A service consumer that utilizes a cloud-based access service provided by a service provider has associated therewith a network that is not capable of being controlled by the service provider. An enterprise connector is supported in this uncontrolled network, preferably as an appliance-based solution. According to this disclosure, the enterprise configures an appliance and then deploys it in the uncontrolled network. To this end, an appliance is required to proceed through a multi-stage approval protocol before it is accepted as a “connector” and is thus enabled for secure communication with the service provider. The multiple stages include a “first contact” (back to the service) stage, an undergoing approval stage, a re-generating identity material stage, and a final approved and configured stage. Unless the appliance passes through these stages, the appliance is not permitted to interact with the service as a connector. As an additional aspect, the service provides various protections for addressing scenarios wherein entities masquerade as approved appliances.

A system described herein provides for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a distributed ledger (e.g., “blockchain”) system with a fallback to a key escrow system. A first device may encrypt a communication using a first key, and output the encrypted communication to a second device. The first device may attempt to record a second key, that is associated with the first key, to the blockchain system, and may determine that the second key was not recorded to the blockchain system based on the attempt. The first device may output the second key to a third device based on determining that the second key was not recorded to the blockchain system. The second device may obtain the second key from the third device, and use the second key to decrypt the encrypted communication.

A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A blockchain system may be utilized in lieu of a key escrow system in the exchange and/or providing of public keys in a Diffie-Hellman key exchange technique or other type of technique in which public keys are provided from one entity to another. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key to a blockchain system for retrieval by one or more other entities. For example, the entities may be engaged in a secure messaging session, in which messages are encrypted and may be decrypted using one or more keys, including the public key.

A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key, along with a key identifier, to a blockchain system for retrieval by multiple other entities. For example, the entities may be engaged in a secure group communication session, in which communications are encrypted and may be decrypted using one or more keys, including the public key. The other entities may identify the public key, as recorded to the blockchain system, based on the key identifier. Participants may be added to or removed from the secure group communication session.

A mobile device and method are provided that allow for registering the mobile device using a machine readable optical label. The mobile device receives a machine readable optical label, such as a QR code or a bar code. The machine readable optical label includes authentication data and security information. The mobile device scans machine readable optical label to read the authentication data and the security information. The mobile device validates the machine readable optical label and generates certificate request, the certificate request digitally signed using the authentication data and the security information. The mobile device transmits the certificate signing request to a registration authority.

A system and method for an eSync bus protocol is provided. The eSync bus protocol uses a broker to route communications between electronic devices within an electronic environment, such as within a vehicle or the like. The electronic devices may first register with the broker, and thereafter send messages to the broker for routing to other registered electronic devices. In this way, the broker may as an intermediary to route communications using the eSync bus protocol. A multi-client architecture is also provided in which multiple domains may be defined by the functions performed by electronic devices within a respective domain.

Systems and methods for container orchestration security employ one or more processors that separate a lifecycle of one or more containers into a plurality of predefined container image lifecycle phases; segregates control of the plurality of predefined container image lifecycle phases into a plurality of control environments separately controlled by different enterprise control components isolated from one another. In addition, one or more external processors may generate one or more certificates that are based on the platform, state attributes and meta data for interaction of the container with one or more external nodes. The one or more processors may also control the promotion, update and deletion of container images between the plurality of lifecycle phases and registries in different control environments as well as between the enterprise registries and the plurality of other registries that are part of multiple external clouds.

Method and system for issuing public key infrastructure (PKI) certificates in a peer-to-peer wireless communication network, comprising generating, at a first certificate authority (CA) node in the peer-to-peer communication network, a PKI certificate based on public key information received from an applicant node in the peer-to-peer wireless communication network; and transmitting the PKI certificate generated by the first CA node to the applicant node using the peer-to-peer wireless communication network.

A system for enhanced public key infrastructure is provided. The system includes a computer device. The computer device is programmed to receive a digital certificate including a composite signature field including a plurality of signatures. The plurality of signatures includes at least a first signature and a second signature. The computer device is also programmed to retrieve, from the digital certificate, a first key associated with the first signature from the digital certificate. The computer device is further programmed to retrieve the first signature from the composite signature field. In addition, the at least one computer device is programmed to validate the first signature using the first key.