Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.

Abstract: A request to access a destination device associated may be received from a user device. The request may comprise a digital certificate. The digital certificate may comprise a public key of the user device. A distributed ledger address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed ledger entry may be created on a distributed ledger. The distributed ledger entry may comprise the address of the user device. Based on the distributed ledger entry, access to the destination device may be granted to the user device.

Abstract: An active distributed ledger may comprise an indication of an inactive permission associated with a user device. An entry comprising such indication added to another distributed ledger that is supplemental to the active distributed ledger. An updated active distributed ledger may be generated that does not comprise the indication of the inactive permission. The updated active distributed ledger may comprise an indication of a new permission associated with the user device. The updated active distributed ledger may be stored on the user device or any other device on a network.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: A request to access a destination device associated may be received from a user device. The request may comprise a digital certificate. The digital certificate may comprise a public key of the user device. A distributed ledger address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed ledger entry may be created on a distributed ledger. The distributed ledger entry may comprise the address of the user device. Based on the distributed ledger entry, access to the destination device may be granted to the user device.

Abstract: Methods, systems, and apparatuses for network management are described. A network device may provide a network that is accessible using a network credential. An internet of things (IoT) device may be required to be configured or provisioned before joining the network. The IoT device may be associated with a scannable identifier. A user device may determine the scannable identifier and, based on the scannable identifier, provide provisioning credentials to the IoT device.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: An active distributed ledger may comprise an indication of an inactive permission associated with a user device. An entry comprising such indication added to another distributed ledger that is supplemental to the active distributed ledger. An updated active distributed ledger may be generated that does not comprise the indication of the inactive permission. The updated active distributed ledger may comprise an indication of a new permission associated with the user device. The updated active distributed ledger may be stored on the user device or any other device on a network.

Abstract: A method and system for managing device association and access is disclosed. Some embodiments may include receiving, from a user device, a request to access a network device. The request may include a public key of the user device. The request may include a digital certificate, wherein the digital certificate may include the public key of the user device. A distributed database address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed database entry may include the address of the user device. A distributed database entry may be generated. The distributed database entry may include the address of the user device. Based on the address of the user device, access to the network device may be granted to the user device.

Abstract: A method and system for managing device association and access is disclosed. Some embodiments may include receiving, from a user device, a request to access a network device. The request may include a public key of the user device. The request may include a digital certificate, wherein the digital certificate may include the public key of the user device. A distributed database address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed database entry may include the address of the user device. A distributed database entry may be generated. The distributed database entry may include the address of the user device. Based on the address of the user device, access to the network device may be granted to the user device.

Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.

Abstract: An active distributed ledger may comprise an indication of an inactive permission associated with a user device. An entry comprising such indication added to another distributed ledger that is supplemental to the active distributed ledger. An updated active distributed ledger may be generated that does not comprise the indication of the inactive permission. The updated active distributed ledger may comprise an indication of a new permission associated with the user device. The updated active distributed ledger may be stored on the user device or any other device on a network.

Abstract: Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.

Abstract: Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

Abstract: An active distributed ledger may comprise an indication of an inactive permission associated with a user device. An entry comprising such indication added to another distributed ledger that is supplemental to the active distributed ledger. An updated active distributed ledger may be generated that does not comprise the indication of the inactive permission. The updated active distributed ledger may comprise an indication of a new permission associated with the user device. The updated active distributed ledger may be stored on the user device or any other device on a network.

Abstract: Systems and methods are described for authorizing users and/or devices. An example method may comprise receiving, from a user device, a request to access a function associated with a service account. The request may comprise an identifier of the user device. The example method may comprise determining, based on the identifier, a primary authority holder of the service account. The example method may comprise determining that a first record on a first distributed ledger associated with the primary authority holder indicates that the user device is associated with the primary authority holder. The example method may comprise determining that a second record on a second distributed ledger associated with the user device indicates that the user device is associated with the primary authority holder. The example method may comprise granting, based on the request, the first record, and the second record, the user device access to the function.

Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.

Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.