Abstract: A method for providing a digital certificate to a device, comprises: receiving a device identification dataset, uniquely identifying the device; determining a key creation dataset including a certificate identifier, the certificate identifier being based on the device identification dataset; sending the key creation dataset to the device; receiving a certificate creation request related to a first domain name based on the key creation dataset from the device, the first domain name including the certificate identifier; sending the certificate creation request or a modified certificate creation request to a certificate authority; and providing the digital certificate to the device, the digital certificate being a wildcard certificate based on the first domain name signed by the certificate authority.

Abstract: An access control server may receive, from an access requester, an access request for accessing a protected autonomous program protocol stored on a blockchain. The access control server may analyze parameters related to the access requester to determine whether the access requester is authorized to access the protected autonomous program protocol. An access control server may generate a cryptographic signature associated with the access request. An access control autonomous protocol recorded on the blockchain may receive the cryptographic signature, verify the cryptographic signature, and store proof of authorization in association with the protected autonomous program protocol. The proof of authorization is accessible by the protected autonomous program protocol to verify that the access requester is authorized to access the protected autonomous program protocol.

Abstract: Methods and systems for selecting and executing optimal execution strategies for processes, wherein an optimal execution strategy may be selected from a plurality of execution strategies for example in a look-up table, based on specific process values.

Abstract: An example operation may include one or more of receiving, via a first blockchain peer, a request to verify an identity of a user, performing, via the first blockchain peer, an identity validation of the user via a know your customer (KYC) service provider of a blockchain network, determining whether a digital identity of the user has been previously stored by another blockchain peer on a blockchain of the blockchain network, in response to a determination that the digital identity of the user has not been stored on the blockchain, creating a non-fungible token (NFT) that identifies the user, and appending information about the identity validation of the user to a structure of the NFT and storing the NFT in a block of the blockchain.

Abstract: A method for selecting a consensus node in an apparatus for generating a blockchain includes reading a nonce from the nonce chain of a node, performing an operation on the read nonce and previous height information, and comparing the result of the operation with a reference value in order to select the node as a consensus node.

Abstract: Methods for securing an electronic communication is provided. In a registration process, an anti-phish, personalized, security token may be created and/or selected for a predetermined account. The token may be stored in a database at an enterprise location. An electronic communication may be generated at a third-party location on behalf of the enterprise. The communication may be forwarded from the third-party location to a recipient associated with the account. The communication may be intercepted at an edge server. The edge server may be located at the third-party location or the enterprise location. The edge server may be in communication with the database. The edge server may select, from the database, the anti-phish token that is associated with the account. The selected token may be injected into the communication. The communication with the token may be transmitted to the recipient.

Abstract: A blockchain that can be used to generate an immutable transaction history of data produced by the set of digital twins. In the case of an error or failure, parties of interest can then access and analyze an immutable record of data. The invention may be used in conjunction with the Bitcoin blockchain or another blockchain protocol.

Abstract: An authentication method for a user who has a hierarchical deterministic keys wallet including a path between the user's master private key and a private key specific to a smart contract, the path including a plurality of branches each carrying an index, the smart contract being univocally identified by one or several indices of branches followed by the path. The user can issue a transaction from an issuing account address, obtained by hashing the public key corresponding to the specific private key in an asymmetric cryptosystem, and can sign this transaction using the specific private key. The smart contract uses the signature to verify that the transaction was really issued from the issuing account address in question.

Abstract: Security is improved by adding a security heartbeat for and endpoint as a factor in a multi-factor authentication system. The security heartbeat may be used directly as an authentication factor, e.g., where the heartbeat provides a reliable and verifiable indication of identity, or the security heartbeat may be used as a gating input for some other verification method, e.g., where a text message with a temporary security code can only be transmitted to a user when the user's endpoint is providing a secure heartbeat.

Abstract: Security Association (SA) rekeying between two endpoints of a network, is achieved without resorting to a central entity and a separate key management protocol. A packet sent from a first peer to a second peer is modified to add extra data to signal the rekey procedure, and to include cryptographic material to provide a new common keying material, which will be used to create new SAs. Since the rekey procedure is a multi-stage procedure, the peers are assigned (initiator/responder) roles in order to transition from one stage to another. Rekeying may be initiated by a timer present at one of the peers. Embodiments allow network peers to autonomously rekey without the help of a central controller, and each peer can rekey with only N?1 of its peers.

Abstract: Presented here is a system to enable secure communication between a first and a second communicator on a communication channel. The system can use multiple rotating cryptographic keys that are rotating according to a predetermined schedule to encrypt the communication between the first and the second communicator. The system can record the authority associated with the communication channel on a block chain. To determine whether the first and the second communicator have the authority to access the communication channel, the system can compute the authority of the first and the second communicator by checking the block chain from an initial block to a last block. The system can encrypt multiple communications sent via the communication channel using the multiple rotating cryptographic keys and can send the communications via the communication channel.

Abstract: The present embodiments relate to a keystore service for encryption for a computing device of a cloud computing system. The computing device of the cloud computing system can receive a key identification, an encrypted key encryption key, an identity of a client device, and a request from the client device to store the key identification and the encrypted key identification key. The computing device can verify, based at least in part on the identity, an authority of the client device to store the key identification and encrypted key encryption key. The computing device can transmit, based at least in part on the verification, the key identification, the encrypted key encryption key, and request to store the key identification and the encrypted key encryption key to a keystore.

Abstract: A blockchain consensus method includes: on the basis of transaction data and a verifiable delay function, a node generating a target block, or synchronously acquiring a target block from other nodes; determining, from among multiple sub-blockchains, a target sub-blockchain based on information of a target block, and adding the target block to the target sub-blockchain; then, acquiring respective corresponding effective block sequences from the multiple sub-blockchains; performing global sorting on effective blocks on the basis of logic clocks respectively corresponding to acquired effective blocks, and acquiring a global blockchain. A global blockchain is acquired by using a means of multi-chain consensus, thereby improving the expandability and transaction throughput of a blockchain system in a large-scale open network environment.

Abstract: A method and system for certification of actor model messages stored in event stores utilizing traditional data storage combined with blockchain smart contracts is disclosed. The method and system do not rely solely on blockchain storage mechanisms, which are plagued with high latency, low throughput, and variable cryptocurrency transaction costs (particularly in the case of “public” blockchain networks). Instead, the method and system hybridizes traditional cloud-based storage methods with blockchain smart contract technology, enabling the storage, certification, and re-verification of high-volume data (i.e., large files). This hybridization may eliminate the need for cryptocurrency exchanges, in particular when leveraging a private blockchain network free of cryptocurrencies, which further promotes functionality at low, fixed cost.

Abstract: The invention relates to securing of a digital file content against forgery and falsifying, and particularly of digital data relating to its belonging to a specific batch of digital files, while allowing offline or online checking of the authenticity of a secured digital file and conformity of its digital data with respect to that of a genuine original digital file.

Abstract: Technologies for securely extending cloud service application programming interfaces (APIs) in a cloud service marketplace include a connector hub of a marketplace computing device communicatively coupled to a cloud service provider interface of a cloud service provider and a cloud service broker interface of a cloud service broker. The connector hub is configured to deploy an API connector instance in a connection factory of the marketplace computing device, transmit provider provisioning channel credentials to the API connector instance and the cloud service provider interface and transmit broker provisioning channel credentials to the API connector instance and the cloud service broker interface. The connector hub is additionally configured establish a provisioning channel between the cloud service provider interface and the cloud service broker interface. Additional embodiments are described herein.

Abstract: An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, includes: an interface configured to receive, from a first entity belonging to a second domain which is a certification authority (CA)-based PKI domain, a first certificate of the first entity and a second certificate of a second entity, wherein the second entity is an upper node of the first entity and is a node of a blockchain; a memory configured to store the first certificate and the second certificate; and a processor configured to look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate.

Abstract: A security system configured for deployment on a chip which is to be protected, the system comprising fault injection detection subsystem/s configured for deployment on the chip, each fault injection detection subsystem having plural sensitivity levels which are selectable in real time and comprising at least one hardware fault injection detector circuit/s, configured for deployment on the chip, and/or, coupled thereto, sensitivity level control logic which may be configured for deployment on the chip and which may be operative, in real time, to transition the fault injection detection subsystem, from its current sensitivity level from among said plural selectable sensitivity levels, to a next sensitivity level from among said plural selectable sensitivity levels, e.g. by generating sensitivity control signals (aka sensitivity level selections) and/or feeding the sensitivity control signals to at least one hardware fault injection detector in the subsystem.

Abstract: A method of modifying a data block of a data structure comprising a plurality of linked data blocks comprising: receiving a selection of said a data block comprising block data; creating modified block data; transmitting a request to a plurality of validator devices over a network, the request comprising a modification record and requesting permission to modify the data block in accordance with the modified block data; determining that consensus is reached by the plurality of validator devices that the data block can be modified in accordance with the modified block data; in response to the determining: modifying the data block in accordance with the modified block data; and adding a modification data block to the data structure, the modification data block comprising: the modification record and a cryptographic hash of a data block that precedes the modification data block after addition of the modification data block to the data structure.

Abstract: A safe system is able to execute remote maintenance reliably with respect to a process execution unit for executing a safety control in accordance with a safety program. This safety system includes: a process execution unit for executing a safety control in accordance with a safety program; a communication unit that is directly connected to the process execution unit and mediates external access to a safety program held in the process execution unit; and a support device that is connected via a network to the communication unit and, in accordance with a user operation, executes maintenance, including an addition or a change, with respect to the safety program. The support device and the communication unit identify each other by means of information that has been exchanged in advance, and exchange data required for maintenance.