Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A method for evaluating an aerosol infection risk includes; a release step releasing fine particles having an average particle size of 10 ?m or less into a space having a predetermined volume so that the amount in the space is at least 50 mg/m3; an identifying step includes measuring the number of fine particles in the space after the releasing step, calculating a specific elapsed time until the number of fine particles decreases to a predetermined number based on a relationship between the elapsed time from the end of the releasing step and the number of fine particles measured at each elapsed time, and identifying a reduction capacity to reduce fine particles in the space from the specific elapsed time; and, evaluation steps of evaluating that there is an aerosol infection risk in the space when the reduction capacity is less than the standard reduction capacity required for the space.

Abstract: A server including a processor and a non-transitory computer readable medium is provided. The medium includes computer-executable instructions cause the processor to perform operations including obtaining a filter data structure comprising a plurality of hash values, each hash value corresponding to a computer device of a plurality of computer devices in an update campaign, determining that a requesting computerized device is in the update campaign, in response to determining, sending a request to confirm that the computerized device is a member of the campaign, in response to confirming that the computerized device is a member of the campaign, providing the device update to the computerized device, and in response to determining that the computerized device does not belong to the campaign, providing an indication that there is no device update for the computerized device.

Abstract: A method for detecting an exploit in a processing instruction. The method may comprise steps of receiving processor instructions, analyzing the processor instructions to detect data flow instructions, trimming out the data flow instructions, comparing the data flow instructions to a pre-defined pattern for exploit behavior, and generating an exploit notification in response to detecting the pre-defined pattern for exploit behavior in the data flow instructions.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: Systems, methods, computer-readable media, and devices for accessing onboard operational data in a vehicle. The systems, methods, computer-readable media, and devices may include hardware and/or software for performing operations that include: obtaining user information and vehicle information, obtaining verification information, e.g., from a verification source, verifying that a specific user is associated with the vehicle based on the verification information, communicatively connecting to the vehicle based on the vehicle information; obtaining the onboard data from the vehicle; and providing the onboard data to the user. In embodiments, the user may be the owner of the vehicle, the registrant of the vehicle, or a repair person that is servicing the vehicle and needs access to onboard data besides OBD error codes.

Abstract: Systems, devices, and methods for updating computerized devices. Functions and operations can include: obtaining a filter data structure (e.g., a bloom filter data structure) that may include hash values corresponding to each of the computerized devices to be updated; determining whether a computerized device is to obtain a device update based on a hash value associated with the computerized device matching a hash value of the filter data structure; and providing the device update to the computerized device when there is a match. The provided device update may modify the operation of the computerized device that receives it.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: A first processing device obtains a first copy of software from a repository, the first copy including first computer instructions and first data for indicating a running state of a device. A validation request is sent, which includes a seed, an algorithm identifier, a number of random numbers to generate, and a nonce. The first processing device generates the number of first random numbers using the seed and an algorithm corresponding to the algorithm identifier, and maps the first random numbers to memory blocks, each of which includes a respective first computer instruction of the first copy or the first data. A first hash is calculated from contents of the mapped memory blocks and the nonce. A second hash, calculated using information included in the validation request and a software copy on a second processing device, is received. An action is automatically performed when the hashes do not match.

Abstract: Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.

Abstract: Systems, methods, and devices for establishing a confidence level for local operational data for a device within a technological ecosystem, such as the V2X ecosystem. The systems, methods, and devices may perform operations that include: obtaining local operational data for the device; obtaining messages from multiple external devices participating in the ecosystem, wherein each of the messages includes external operational data for the transmitting external device; determining, based on the local operational data and the external operational data from the messages, a confidence level for the local operational data; and executing a remedial action when the confidence level falls below a threshold for the confidence level. The systems and devices may include a local data source that stores the local operational data and a communication interface.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: A system and method are provided for routing content requests. On a given server network, content requests comprising a character string may be routed up a hierarchical network topology until a linear chain, corresponding to the character string, is identified. Thus, the content request is forwarded up the hierarchy until an intersecting server network is reached. Then the content request is forwarded down the hierarchy until, along a published linear chain corresponding to the character string, until a content source is reached. Content is provided to the requestor along a reverse path of the content request.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from r the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Abstract: A system can include a certificate application programming interface (API) device that is operable to receive, via an application programming interface (API), an enrollment request for the at least one computerized device. The certificate API device can also generate, via the API, an enrollment package and an end entity certificate package for the at least one computerized device by obtaining the enrollment package and the end entity certificate package from a certificate management service (CMS). The certificate API device can also transmit, via the API, the enrollment package and the end entity certificate package to the at least one computerized device. The system can also include the CMS that is operable to provide the enrollment package and the end entity certificate package to the certificate API device.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.