This disclosure relates to, among other things, systems and methods for deriving key identifiers and managing mapping between keys and key identifiers. Consistent with embodiments disclosed herein, the disclosed systems and methods may provide a mechanism that allows multiple parties to reconstruct unique identifiers given a set of known inputs that may be used to look up, identify, and/or otherwise access services and/or data objects. In some embodiments, this may allow for a service provider and a rights management service to independently derive key identification information based on information that both entities share (e.g., a content document such as a Content Protection Information Exchange Format document), thereby reducing requirements to maintain such mappings.

An electronic device includes a communication module, an embedded-subscriber identification module (eSIM) in which at least one profile is stored, and a processor. The processor is configured to, when accessing a server and succeeding in authentication for a first profile among at least one profile stored in the eSIM, receive an authentication token indicating successful authentication for the first profile from the server, when establishing communication with a first electronic device through the communication module, inform the first electronic device that the first profile is transmittable data, and when transmission of the first profile is requested from the first electronic device, transmit, to the first electronic device, the authentication token for downloading a second profile corresponding to the first profile from the server.

Systems and methods for sharing secrets including passwords, keys, and other confidential information used in computing environments. A secrets record generated at a secrets vault client device is encrypted using an application key associated with a computing environment. The encrypted secrets record is stored in the secrets vault server. The secrets vault client device configures a sharing client device and associated with an access token. The secrets vault client device hashes the access token and sends to the secrets vault server as a client identifier. The sharing client device performs a first-time authentication using a hashed access token with the secrets vault server. Upon successful authentication, the sharing client device requests secrets records from the secrets vault server using the client identifier.

The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.

Systems and methods are described for a cyber-physical vehicle management system generated by an Integrated Secure Device Manager (ISDM) Authority configured to manage licensing and approval of Cyber-Physical Vehicle (CPV)s, a public/private key pair and a unique ID for the Authority, create a self-signed Authority token signed by the private key, send the Authority token to a plurality of ISDM Node device configured to verify Module device authenticity and in communication with the Authority, store, by each Node, the Authority token, and mark, by each Node, the Authority token as trusted.

Systems and methods provide access to location-restricted resources outside of recognized locations. An example, a method includes receiving a request for a controlled access resource from a client device and determining that the request is not associated with a recognized location but that state data exists for the client device identifier. In response to identifying the state data, the method includes generating a link for accessing the controlled access resource at a server, generating an encrypted token including a timestamp, a random number, and licensed resource information from the state data, including the encrypted token in the link, and providing the link to the client device. The client device uses the link to request the controlled access resource from the server, which determines that the request includes the token, determines that the token is not expired, and provides the controlled access resource to the client device.

Devices can be configured to broadcast blocks incorporating artifact origination tokens. Devices can include network interfaces, memory; and processors. Processors can be configured to obtain artifact-to-time association elements. Artifact-to-time association elements can include artifact references and timestamps. Timestamps can include references to artifact references. Processors can be further configured to obtain artifact origination tokens. Artifact origination tokens can include artifact-to-time association element, certifier descriptors indicating certifier public keys, and/or certifier digital signatures. Certifier digital signatures can be generated based on certifier public keys and/or artifact-to-time association elements. Processors can be further configured to obtain ledger entries including artifact origination tokens with public keys, compute challenges based on ledger entries, and broadcast blocks incorporating the ledger entries. Blocks can be validated using cryptographic systems to obtain proof based challenges.

A method, apparatus, and system of activating and using a contactless card are disclosed. A method includes receiving a transaction card application for a contactless transaction card from an applicant; issuing a contactless transaction card based on the transaction card application, wherein the contactless transaction card comprises a uniform resource locator (URL) embedded thereon; and activating the contactless transaction card in response to receiving information from a contactless communication between the contactless transaction card and a customer device, wherein the contactless communication causes access to a web site associated with the URL.

An electronic device and method are disclosed for managing a non-fungible token (NFT). The electronic device includes: a memory configured to store computer-executable instructions, and a processor. The processor implements the method, including: generating, a NFT for target content in response to receiving a request to register the target content from a first external electronic device, generating, for the NFT, a certification authority (CA) signature indicating that the NFT is generated by the server, and transmitting, via a communication circuitry, the NFT to the first external electronic device, wherein an ownership signature is added to the NFT, together with the CA signature, the ownership signature based on a private key of a user to which ownership of the NFT is assigned.

A method comprises receiving a first outbound request, from an internal user account of an internal platform, indicating a first action to be performed by a first third-party user account of a first third-party platform. In response to authenticating the first outbound request, the method further comprises sending an application programming interface (API) request to the first third-party platform to perform the first action on the first third-party platform on behalf of the internal user account. The method further comprises receiving a first inbound request, from the first third-party user account, indicating a second action to be performed on behalf of the internal user account on the internal platform. In response to authenticating the first inbound request, the method further comprises sending an internal request to the internal platform to perform the second action on the internal platform on behalf of the first third-party user account.