Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: A constrained device includes an exterior surface affixed with a public key associated with the constrained device. Alternatively, or in addition, the public key may be included in a container that stores the constrained device. The constrained device also includes memory, which stores a private key, wherein the private key corresponds to the public key that is affixed on the exterior surface of the constrained device. By displaying the public key on the constrained device, a system administrator may document the public key and related information about the device and its intended role in the network without requiring any human interface or any establishment of power or network at the installation site.

Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.

Abstract: In one example, an enrollment device, such as a smart phone with an enrollment application executing thereon, obtains in situ enrollment information from at least one or more target device of a plurality of target devices in a network. The enrollment device provides the in situ enrollment information that is obtained from the at least one target device, to a security management device, such as a public key certificate generator (e.g., a certification authority) for the network, to facilitate target device configuration certificate generation for the at least one target device. The security management device uses the in situ enrollment information and other device specific information as well as operational information that is desired for a device, and issues a configuration certificate for the at least one target device. A system and methods are also set forth.

Abstract: A constrained device includes an exterior surface affixed with a public key associated with the constrained device. Alternatively, or in addition, the public key may be included in a container that stores the constrained device. The constrained device also includes memory, which stores a private key, wherein the private key corresponds to the public key that is affixed on the exterior surface of the constrained device. By displaying the public key on the constrained device, a system administrator may document the public key and related information about the device and its intended role in the network without requiring any human interface or any establishment of power or network at the installation site.

Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.

Abstract: A constrained device includes an exterior surface affixed with a public key associated with the constrained device. Alternatively, or in addition, the public key may be included in a container that stores the constrained device. The constrained device also includes memory, which stores a private key, wherein the private key corresponds to the public key that is affixed on the exterior surface of the constrained device. By displaying the public key on the constrained device, a system administrator may document the public key and related information about the device and its intended role in the network without requiring any human interface or any establishment of power or network at the installation site.

Abstract: In one example, an enrollment device, such as a smart phone with an enrollment application executing thereon, obtains in situ enrollment information from at least one or more target device of a plurality of target devices in a network. The enrollment device provides the in situ enrollment information that is obtained from the at least one target device, to a security management device, such as a public key certificate generator (e.g., a certification authority) for the network, to facilitate target device configuration certificate generation for the at least one target device. The security management device uses the in situ enrollment information and other device specific information as well as operational information that is desired for a device, and issues a configuration certificate for the at least one target device. A system and methods are also set forth.