Systems, computer program products, and methods are described herein for the generating and tracking linked electronic digital certificates. The present invention may be configured to generate a first electronic digital certificate having first properties and being associated with a first artifact owned by a first group of users, store the first electronic digital certificate, and record first interests of the first group of users in the first electronic digital certificate. The present invention may be configured to receive a request from a second group of users to generate a second electronic digital certificate, where the request includes a subset of the first properties for generation in the second electronic digital certificate. The present invention may be configured to generate the second electronic digital certificate, record second interests of the second group of users in the second electronic digital certificate, and link the first interests and the second interests.

Systems, computer program products, and methods are described herein for the divergent distribution of electronic digital certificates. The present invention may be configured to generate an electronic digital certificate associated with an artifact, store the electronic digital certificate on a distributed ledger, and record, on the distributed ledger, an interest of the user in the electronic digital certificate. The present invention may be configured to receive a request from the user to divide ownership of the electronic digital certificate amongst a group of users. The present invention may be configured to determine shares in the electronic digital certificate by determining for each user of the group of users a share of the shares. The present invention may be configured to record, on the distributed ledger and based on the shares, interests of the group of users in the electronic digital certificate.

Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

A method and apparatus for using a dynamic security certificate. The method analyzes a browser to access browser information and generates a dynamic security certificate based on the browser information. The method modifies a configuration file for the browser to cause the browser to trust the dynamic security certificate and inserts the dynamic security certificate into the browser to enable a client application to access encrypted data available to the browser. The method may be performed solely upon a user device or have portions thereof performed by a user device and a server.

The techniques herein are directed generally to a zero-knowledge data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the dataall without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Methods and systems for securing a data connection for communicating between two end-points are described herein. One of the end-points may be a server and the other of the end-points may be a client that wants to communicate with the server. The data connection may be secured based on a previously-established secure connection and/or a self-signed or self-issued certificate. In some variations, by using the previously-established secure connection and/or a self-signed or self-issued certificate, the secure communication between the server and the client may be conducted without using a third-party authentication service and without requiring a third-party CA to issue a certificate for the server.

Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server.

Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server.

It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.

An information processing apparatus information processing apparatus capable of setting proper identifying information for identifying the information processing apparatus, and performing SSL communication. The information processing apparatus is capable of performing SSL communication and issuing a certificate. A CPU of the apparatus receives a request for acquiring a Web page for use in issuing the Web page. The CPU acquires identification information of the apparatus from the request received from the client. The CPU generates the Web page which is for use in issuing the certificate and in which the identification information of the apparatus is set. The CPU transmits the generated Web page to the client as a response to the request.