Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.

Systems and methods for providing an end-to-end verifiable proof of votes cast in elections are provided. An example method includes generating an authentication address associated with a voting ballot and generating a cast permission address associated with a cast permission record; storing the authentication address, the voting ballot, the cast permission address, and the cast permission record to a secure data storage; receiving a user input and providing a user interface featuring the voting ballot and enabling the voter to submit a cast vote record (CVR); generating a CVR address, generating a receipt for voting and a receipt address; generating a result record including a final result associated with the CVR and a CVR result address associated with the result record; and storing the receipt address, the receipt for voting, the CVR address, the CVR, the CVR result address, and the result record to the secure data storage.

Systems and methods for providing an end to end verification of an election run over a public network are disclosed. An example method includes generating, by an election management system (EMS), EMS private keys and EMS certificates; generating, by a security device (SD), an SD private key and an SD certificate, the SD private key and the SD certificate being generated based on a root private key; signing, by the SD, the EMS certificates using the SD private key; upon receiving, by the SD, node settings signed by EMS certificates; signing the node settings and generating, for each of nodes of an election data storage, a package including a node private key, a node certificate, the EMS certificates, and the SD certificate; upon receiving, by the SD, election data signed by EMS certificates, signing the election data and generating and signing tokens including election identifications and voter identifications.

Embodiments describe apparatuses, systems, and methods for analyzing digital certificates. A system may scan the internet to identify all publicly available digital certificates. The system may further determine external information for individual digital certificates that is not found within the digital certificate. The system may store the external information and internal information that is found within the digital certificates. The system may run one or more queries on the stored information to identify one or more vulnerable digital certificates among a set of digital certificates associated with a client. For example, the system may identify differences between the internal information and/or external information among the digital certificates of the set and/or may compare the internal information and/or external information for the digital certificates of the set to expected information. Other embodiments may be described and claimed.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

Example techniques for establishing trusted communication with container-based services are described. In an example, a digital certificate stored in a memory is injected from the memory into a container. The container is external to the memory. The digital certificate is usable to establish a trusted communication between a service deployed in the container and a software program.

Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.