The present invention relates to a method (500) performed at an IP network node for IPSec establishment with other IP network nodes in a network. The method comprises collecting (S1) information about the other IP network nodes in the network using a dynamic routing protocol, the information comprising an IP address associated with the respective other IP network node, and establishing (S2) an IPSec relationship with a predetermined set of the other IP network nodes in the network based on the collected information and based on Internet Key Exchange (IKE) using a certification protocol and the identity of the IP network node, wherein the identity of the IP network node is determined by a pre-stored node certificate.

Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Systems, computer program products, and methods are described herein for the convergent distribution of electronic digital certificates. The present invention may be configured to generate electronic digital certificates associated with artifacts, store the electronic digital certificates on a distributed ledger, and record, on the distributed ledger, interests of the users in the electronic digital certificates. The present invention may be configured to receive a request from at least one user of the group of users to combine ownership of the electronic digital certificates. The present invention may be configured to generate, based on the request and based on the electronic digital certificates, a combined electronic digital certificate. The present invention may be configured to store the combined electronic digital certificate on the distributed ledger.

Methods and systems for configuring a network are disclosed. An example method can comprise receiving a first token and an encryption key from a first device. A second token can be received from a second device. A determination can be made as to whether the first token matches the second token. Configuration information can be provided to the second device if the second token matches the first token. The configuration information can comprise information for connecting to a proxy configured on the first device. A request for content can be received from the proxy on behalf of the second device. The request for content can comprise the encryption key.

An approach is disclosed for registering and authenticating Internet of things (IoT) devices. In one embodiment, an installation device receives, from an IoT device, an identifier (ID) and a hash of a public key, where the IoT device itself generates the ID, the public key, and a private key. To register the IoT device, a blockchain wallet in the installation devices generates a blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS). The hash of the public key may then be retrieved from the NVS and used in authentication of the IoT device to other IoT devices or servers, among other things.

Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device.

Methods and apparatus to facilitate certificate and trust management across a distributed environment are disclosed. An example apparatus includes a first virtual appliance including a first management endpoint and a first authentication provider including a first certificate validator, the first certificate validator to validate that a first certificate received by the first authentication provider is authentic, virtual appliance to communicate the first certificate via the first management endpoint; and a first component server including a first management agent and a first certificate evaluator, the first management agent to communicate with the first virtual appliance via the first management endpoint, the first management agent to receive the first certificate via the first management endpoint, the first certificate evaluator to evaluate the first certificate to determine a signing authority, the first management agent to restart the first component server and notify the first virtual appliance of acceptance of the first certificate.

An apparatus comprising: a requester configured to request a certificate comprising at least one identifier associated with the apparatus from at least one network node; a first receiver configured to receive the certificate from the at least one network node; and a forwarder configured to forward the certificate to at least one further apparatus; a second receiver configured to receive a further certificate from the further apparatus, the further certificate comprising at least one further identifier associated with the further apparatus; and an authenticated configured to authenticate the further apparatus based on the further certificate.

A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices.