A system comprising a processor and a computer readable memory coupled to the processor, the computer-readable memory comprising computer program code executable by the processor to generate create a self-signed certificate, create a second certificate using the set of certificate generation parameters, the second certificate linked to the self-signed certificate, store the self-signed certificate in a certificate store of a first web browser; and store the second certificate in a local server certificate store to allow a local service to use the second certificate in a handshake to establish a secure socket connection with the first web browser in compliance with a mixed content security policy of the first web browser.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax identification (ID), user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.

A method of forming and operating a computer network that has a login procedure including generating a login certificate authority, signing a certificate signing request for each of a hub computer and a login, and generating a signed certificate for each of the hub computer and the login. The login procedure initiates a secure server using the login certificate authority, and transmits a request for a new login to a cloud server. The cloud server generates and transmits a signed certificate to the hub computer, and then an app computer device connects to the hub computer to receive the signed certificate. The received signed certificate is hashed to obtain a hash value, which is verified using a hash value of the signed certificate from the cloud server. The app computer device transmits a request for login to the hub computer, and receives the login certificate to login.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

Example techniques for establishing trusted communication with container-based services are described. In an example, a digital certificate stored in a memory is injected from the memory into a container. The container is external to the memory. The digital certificate is usable to establish a trusted communication between a service deployed in the container and a software program.

Embodiments describe apparatuses, systems, and methods for analyzing digital certificates. A system may scan the internet to identify all publicly available digital certificates. The system may further determine external information for individual digital certificates that is not found within the digital certificate. The system may store the external information and internal information that is found within the digital certificates. The system may run one or more queries on the stored information to identify one or more vulnerable digital certificates among a set of digital certificates associated with a client. For example, the system may identify differences between the internal information and/or external information among the digital certificates of the set and/or may compare the internal information and/or external information for the digital certificates of the set to expected information. Other embodiments may be described and claimed.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax identification (ID), user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. A redirecting module redirects the self-signed certificate chain to an authentication server. The authentication server is also provided a user name, password and verifying computer address, which is stored in a password database by the authentication server, in association with the self-signed certificate. Subsequent communications intended for the verifying computer with the self-signed certificate are redirected to the authentication server, which looks up the associated user name and password and transmits the associated user name and password to the verifying computer.