Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: Provided herein are a method, a device, and a computer-readable medium operable to perform a method of automatically admitting a device to a network. The method can include receiving, from the one or more authorized devices in the network, first data that is associated with one or more sensing modalities, wherein the one or more sensing modalities are detected by the one or more of the one or more of the authorized devices during a defined time window; identifying a new device to be admitted to the network; constructing a time sequence of proximity events of the new device, within the defined time window, based on the first data; determining that the time sequence of the proximity events matches an expected time sequence of expected of proximity events; and admitting the new device to the network based on the determining.

Abstract: In one embodiment, a delegation engine automatically provisions a device connected to a network to securely identify and interact with external services. As a device boots in a deployment environment, the delegation engine generates a search domain name based on a manufacturer-supplied domain name and a domain name associated with the deployment environment. The delegation engine then searches a Domain Name System (DNS) to retrieve a delegation record stored at the search domain name. After verifying a manufacturer signature associated with the delegation record, the delegation engine configures the device based on service discovery information included in the delegation record. Because the delegation engine automates the provisioning process, the time required to provision devices is acceptable irrespective of the number of the devices. Further, because the delegation engine verifies the delegation record, the delegation engine does not expose the device to security risks during the provisioning process.

Abstract: Provided herein are a method, a device, and a computer-readable medium operable to perform a method of automatically admitting a device to a network. The method can include receiving, from the one or more authorized devices in the network, first data that is associated with one or more sensing modalities, wherein the one or more sensing modalities are detected by the one or more of the one or more of the authorized devices during a defined time window; identifying a new device to be admitted to the network; constructing a time sequence of proximity events of the new device, within the defined time window, based on the first data; determining that the time sequence of the proximity events matches an expected time sequence of expected of proximity events; and admitting the new device to the network based on the determining.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: Provided a method for creating a searchable registry based on a ontology for IoT devices and associated data feeds. The method can include registering a IoT device and its associated data feed in a record with a searchable registry; creating relationships between IoT devices and associated data feeds; associating the records with one or more ontology terms of a hierarchical ontology describing a characteristic of the IoT device, the associated data, the relationships or all of them; and providing a response to a request of an IoT device based on the mapping.

Abstract: Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.

Abstract: Provided is a method for subscribing to a data feed from an internet of things (“IoT”) device. The method comprises obtaining, by a subscribe application program interface (“API”) of a container, a subscription request to subscribe to the data feed from a requestor, wherein the container is operable to provide one or more services to an internet of things (“IoT”) device through one or more application programming interfaces (“APIs”), wherein subscription request is associated with data stored in one or more domain name system (“DNS”) records; determining that the subscription request is permissible based on a list of approved requestors; and providing the data feed to the requestor, wherein the requestor is another container or another IoT device.

Abstract: This disclosure includes, for example, methods and computer systems for providing audio-activated resource access for user devices. The computer systems may store instructions to cause the processor to perform operations, comprising capturing audio at a user device. The operations may also comprise using a speaker recognition system to identify a speaker in the transmitted audio and/or using a speech-to-text converter to identify text in the captured audio. The speaker identity or a condensed version of the speaker identity or other metadata along with the speaker identity may be transmitted to a server system to determine a corresponding speaker identity entry. The operations may also comprise receiving a resource corresponding to the identified speaker entry in the server system.

Abstract: An Information and Application Distribution System (IADS) is disclosed. The IADS operates, in one embodiment, to distribute, initiate and allow interaction and communication within like-minded communities. Application distribution occurs through the transmission and receipt of an “invitation application” which contains both a message component and an executable component to enable multiple users to connect within a specific community. The application object includes functionality which allows the user's local computer to automatically set up a user interface to connect with a central controller which facilitates interaction and introduction between and among users.