A security system used by an organization maintains a PKI used for issuing digital certificates (hereinafter for brevity also referred to simply as “certificates”) and provides the PKI to the organization as a network service. In order to simplify the use of the PKI for purposes such as obtaining certificates, the security system additionally provides a mechanism for using a designated flow protocol to interface with whichever MDMs the organization uses. This mechanism permits administrators or other users to provision certificates to their organization's client devices with just a few actions within a user interface.

This invention relates generally to distributed ledger technology (including blockchain related technologies), particularly a method and corresponding system for providing a blockchain transaction comprising a redeem script for an output that comprises: i) a plurality of public keys, each associated with a corresponding private key, wherein each public key is uniquely associated with a potential state of at least one data source; and ii) logic arranged to provide a result based on: A) a determination of which of the plurality of associated private key(s) is/are used to sign the unlocking script, so as to provide an interim result: and B) a comparison of a parameter supplied via the unlocking script against the interim result, and further attempting to spend the transaction output more than once, each attempt supplying a different parameter.

A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and a second encryption key. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key and the second encryption key. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.

Metering automation controller functionality includes accessing a project code that defines one or more operations of an industrial automation controller, analyzing the project code to identify one or more capabilities of the industrial automation controller that are utilized by the one or more operations, generating a file indicative of the one or more capabilities of the industrial automation controller, transmitting the file to a server that generates a certificate for authorizing the industrial automation controller to execute the project code, receiving the certificate from the server that identifies the file and an authorization for the industrial automation controller to execute the project code to perform the one or more operations, and transmitting the project code, the file, and the certificate to the industrial automation controller for execution.

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Visually enrolling a camera using an optical code and a picture file, including: receiving the picture file and the optical code from the camera, wherein the optical code includes a public key of the camera; generating a visual challenge using a nonce created by a random number generator; transmitting the visual challenge to a user of the camera to capture the visual challenge; receiving the captured visual challenge from the camera; extracting a response from the captured visual challenge; comparing the response to the nonce to verify a signature of the captured visual challenge using the public key of the camera and to convert the optical code received from the camera into a valid certificate; and enrolling the camera and adding the valid certificate to a key store.

Systems and Methods are disclosed for real-time decryption of a health registry-issued certificate for signaling a user vaccination and/or test status on a user device comprising the steps of: coupling a first user mobile device to a health registry for real-time decryption of a health registry-issued health certificate over a network; outputting on the first user mobile device at least one of an audible output, visual output, vibrational output, and/or textual output based on a pre-defined signaling protocol to signal a user vaccination status based on a token derived from the real-time decrypted health certificate; and decoding a device identifier/tag or token from the first user mobile device by a second user mobile device, fixed access device, or hand-held scanner, signaling to a second user a first user vaccination status based on a pre-defined signaling protocol and the tag/token.

A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

To manage property records using a multi-layered hybrid distributed ledger architecture, identification information for a particular property is obtained and transmitted to at least one participant in a public distributed ledger network for a public distributed ledger layer. Ownership information for the same particular property is obtained and transmitted to at least one participant in a federated distributed ledger network for a federated distributed ledger layer. Transaction-related documents for the same particular property are obtained and transmitted to at least one participant in a private distributed ledger network for a private distributed ledger. The distributed ledger layers are different layers of a property distributed ledger each having a separate set of consensus rules for appending distributed ledger data to the respective layer. This allows for the immutable preservation of royalty terms and conditions for a property or asset using the distributed ledger.