Methods and systems for configuring a network are disclosed. An example method can comprise receiving a first token and an encryption key from a first device. A second token can be received from a second device. A determination can be made as to whether the first token matches the second token. Configuration information can be provided to the second device if the second token matches the first token. The configuration information can comprise information for connecting to a proxy configured on the first device. A request for content can be received from the proxy on behalf of the second device. The request for content can comprise the encryption key.

A method for controlling access to data being processed by a remote computing resource includes issuing a public encryption key for a data creator from a public certificate authority, detecting an encounter with a data owner, creating private encryption keys for the data creator and the data owner in response to detecting the encounter, encrypting data being sent to the remote computing resource with the public encryption key, the data creator's private encryption key, and the data owner's private encryption key, decrypting the data based on public verification of the public encryption key and local verification of the data creator's private encryption key and the data owner's private encryption key at the remote computing resource, and controlling the data creator's access to the data by altering the permission of at least one of the public encryption key and data creator's private encryption key.

Systems, computer program products, and methods are described herein for the generating and tracking linked electronic digital certificates. The present invention may be configured to generate a first electronic digital certificate having first properties and being associated with a first artifact owned by a first group of users, store the first electronic digital certificate, and record first interests of the first group of users in the first electronic digital certificate. The present invention may be configured to receive a request from a second group of users to generate a second electronic digital certificate, where the request includes a subset of the first properties for generation in the second electronic digital certificate. The present invention may be configured to generate the second electronic digital certificate, record second interests of the second group of users in the second electronic digital certificate, and link the first interests and the second interests.

A Qualified Electronic Signature (QES) system configured to exchange data with first processing means of the requester configured to allow a requester to generate requests requesting a qualified electronic signature through said system to a recipient. The system comprises second processing means of the recipient configured to allow the recipient of the request to sign with his qualified electronic signature. Said second processing means comprise a mobile processing terminal for qualified electronic signature of mobile type, adapted to receive request messages at least on a wireless network able to address said messages, through proximity or remote communications, on the basis of at least one terminal identifier of said mobile processing terminal to said user recipient; said second processing means are adapted to send qualified electronic signature at least on a wireless network suitable for proximity or remote communications in order to verify the signature of the recipient through said system and perform the request.

A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

The infrastructure according to the invention includes: a proprietary TOIP system including a call server connected to the network, integrating a certification module able to certify an IP telephone; an external certification architecture able to certify the certification module of the call server; an EAP-TLS authentication system including a RADIUS server and a directory server, the RADIUS server including a rule for verifying certificates consisting of verifying the entire certification chain formed by the certification of the IP telephone by the certification module of the call server and the certification of the certification module of the call server by the external certification architecture, the directory server including a user account for each IP telephone authorized to access the network and a match table associating a signature of the certificate of the corresponding IP telephone with each username of a user account.

An improved method and system for digital rights management is described.

Gateway devices maintain presence information for various mobile devices. Each gateway is associated with a zone and manages presence information only for mobile devices associated with that zone. Courier devices back-propagate presence information for the mobile devices to respective gateways based at least on the respective zone associated with each mobile device. The gateways and couriers are dynamically configured such that messages can be pushed from a provider application to a mobile device via any gateway and any courier.

The techniques herein are directed generally to a zero-knowledge data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the dataall without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices.