Abstract: A system includes a campaign management service to detect a campaign initiation request indicating a number of computerized devices to be updated for a campaign and store data corresponding to the computerized devices to be updated. The campaign management service can generate a bloom filter data structure comprising hash values based on the data for each of the computerized devices to be updated and transmit the bloom filter data structure to a network edge. The system can include the network edge that can use the bloom filter data structure from the campaign management service to determine whether a computerized device is to obtain a device update from the campaign management service. The network edge can retrieve the device update and modify the computerized device by transmitting the device update to the computerized device, which then installs it.

Abstract: Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: A system and method are provided for routing content requests. On a given server network, content requests comprising a character string may be routed up a hierarchical network topology until a linear chain, corresponding to the character string, is identified. Thus, the content request is forwarded up the hierarchy until an intersecting server network is reached. Then the content request is forwarded down the hierarchy until, along a published linear chain corresponding to the character string, until a content source is reached. Content is provided to the requestor along a reverse path of the content request.

Abstract: Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier and a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

Abstract: A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service is provided. The system includes an application programming interface (API) operable to receive certificate requests from each of a plurality of clients, each certificate request including a client identifier, a QoS manager operable to distribute the certificate requests to a corresponding client queue of a plurality of client queues based on the client identifier, select, based on at least one of a workflow and a client priority level, one or more of the certificate requests distributed to the plurality of client queues, and transmit the selected one or more certificate requests to a QoS queue of the certificate management service for processing.

Abstract: A remote computing device is provided including one or more processors, and a memory device including one or more computer-readable instructions. When executed by the one or more processors, the instructions cause the system to perform operations including receiving a validation request comprising a random data string from a secure computing device, in response to the validation request, generating a first check value based on the random data string and software installed on the remote computing device, and transmitting the first check value to the secure computing device. The secure computing device is configured to compare the first check value to a second check value that is generated using the random data string and an authentic copy of the software.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: A system for provisioning computerized devices of a plurality of tenants is provided. The system includes a security credential management system (SCMS) host connected to the devices and that is operable to receive provisioning requests from respective ones of the devices needing certificates, each provisioning request indicating a tenant identifier uniquely identifying a tenant, at least one registration authority that is communicatively connected to the SCMS host and transmits the provisioning requests to SCMS backend components based on the tenant identifier of each provisioning request.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, and a provisioning controller that is connected to the distributor computer and that determines whether the first authorizing condition is met, the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: A system can include a processor that can execute computer-readable instructions that include operations that include obtaining an authentic copy of the software of the remote computing device and sending a validation request comprising a random data string to the remote computing device. The operations can also include receiving a remote check value from the remote computing device, wherein the remote check value is generated by the remote computing device based on the random data string and the software on the remote computing device. Furthermore, the operations include computing a local check value based on the authentic copy of the software for the remote computing device and the random data string and determining whether the remote computing device has authentic software based on a comparison of the received remote check value and the local check value.

Abstract: A system includes a campaign management service to detect a campaign initiation request indicating a number of computerized devices to be updated for a campaign and store data corresponding to the computerized devices to be updated. The campaign management service can generate a filter data structure comprising hash values based on the data for each of the computerized devices to be updated and transmit the filter data structure to a network edge. The system can include the network edge that can use the filter data structure from the campaign management service to determine whether a computerized device is to obtain a device update from the campaign management service. The network edge can retrieve the device update and modify the computerized device by transmitting the device update to the computerized device, which then installs it.

Abstract: Systems, methods, and devices for securely provisioning a roadside unit (RSU) that includes an application certificate, wherein the RSU is geographically restricted according to the application certificate. An enhanced SCMS system may receive a request for an application certificate for the RSU; determine, in response to the request, an operating geolocation for the RSU; verify that the operating geolocation is within the allowed geo-region for the RSU; generate an application certificate that includes the operating geolocation; and provide the application certificate to the RSU device.

Abstract: A system includes a campaign management service to detect a campaign initiation request indicating a number of computerized devices to be updated for a campaign and store data corresponding to the computerized devices to be updated. The campaign management service can generate a bloom filter data structure comprising hash values based on the data for each of the computerized devices to be updated and transmit the bloom filter data structure to a network edge. The system can include the network edge that can use the bloom filter data structure from the campaign management service to determine whether a computerized device is to obtain a device update from the campaign management service. The network edge can retrieve the device update and modify the computerized device by transmitting the device update to the computerized device, which then installs it.

Abstract: Disclosed herein are systems, methods and devices system for identifying a misbehaving computerized device. In some implementations, the system includes a processor to perform operations including receiving, by the system, a report about a computerized device, wherein the report comprises a pseudonym certificate from the computerized device, and wherein the pseudonym certificate comprises a linkage value. The operations also include transmitting, by the system and to a cloaking authority device, a request for a cloak index, wherein the request for the cloak index comprises the linkage value from the pseudonym certificate from the computerized device. The operations also include receiving, by the system, the cloak index from the cloaking authority device, and determining, by the system and using the cloak index, that the computerized device is the misbehaving computerized device.

Abstract: Systems, methods and devices for provisioning a computerized device(s). The system may include a distributor computer that is connected to the computerized device, and is operable to receive a digital asset and transmit it to the device. The system may include a digital asset management server that is connected to the distributor computer, and is operable to transmit the digital asset to the distributor computer, and a provisioning controller that is connected to the distributor computer and the digital asset management server, and is operable to cause transmission of the digital asset to the distributor computer. The system can include a second distributor computer that is connected to the digital asset management server and the device (e.g., at a later time), and that receives a second digital asset and transmits it to the device, wherein the second digital asset causes the device to become partially or fully functional.

Abstract: An example system receives certificate requests from clients. Each request can indicate a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client identifier. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. The system can also transmit retrieved entries from the client queues to a certificate management service.