Abstract: A system for offline generation of digital assets includes: a security credential management system (SCMS) that is operable to generate and conditionally transmit digital assets; and a certificate authority communicatively connected to the SCMS by a communication network, the certificate authority being operable to receive the digital assets from the SCMS. The certificate authority is operable to securely provision a plurality of computerized devices based on the received digital assets, the certificate authority intermittently connects to the SCMS to receive the digital assets, the certificate authority is operable to securely provision the plurality of computerized devices while disconnected from the SCMS, and the provisioning by the certificate authority while disconnected from the SCMS is limited by a policy associated with the certificate authority.

Abstract: A system for offline generation of digital assets includes: a security credential management system (SCMS) that is operable to generate and conditionally transmit digital assets; and a certificate authority communicatively connected to the SCMS by a communication network, the certificate authority being operable to receive the digital assets from the SCMS. The certificate authority is operable to securely provision a plurality of computerized devices based on the received digital assets, the certificate authority intermittently connects to the SCMS to receive the digital assets, the certificate authority is operable to securely provision the plurality of computerized devices while disconnected from the SCMS, and the provisioning by the certificate authority while disconnected from the SCMS is limited by a policy associated with the certificate authority.

Abstract: A system for securely accessing a target computer using high entropy security information stored in a password manager including a user computer configured to execute instructions to perform operations including receiving password manager access information and a retrieval key, accessing the password manager using the password manager access information, receiving the high entropy security information provided by a generator computer, storing the high entropy security information in the password manager, in association with the retrieval key, supplying the retrieval key to retrieve the high entropy security information that was stored in the password manager, and providing the high entropy security information. The target computer receives the high entropy security information provided by the user computer, and provides access to the target computer when the high entropy security information is verified.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run a certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service is provided. The system includes an application programming interface (API) operable to receive certificate requests from each of a plurality of clients, each certificate request including a client identifier, a QoS manager operable to distribute the certificate requests to a corresponding client queue of a plurality of client queues based on the client identifier, select, based on at least one of a workflow and a client priority level, one or more of the certificate requests distributed to the plurality of client queues, and transmit the selected one or more certificate requests to a QoS queue of the certificate management service for processing.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, and a provisioning controller that is connected to the distributor computer and that determines whether the first authorizing condition is met, the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, and a provisioning controller that is connected to the distributor computer and that determines whether the first authorizing condition is met, the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: Systems, methods, and devices for securely provisioning a roadside unit (RSU) that includes an application certificate, wherein the RSU is geographically restricted according to the application certificate. An enhanced SCMS system may receive a request for an application certificate for the RSU; determine, in response to the request, an operating geolocation for the RSU; verify that the operating geolocation is within the allowed geo-region for the RSU; generate an application certificate that includes the operating geolocation; and provide the application certificate to the RSU device.

Abstract: A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service is provided. The system includes an application programming interface (API) operable to receive certificate requests from each of a plurality of clients, each certificate request including a client identifier, a QoS manager operable to distribute the certificate requests to a corresponding client queue of a plurality of client queues based on the client identifier, select, based on at least one of a workflow and a client priority level, one or more of the certificate requests distributed to the plurality of client queues, and transmit the selected one or more certificate requests to a QoS queue of the certificate management service for processing.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.