Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more textual descriptions and one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: A system is provided for controlling privacy in an exchange of an asset. The system receives an offer query of an offeror that includes an offeror reveal condition, an asset identifier of the asset, and offeror terms of exchange. The system accesses an offeree reveal condition and offeree terms of exchange for the asset. The system determines whether the offeror reveal condition and the offeree reveal condition are satisfied and determines whether the offeror terms of exchange and the offeree terms of exchange are satisfied. When the offeror reveal condition, the offeree reveal condition, the offeror terms of exchange, and the offeree terms of exchange are satisfied, the system reveals the offeror to the offeree and the offeree to the offeror.

Abstract: A method of provenance verification comprises providing a plurality of security devices, each security device being provided with a key set comprising: a secret key, and a plurality of shared keys, each shared key being derived by generating a hash of the secret key and a salt value that is specific to a pair consisting of said security device and another of the plurality of security devices. The method also comprises configuring each security device to: generate and/or receive one or more messages; and perform at least one cryptographic operation on the message or messages, and/or on data derived therefrom, using a respective secret key of the security device and/or one of said shared keys.

Abstract: Disclosed herein is a method of provisioning a message authentication protocol in a system of connected devices, the method comprising, by at least one of the connected devices: generating a private key and a public key; transmitting the public key to each other connected device; generating, by a sequence of hash operations using the private key, a hash tree, wherein each leaf node of the hash tree can have two or more values, each of the two or more values being associated with a respective nonce value, and wherein each leaf node has a hash computed from the concatenation of the respective nonce values; signing a root of the hash tree with the private key; and transmitting the root and the root signature to each other connected device.

Abstract: A system is provided for controlling privacy in an exchange of an asset. The system receives an offer query of an offeror that includes an offeror reveal condition, an asset identifier of the asset, and offeror terms of exchange. The system accesses an offeree reveal condition and offeree terms of exchange for the asset. The system determines whether the offeror reveal condition and the offeree reveal condition are satisfied and determines whether the offeror terms of exchange and the offeree terms of exchange are satisfied. When the offeror reveal condition, the offeree reveal condition, the offeror terms of exchange, and the offeree terms of exchange are satisfied, the system reveals the offeror to the offeree and the offeree to the offeror.

Abstract: A system is provided for controlling privacy in an exchange of an asset. The system receives an offer query of an offeror that includes an offeror reveal condition, an asset identifier of the asset, and offeror terms of exchange. The system accesses an offeree reveal condition and offeree terms of exchange for the asset. The system determines whether the offeror reveal condition and the offeree reveal condition are satisfied and determines whether the offeror terms of exchange and the offeree terms of exchange are satisfied. When the offeror reveal condition, the offeree reveal condition, the offeror terms of exchange, and the offeree terms of exchange are satisfied, the system reveals the offeror to the offeree and the offeree to the offeror.

Abstract: A system is provided for controlling privacy in an exchange of an asset. The system receives an offer query of an offeror that includes an offeror reveal condition, an asset identifier of the asset, and offeror terms of exchange. The system accesses an offeree reveal condition and offeree terms of exchange for the asset. The system determines whether the offeror reveal condition and the offeree reveal condition are satisfied and determines whether the offeror terms of exchange and the offeree terms of exchange are satisfied. When the offeror reveal condition, the offeree reveal condition, the offeror terms of exchange, and the offeree terms of exchange are satisfied, the system reveals the offeror to the offeree and the offeree to the offeror.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: A method for analysis of distributed device rule-sets for compliance with global policies includes enabling an administrator to specify a network topology with intercommunicating elements and parameters required to secure the intercommunication with access control elements of the network topology; establishing connections to the access controls elements to capture a snapshot configuration of device rule-sets of the access control elements; enabling the administrator to specify a set of global access constraints with reference to the access control elements; enabling the administrator to select between exhaustive analysis and statistical analysis; conducting the selected analysis to determine violations by the device rule-sets that fail to comply with the set of global access constraints, wherein statistical analysis quantitatively characterizes a level of compliance without conducting analysis of all potential network paths; and providing results of the selected analysis to the administrator through a graphic

Abstract: A method for analysis of distributed device rule-sets for compliance with global policies includes enabling an administrator to specify a network topology with intercommunicating elements and parameters required to secure the intercommunication with access control elements of the network topology; establishing connections to the access controls elements to capture a snapshot configuration of device rule-sets of the access control elements; enabling the administrator to specify a set of global access constraints with reference to the access control elements; enabling the administrator to select between exhaustive analysis and statistical analysis; conducting the selected analysis to determine violations by the device rule-sets that fail to comply with the set of global access constraints, wherein statistical analysis quantitatively characterizes a level of compliance without conducting analysis of all potential network paths; and providing results of the selected analysis to the administrator through a graphic