Embodiments relate to systems and methods for securely provisioning login credentials to an electronic device on a network, e.g., a consumer premises device (CPE) device, such as, among other devices, a modem. The login credential may be used, for example, for securely provisioning and configuring a CPE device.

Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

In a vehicle-to-everything (V2X) technology environment, systems and methods are provided for extending the distribution of activation codes (ACs) in an Activation Codes for Pseudonym Certificates (ACPC) system, in a privacy-preserving manner, to a unicast mode of communication. In this unicast ACPC (uACPC), in some embodiments, the ACs are distributed by the back-end system via a unicast channel upon the receipt of the vehicle's direct request for its respective ACs. In some embodiments, uACPC can leverage edge computing architecture for low latency delivery of certificate revocation lists (CRLs) and higher availability for the distribution of ACs.

Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to an interface device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.

Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.

Methods and systems for cross-certification to bind together two cryptographic systems are disclosed. One method includes receiving, from a first certificate authority at a second certificate authority, a cross certificate request, the cross certificate request including an attribute unique to the first certificate authority. The method includes generating a cross certificate and embedding the hash value as a certificate extension within the cross certificate.

Systems and methods for building a trusted network of devices with intrusion detection system (IDS) using blockchain IoT (BIoT) technology are provided. The method includes registering an IoT device on a plurality of blockchain network channels. The plurality of blockchain network channels include an authentication channel, data channel, remote channel, and security channel connected to corresponding servers to perform dedicated operations such as device authentication, data management, remote operation/access control, and intrusion detection. On successful authentication, the IoT device is allowed to access, store and retrieve data stored on the blockchain. The blockchain ledger is updated after each data transaction and a new wallet identity or encrypted keys for the IoT device are issued after each transaction. The method further includes receiving an operational instruction from a front-end device and authenticating from the blockchain record, the wallet identity, user permissions and validity of operation's parameters based on an organization's policies.

In embodiments of systems and methods for managing an unmanned aerial vehicle (UAV) identity, a processor of a network computing device may generate an anonymity token that is associated with a digital certificate of a UAV, provide the anonymity token to the UAV for use in operations, receive a request to authenticate the UAV, wherein the request includes the anonymity token, determine whether the anonymity token included in the request is associated with the digital certificate, and send an indication that the UAV is authenticated responsive to the request in response to determining that the anonymity token included in the request is associated with the digital certificate.

A certificate renewal method includes a satellite certification authority (CA) receiving, from a central CA, permission configuration information including permission information for indicating that only renewal processes are executed, receiving a renewal request transmitted by a device, judging whether a renewal condition is satisfied, generating a new device certificate via a signing procedure implemented using a private key corresponding to a level 3 certificate of the satellite CA in response to determining that the renewal condition is satisfied, and transmitting the new device certificate to the device.

A processor-implemented method includes (i) automatically defining a first Circle of Trust (CoT) by a first CoT administrator, in a CoT database, (ii) automatically receiving, at a digital identity management (DIM) server, a first digital identity wallet (DIW) application request from a first DIW application provider server, (iii) automatically adding the first DIW application to the CoT database if the first CoT administrator approves the first DIW application request, (iv) automatically receiving, at the DIM server, a relying party application request from the at least one relying party application associated with the relying party and (v) automatically adding, the at least one relying party application to the CoT database, if the first CoT administrator approves the relying party application request.