A system comprising a processor and a computer readable memory coupled to the processor, the computer-readable memory comprising computer program code executable by the processor to generate create a self-signed certificate, create a second certificate using the set of certificate generation parameters, the second certificate linked to the self-signed certificate, store the self-signed certificate in a certificate store of a first web browser; and store the second certificate in a local server certificate store to allow a local service to use the second certificate in a handshake to establish a secure socket connection with the first web browser in compliance with a mixed content security policy of the first web browser.

A cryptographic communication system includes an electronic device configured to output a certificate and a transaction including a first hash value in which a certificate is hashed certificate, and a node configured to first determine whether the electronic device generated the transaction based on the transaction and the certificate, to second determine whether information included in the transaction and information included in the certificate coincide, and to third add a block to a distributed ledger depending on the result of the first determining and the second determining. The block includes the transaction, and the electronic device is configured to generate the certificate such that the certificate includes an ID of the electronic device and a public key of the electronic device.

Systems and methods for detecting misuse of devices comprising: receiving, from a device, a message comprising a first hash of device data that is indicative of a current device location and usage; generating a second hash of stored data, the stored data being based on an expected location and usage associated with the device; comparing the first and second hashes; and when the first and second hashes do not match, generating an alert.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

A system and method for of providing secure communication between a client device having a non-volatile read only memory and a first server is disclosed. One embodiment is evidenced by a method that comprises determining if a generation of a certificate is complete, the certificate generated in the client device and having a public key generated from a private key, providing the generated certificate to the first server to authenticate the client device if the generation of the certificate is complete, and retrieving a fallback certificate from the non-volatile read only memory and providing the fallback certificate to the first server to ephemerally authenticate the client device until the generated certificate is provided to the first server if the generation of the certificate is not complete.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

The invention relates to a method for certifying an application-specific cryptographic key in a certificate exchange service (30), comprising: receiving (130) a cryptographic attestation certificate (22) for an application-specific public key from an application (20) in an apparatus (10); checking (34; 136) the validity of the attestation certificate (22); and, if the attestation certificate (22) has been recognized as valid, comparing (34; 138) at least some information that has been extracted from the attestation certificate (22) with predefined reference information, and if the comparison reveals that a new certificate should be created, forming (36; 140) a new application-specific certificate (24) that comprises at least the application-specific public key extracted from the attestation certificate (22) and at least some of the information from the attestation certificate; transmitting (150) the new application-specific certificate (24) to the application (20), and to a method for requesting such certification.

Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.