Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.

An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

A system for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle. The system includes: a processor; one or more memory blocks, an input, set up to receive output data output by the component;

computer-executable instructions, executable by the processor in order to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave, which is set up to create a certificate for the component of the effect chain; an output, set up to output the certificate to the component, the certificate enclave being set up to check the output data received following output of the certificate, on the basis of the certificate, in order to output a check result, and a trigger device, set up to trigger a security action based on the check result.

Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.

Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.

Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.

In some embodiments, the present description provides a distributed blockchain ledger system that includes at least: a first distributed blockchain ledger, configured to storing first cryptographically-secured data representative of a plurality of tokenized assets; a second distributed blockchain ledger, configured to storing second cryptographically-secured data representative of a plurality of transactions related to the plurality of tokenized assets; and a plurality of smart contracts that is configured to self-execute to at least: store the first cryptographically-secured data on the first distributed blockchain ledger, store the second cryptographically-secured data on the second distributed blockchain ledger, and maintain a plurality of digital associations between the first cryptographically-secured data of the first distributed blockchain ledger and the second cryptographically-secured data of the second distributed blockchain ledger.

The present disclosure relates to systems, methods, and computer-readable media for enhancing security of communications between instances of clients and servers while enabling rotation of server certificates (e.g., X.509 certificates). The systems described herein involve updating a client list of server certificates (e.g., a certificate thumbprint) without reconfiguring or re-installing a client and/or server application, starting a new session (e.g., a hypertext transfer protocol secure (HTTPS) session), or deploying new code. The systems described herein may passively or actively update a client list of certificates to enable a client to security verify an identity of a server instance in a non-invasive way that boosts security from man-in-the-middle types of attacks.

A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.

A secure connection to a router web UI is provided. In one implementation, responsive to a client request to securely connect to a router web server (RWS), the RWS generates and sends a certificate signing request (CSR) to a remote-security certificate server (R-SCS). Upon validation of the RWS, the R-SCS signs and transmits a router web UI certificate (RWUIC) to the RWS to present to the client. In another implementation, the router includes a local-SCS (L-SCS) that periodically obtains a short-lived intermediate certification authority (ICA) certificate from the R-SCS. Responsive to a client request for secure access to the RWS, the RWS generates and sends a CSR to the L-SCS for the RWUIC. The L-SCS signs the RWUIC and passes the ICA certificate and RWUIC to the RWS, which presents the certificate(s) to the client. Upon validation of the certificate(s), a secure channel between the client and RWS is established.