In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.

Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax ID, user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

Systems and methods for detecting misuse of devices comprising: receiving, from a device, a message comprising a first hash of device data that is indicative of a current device location and usage; generating a second hash of stored data, the stored data being based on an expected location and usage associated with the device; comparing the first and second hashes; and when the first and second hashes do not match, generating an alert.

One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

A cryptographic communication system includes an electronic device configured to output a certificate and a transaction including a first hash value in which a certificate is hashed certificate, and a node configured to first determine whether the electronic device generated the transaction based on the transaction and the certificate, to second determine whether information included in the transaction and information included in the certificate coincide, and to third add a block to a distributed ledger depending on the result of the first determining and the second determining. The block includes the transaction, and the electronic device is configured to generate the certificate such that the certificate includes an ID of the electronic device and a public key of the electronic device.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

Among other things, embodiments of the present disclosure are directed to providing authorization code management for published static applications. Other embodiments may be described and/or claimed.

Certain aspects and features provide an automated process for a server switching from a self-signed digital certificate to a digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines if it is using a self-signed digital certificate. If so, the server automatically creates and sends a certificate signing request, receives a CA-signed digital certificate, and replaces the self-signed digital certificate in its key store with the CA-signed digital certificate. The server then includes the new, CA-signed digital certificate in the server hello message sent back to the client to establish the encrypted communication session.