A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

A public key infrastructure (PKI) ecosystem includes a first organization computer system having a first processor, a first memory, and a first organization process including instructions that are (i) encoded in the first memory, and (ii) executable by the first processor. The ecosystem further includes a second organization computer system having a second processor and a second memory, a digital ledger, and domain name system security extensions (DNSSEC). When executed, the first instructions cause the first processor to create at least one public/private PKI keypair for a first domain name, in the DNSSEC, register the first domain name and create a certificate authority (CA), register the CA in the blockchain, using the CA, create a certificate for a first entity, register the certificate in the blockchain and/or the DNSSEC, and assert, to the second organization computer system, trust in the first entity based on the registered certificate.

A method for remote attestation includes establishing, using a cryptographic protocol, a communication session between a first computing device and a second computing device. The communication session includes communications encrypted by an ephemeral session key. The method includes receiving, at the first communication device via the communication session, from the second computing device, an attestation request requesting the first computing device to provide an attestation report. The method includes generating, by the first computing device, the attestation report based on the ephemeral session key and sending, using the communication session, the attestation report to the second computing device.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

A trust management system is provided for a network communication ecosystem having a plurality of participating entities. The trust management system includes a trust specification engine configured to define and manage trust relationships between a first entity and a second entity of the plurality of participating entities, a trust analysis engine configured to process the results of a trust query from the first entity to the second entity, a trust evaluation engine configured to evaluate the trust relationships managed by the trust specification engine, and a trust monitor configured to (i) monitor one or more trust triggers occurring relevant to at least one of the first and second entities, and (2) update a trust relationship between the first and second entities based on one or more monitored trust triggers.

A system and method for managing a plurality of network-enabled client devices such as Internet of Things (IoT) and smart devices employs a distributed ledger or blockchain to store security-related information for each client device. Access to the distributed ledger is provided through a proxy computing system that is configured to exchange security-related messages with the client devices over a first communication path, which may be over a public network; and to engage in transactions with or query the distributed ledger on behalf of the client devices over a second communication path, which is a private channel Vendible data published by the client devices may be routed by the proxy computing system to a data broker or publishing system in a manner that removes identifying information from the vendible data.

Systems and methods for PKI certificate and key allocations to wireless base station radio units are provided. In one embodiment, a system for obtaining PKI credentials for a remote unit for a wireless base station, the system comprises: a remote unit, the remote unit configured to implement a radio frequency (RF) interface; a gateway coupled to the remote unit, the gateway communicatively coupled to an online provision service (OPS) certificate authority (CA); wherein the gateway is configured to generate an AuthToken unique to the remote unit, wherein the remote unit is configured to request a RU digital certificate and private key from an OPS CA based on the AuthToken.

A digital media data management system in the field of software solutions deployed to an apparatus satisfying the specific hardware requirements. The system's purpose is to register, process, store and transfer data (mostly media). More specifically, the system comprises custom embedded firmware—the media server encapsulating the complete cycle of registration, processing (pre- and post-), storing in a permanent memory and transferring of data over networks, using for these purposes the proprietary implementations of the software-defined data storage service and the custom data streaming technique. Later

Method for authenticating a first and a second electronic devices associated through a communication line includes: creating a unique ID, by a third electronic device; transmitting the unique ID to the first electronic device; signing the transmitted unique ID by the first electronic device; transmitting the signed unique ID to the second electronic device, by the first electronic device; signing the transmitted signed unique ID by the second electronic device; transmitting the unique ID signed by the first and second electronic devices to the third electronic device; verifying and accepting the unique ID signed by the first device and the second device, by the third device; issuing a certificate for a secure communication line between the first electronic device and the second electronic device; and transmitting the certificate to the first electronic device and the second electronic device.