Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.

Abstract: In representative embodiments, architectures to improve security through use of an anomaly score are disclosed. A set of cryptographic key material is used to create a model based on a dimensionality reduction and a density estimation that captures the expected behavior of the set of cryptographic key material. An anomaly score for presented cryptographic key material is calculated based on the model. The anomaly score represents the divergence from expectations for the presented cryptographic key material. The anomaly score can be used by a relying system to determine whether to trust the presented cryptographic key material. In this way, cryptographic key material that is valid can be tested to determine whether the cryptographic key material should be trusted even though it is valid.

Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.

Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.

Abstract: In representative embodiments, a system and method to recommend improvements to a security reliance score is illustrated. Individual cryptographic key material has an associated security reliance score that is calculated based on attributes of associated with the cryptographic key material. The system identifies an improvement goal and evaluates a selected cross-section of key material and their associated scores. Based on the evaluation, the system creates an exemplary model having attributes to use as the basis of improvement. This model is then used to calculate improvement potential for a selected cross-section of scores by calculating the improvement that would occur if changes were made in the selected cross-section to match the model. Based on the improvement potential, the system can then automatically initiate action(s) to improve scores or present options for action(s) to a user for selection and initiation.

Abstract: In representative embodiments, a system and method to recommend improvements to regulatory compliance is illustrated. Regulations are mapped to attributes of cryptographic key materials. Individual cryptographic key material has an associated security reliance score that is calculated based on attributes of associated with the cryptographic key material. The system identifies an improvement goal related to regulatory compliance and evaluates a selected cross-section of key material, their associated scores and regulatory compliance. Based on the evaluation, the system creates an exemplary model having attributes to use as the basis of improvement. This model is then used to calculate improvement potential for a selected cross-section of scores. Based on the improvement potential, the system can then automatically initiate action(s) to improve scores or present options for action(s) to a user for selection and initiation.

Abstract: In representative embodiments, architectures to improve security through use of an anomaly score are disclosed. A set of cryptographic key material is used to create a model based on a dimensionality reduction and a density estimation that captures the expected behavior of the set of cryptographic key material. An anomaly score for presented cryptographic key material is calculated based on the model. The anomaly score represents the divergence from expectations for the presented cryptographic key material. The anomaly score can be used by a relying system to determine whether to trust the presented cryptographic key material. In this way, cryptographic key material that is valid can be tested to determine whether the cryptographic key material should be trusted even though it is valid.

Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.

Abstract: In representative embodiments, a system and method to calculate a security reliance score is illustrated. The security reliance score is calculated from an aggregation of property sub-scores. The property sub-scores are, in turn, based on scores for attributes that make up the properties. A learning model is employed to adjust scores over time based on collected information. Additionally, statistical sampling can adjust scores based on context, including geo-location context. Security reliance scores can be used to identify weaknesses that should be fixed in cryptographic material and/or configurations. The system can also make recommendations for changes that will have the biggest impact on security reliance scores. Additional uses are also identified.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a system and method to calculate a security reliance score is illustrated. The security reliance score is calculated from an aggregation of property sub-scores. The property sub-scores are, in turn, based on scores for attributes that make up the properties. A learning model is employed to adjust scores over time based on collected information. Additionally, statistical sampling can adjust scores based on context, including geo-location context. Security reliance scores can be used to identify weaknesses that should be fixed in cryptographic material and/or configurations. The system can also make recommendations for changes that will have the biggest impact on security reliance scores. Additional uses are also identified.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a system and method to recommend improvements to a security reliance score is illustrated. Individual cryptographic key material has an associated security reliance score that is calculated based on attributes of associated with the cryptographic key material. The system identifies an improvement goal and evaluates a selected cross-section of key material and their associated scores. Based on the evaluation, the system creates an exemplary model having attributes to use as the basis of improvement. This model is then used to calculate improvement potential for a selected cross-section of scores by calculating the improvement that would occur if changes were made in the selected cross-section to match the model. Based on the improvement potential, the system can then automatically initiate action(s) to improve scores or present options for action(s) to a user for selection and initiation.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.