and management of keys and instructions for multiple encryption include, responsive to receiving encrypted data that has been encrypted via a plurality of layers of encryption, accessing a coordinator to determine instructions for multiple encryption; and decrypting the encrypted data based on the instructions and utilizing a plurality of keys with a key for each of the plurality of layers of encryption.

Abstract: Systems and methods are provided for validating client information prior to certificate issuance. A method, according to one implementation, includes a step of providing an initiation option to a validation agent in response to the validation agent selecting a portion of a document retrieved from a reliable web source, the initiation option allowing the validation agent to initiate an automated validation procedure. In response to the validation agent selecting the initiation option, the method includes a step of performing the automated validation procedure, wherein the automated validation procedure includes a) a comparing sub-step in which the portion of the document selected by the validation agent is compared with client information included in a certificate request, and b) a compliance sub-step in which it is determined whether or not a comparison, based on the comparing sub-step, complies with a validation guideline.

Abstract: Systems and methods are provided for validating client information prior to certificate issuance. A method, according to one implementation, includes a step of obtaining enrollment information submitted from an organization to a trust entity, the enrollment information including details of the organization. In response to a web browser of the trust entity being navigated to a webpage associated with the organization, the method further includes a step of extracting identifying data from the webpage. Based on a comparison between the identifying data and the details of the organization, the method also includes a step of providing feedback to a validation agent of the trust entity regarding a validation status of the organization.

Abstract: Systems and methods are provided for validating client information prior to certificate issuance. A method, according to one implementation, includes a step of displaying client information submitted by a client on a home screen of a user interface being operated by a validation agent responsible for executing a validation job for the client. Also, the method includes a step of displaying a validation sources tab on the home screen. In response to selection of the validation sources tab, the method also includes displaying links to vetted web sources from which data can be obtained to assist the validation agent with executing the validation job.

Abstract: Systems and methods for analyzing online content are provided. In one implementation, a method includes a step of evaluating an online article to derive credibility information, wherein the online article includes textual and/or graphical content that is accessible via one or more content-sharing platforms. The method also includes a step of adding the credibility information to metadata associated with the online article such that the credibility information is viewable by an end user when the online article is accessed.

Abstract: Systems and methods are provided for issuing digital certificates and promoting cybersecurity. According to one implementation, a method, executed by an end entity, includes a step of, responsive to receiving input from a user associated with the end entity, the input configured to set a flag, detecting a certificate replacement condition in which a current digital certificate issued to the end entity is ready to be reissued or replaced. The flag is configured to signify an intent to automatically transition the end entity to a different cryptography scheme. In response to determining that the flag is set when the certificate replacement condition is detected, the method further includes a step of automatically transitioning from a current cryptography scheme established over a current certificate chain to a new cryptography scheme established over an alternate certificate chain.

Abstract: Tracking hash-based signatures using a distributed ledger includes, subsequent to generating a plurality of one-time signatures (OTSs) organized in a Merkle tree for use in a stateful hash-based digital signature scheme, receiving a request for a digital signature based therein; obtaining an OTS from the plurality of OTSs based on checking the distributed ledger; and creating a transaction on the distributed ledger based on the request to mark the OTS as used. The stateful hash-based digital signature scheme can be Leighton-Micali Signature (LMS) or extended Merkle Signature Scheme (XMSS).

Abstract: Systems and methods are provided for recommending a deployment of cybersecurity products according to threat intelligence pertaining to an organization. A method, according to one implementation, includes a step of extracting, from one or more sources, cybersecurity intelligence related to an online presence of an organization. The method also includes a step of analyzing the cybersecurity intelligence to determine a cybersecurity posture of the organization, where the cybersecurity posture is defined by at least a set of one or more cybersecurity issues. Also, the method includes a step of creating a cybersecurity product deploying recommendation to assist the organization with mitigating the set of one or more cybersecurity issues.

Abstract: Systems and methods are provided for enhancing or modifying the Public Key Cryptography Standard (PKCS) #12 (P12) file formatting protocol for password-protecting digital certificates. According to one implementation, a method includes a step of receiving a certification request from a client, the certification request including at least a) a selection of a modified Public Key Cryptography Standard (PKCS) #12 (P12) file formatting scheme and b) a user password encrypted with a public key of a first key pair. The method also includes a step of using a private key of the first key pair to decrypt the user password. In addition, the method includes a step of issuing a digital certificate for the client based on the certification request, the digital certificate having a second key pair. Then, the method includes encrypting the digital certificate and user private key using the user password.

Abstract: Systems and methods are described herein for validating an Internet Protocol (IP) version 6 (IPv6) address from an IP version 4 (IPv4) network. A method, according to one implementation, includes a step of receiving an IPv4-based request from a validation server that is configured to support an IPv4 address space. The method further includes a step of sending an IPv6-based request to a domain supporting an IPv6 address space. Also, the method includes receiving a response status code and domain validation information from the domain. Then, the method includes a step of passing the response status code and domain validation information to the validation server.

Abstract: A method of issuing a digital certificate includes receiving a certificate signing request (CSR) from an entity; determining a public key of the entity from the CSR; applying encryption to the public key; checking whether a result of the encryption is in a database to determine whether the public key has been previously used; and responsive to the public key not having been previously used, issuing a certificate to the entity based on the public key and the CSR. The method can further include, responsive to the public key having been previously used, alerting the entity to resubmit the CSR with a public key that has not been previously used or inquiring from the entity whether to proceed to issuing the certificate despite previous use. The encryption can be fully homomorphic encryption (FHE).

Abstract: A method to be performed at Secure Key Service (SKS) includes, responsive to a need to establish a secure tunnel between a device and a peer device receiving a request to offload authentication and session key negotiation for a Post-Quantum Cryptography (PQC) encryption algorithm from the device performing the authentication and session key negotiation with the peer device, and providing a key for the PQC encryption algorithm from the session key negotiation to the device, for use in data exchange with the peer device via the secure tunnel.

Abstract: Systems and methods are provided for filtering and/or blocking unreliable content that might normally be injected in an Augmented Reality (AR) or Virtual Reality (VR) device. In one implementation, a method includes a step of analyzing a scene obtained by an image capture device associated with an Augmented Reality (AR) system to detect one or more visible objects in the scene. The method also includes using identifying characteristics of the one or more visible objects to obtain content related to the one or more visible objects. Before presenting the content in an augmented content overlay with respect to the AR system, the method further includes filtering the content based on one or more trust or validity factors.

Abstract: Systems and methods are provided to offer security or trust services to entities over a network. A method, according to one implementation, includes the step of receiving, from a representative of an enterprise, a selection of a group of users to be assigned one or more authorities within the enterprise. The method also includes the step of remotely accessing one or more identity information repositories associated with the enterprise to obtain records pertaining to each user of the group. Also, the method includes the step of using the records to onboard the group of users, whereby onboarding the group includes assigning the one or more authorities to each user of the group.

Abstract: Trust systems and methods are provided in a distributed architecture. In one implementation, a distributed system includes multiple Internet of Things (IoT) devices distributed throughout a network, wherein each IoT device is embedded with a local agent configured to perform processing and/or computing functionality. The distributed system further includes a backend entity, such as a device trust system, configured to manage the multiple IoT devices. In addition, the distributed system includes multiple Rendezvous Zone (RZ) proxy devices communicatively interposed at edge locations in the network between the backend entity and the multiple IoT devices. Each RZ proxy device is configured to perform trust and security functionality on behalf of one or more IoT devices of the multiple IoT devices.

Abstract: Systems and methods for enabling pub-sub communication in a distributed system are provided. In one implementation, a method includes a step of enabling publication-subscription (pub-sub) communication between a backend server and multiple end point devices using the Message Queuing Telemetry Transport (MQTT) protocol. The method further includes a step of formatting MQTT messages between the backend server and multiple end point devices using the Sparkplug specification. In addition, the method further includes a step of allowing the backend server to publish a single broadcast message targeting a subset of the multiple end point devices, thereby extending the Sparkplug specification.

Abstract: Systems and methods for utilizing X509 certificates for granting access, such as for location tracking access, physical location access, access to digital content, and the like, include receiving a request for access from a requestor, wherein the request includes one or more of a time, a time period, a location, and a type of access, wherein the access is one of access to a user's location on a user device, access to a physical location, and access to content controlled by the user; issuing a certificate to the requestor based on the request, wherein the certificate includes the time period; one of allowing the requestor to perform the access until expiration of the time period and revoking the certificate prior to the expiration thereby preventing the access.

Abstract: Cryptographic systems and methods are provided. A method, according to one implementation, includes a step of generating a plurality of key pairs in response to receiving a request from a client for one or more digital certificates. The key pairs are associated respectively with the one or more digital certificates. Also, each key pair includes a public key and a private key. The method further includes a step of utilizing at least the plurality of key pairs to generate the one or more digital certificates. Also, the method includes a step of encrypting the one or more digital certificates and respective private keys using a single Advanced Encryption Standard (AES) key. The method also includes a step of sending the encrypted one or more digital certificates and private keys back to the client.

Abstract: Systems and methods for backing up a database are provided. A method, according to one implementation, includes a step of receiving a command to perform a full backup procedure in which data stored in a database is intended to be backed up. The method further includes a step of detecting physical locations that are available for data storage. Based on the detected physical locations and a data distribution plan, the method further includes a step of dividing the data stored in the database into multiple data sections and distributing the multiple data sections to corresponding physical locations.

Abstract: Systems and methods for secure and decentralized payment for digital media content via certificates with wallet information include, responsive to a request for a certificate from a user, obtaining information from the user including identify related information and a wallet address; validating the identify related information; validating the wallet address; and responsive to validating the user and validating the wallet address, creating the certificate including the validated identify related information and the validated wallet address. The certificate can be an X509 certificate.