Systems and methods for privileged remote access to Operational Technology (OT)/Internet of Things (IOT)/Industrial IOT (IIOT)/Industrial Control System (ICS) infrastructure, implemented in a cloud-based system. The method includes steps of, responsive to determining a user can access an application associated with the OT/IOT/IIOT/ICS infrastructure, determining the user's security and access policies and creating a session for the user; establishing a secure connection to the application via a lightweight connector connected to the application; and brokering a connection between the user's device and the application through the lightweight connector, enabling the user to interact with the application for the OT/IOT/IIOT/ICS infrastructure, based on the user's security and access policies.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48.

The present disclosure provides computing systems and techniques for providing a certificate to sue to securely connect to a server. More particularly, the present disclosure provides a computing device certificate rotation server arranged to provide certificates to the computing device for use by an application executing on the computing device to securely connect to a server.

Computer-readable media, systems and methods may improve security, authorization, and auditability of documents. For example, computer systems for serving documents may be improved to provide secure access and control through challenges that are validated with self-executing on-chain document license contracts that enforce entitlements that specify users and their authorized document actions. Such entitlements may be generated by the user who created the document. As such, a user may retain over authorizations and document actions that are permissible with respect to the document even after the user has transferred a copy of the document. Furthermore, the computer systems may be improved to write an on-chain audit log of document actions, providing an immutable record of the document actions.

The present invention provides a method for authenticating an end-user account associated with at least one cryptographic key stored in the form of a PKA object within a HSM, wherein the method comprises the following steps: creating a PKA object comprising authentication data, PKA-based user object, this authentication data at least comprising the log-in credentials of the end-user account, receiving, by the HSM, log-in credentials of the end-user account for retrieving and instantiating the PKA-based user object at session level, and authenticating, by the HSM, the PKA-based user object using a PKCS #11.

Embodiments decrypt or partially decrypt an encoded message or a private key, the encoded message or private key encoded by a public-key cryptography algorithm. Embodiments encode the public-key cryptography algorithm using a language of a program synthesizer and construct a grammar for the program synthesizer. Embodiments train the program synthesizer with training data comprising input-output pairs and execute the trained program synthesizer to generate a mathematical formula. Embodiments validate the generated mathematical formula and then perform the decrypting using the trained and validated program synthesizer.

A system and method for identity-based access admission are provided. The method includes generating in a browser of a client device a unique identity key for the browser, wherein the identity key is generated in an internal frame (iFrame) thread, is executed in a main thread of the browser, and wherein the identity key includes a fingerprint characterizing in part the browser and the client device, an internet protocol address of the client device, and a public-encryption key; and registering the identity key with an admission controller, wherein access to a protected entity by the client device is enforced using the identity key.

Various examples are directed to secure memory arrangements and methods of using the same. A gateway device of the secure computing system may receiving a first message from an external system. The first message may comprise a first message payload data and first asymmetric access data. The gateway device may determine that the first asymmetric access data matches the first message payload data based at least in part on an external system public key. The gateway device may access a first system controller symmetric key associated with a first system controller in communication with the gateway device and generate a first symmetric access data based at least in part on the first system controller symmetric key and the first message payload data. The gateway device may send the first message payload data and the first symmetric access data to the first system controller.

A method includes writing sets of encoded data slices to storage units of a storage network in accordance with error encoding parameters, where for a set of encoded data slices, the error encoding parameters include an error coding number and a decode threshold number, the error coding number indicates a number of encoded data slices that results when a data segment is encoded using an error encoding function and the decode threshold number indicates a minimum number needed to recover the data segment. The method further includes monitoring processing of the writing the sets of encoded data slices to produce write processing performance information. When the write processing performance information compares unfavorably to a desired write performance range, the method further includes adjusting at least one of the error coding number and the decode threshold number to produce adjusted error encoding parameters for writing subsequent encoded data slices.

A system for storing and managing secure information is disclosed that includes a secure identity and profiling system, which serves as a middleman between a user and an entity requesting personally identifiable information (PII) from the user. The system collects the PII from the user and stores it securely, such as in an alternate blockchain in an encrypted form. The location of the that PII within the alternate blockchain may be indexed using smart contracts in a main blockchain that can only be read with an access token generated and supplied by the user's mobile device. When an entity requests PII from the user that has already been collected and securely stored, the user can provide permission to release that PII by providing the access token. The system will use the access token to locate where the PII is stored and release the PII to the requesting entity.