The present disclosure relates to systems, methods, and non-transitory computer readable storage media for implementing a scalable, secure, efficient, and adaptable distributed digital ledger transaction network. Indeed, the disclosed systems can reduce storage and processing requirements, improve security of implementing computing devices and underlying digital assets, accommodate a wide variety of different digital programs (or “smart contracts”), and scale to accommodate billions of users and associated digital transactions. For example, the disclosed systems can utilize a host of features that improve storage, account/address management, digital transaction execution, consensus, and synchronization processes. The disclosed systems can also utilize a new programming language that improves efficiency and security of the distributed digital ledger transaction network.

In an example, a method is described. The method comprises receiving a log comprising information about a computing system. The log is sent by a computing device associated with the computing system. The computing device comprises a first identity bound to a third identity of a certificate authority (CA) and a second identity bound to the first identity. The method further comprises receiving a signature for the log. The method further comprises verifying a certificate indicative of the second identity having been certified. The method further comprises verifying the received signature.

Baseboard management controller (‘BMC’) group administration includes: receiving, by a member BMC from a leader BMC, a leader certificate and a request to join a group of the leader BMC, where the request is signed by the leader BMC and the leader certificate is signed by a certificate authority; authenticating, by the member BMC, the leader certificate and the request; and sending, by the member BMC, an acknowledgement to the leader BMC to join the leader BMC's group.

Methods and systems for implementing DevID enrollment for hardware redundant Trust Platform Modules (TPMs), are described. A system can include hardware redundancy for management modules, and for TPMs that correspond to each management module. Accordingly, a product can have a dual-TPM configuration, where both modules are associated with the same product. Further, a process that particularly considers the presence of dual-TPMs for creating, issuing, and enrolling DevID certificates is described. The process issues and maintains DevID certificates for each TPM by synchronizing dual sessions that correspond to each TPM. Also, the process accounts for duplicate identification data, for example allowing the certificate authority (CA) to sign certificates for dual-TPMs linked to the same chassis number. The process can include performing validation checks, rendezvous points, and locks to ensure that DevID certificates are successfully issued for each of the dual-TPMs, respectively.

A system for blockchain-based authentication comprises an interface and a processor configured to (i) receive, by a first device, a command from a second device, where the first device is associated with a first trust certificate, (ii) receive a second trust certificate from the second device, (iii) communicate a cryptographic challenge using a public key of the second device to the second device, (iv) receive a response to the cryptographic challenge from the second device, (v) check whether the response matches with a predetermined correct response or not, and (vi) authenticate the second device and execute the commend received from the second device only if the response matches with the predetermined correct response.

A system and method enabling an entity to prove its identity and provide authentic documents/data/information therein at any time required based upon data retrieved from an independent cryptographically verifiable source (ICVS) through a secured channel is disclosed. The system enables a virtual and secure browser on a user computing device allowing a user to login and retrieve authentic information pertaining to the user from the ICVS in a verifiable and untamperable manner. The retrieved information is bounded with origination information of the ICVS and the bounded information is provided to relying entities as authentic information for verification. Also, cryptographic value of the authentic information can be stored in an immutable storage such as blockchain, so that the cryptographic value is used by the relying-party to validate integrity of the authentic information.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax ID, user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

Examples relate to a BC network including a plurality of network devices deployed in a network. The plurality of network devices includes an authoritative network device that generates a transaction in a distributed ledger. The transaction includes location information of a new public key certificate to be deployed in each of the network devices. In order to verify the transaction, a network device of the plurality of network devices verifies, using a smart contract, whether the new public key certificate is valid and whether the new public key certificate is different from a previously recorded public key certificate in the distributed ledger. In response to successful verification by at least a predefined number of network devices of the plurality of network devices, each of the network device record the transaction in the distributed ledger.

In a general aspect, a plurality of cryptographic hash trees is generated. Each hash tree includes a root node and a plurality of leaf nodes. The leaf nodes are generated from verification keys for a one-time signature scheme. The hash trees are stored on hardware security modules. Public keys are generated for each of the hash trees. A composite public key is then generated for the plurality of hash trees such that the composite public key includes the plurality of public keys. A digital certificate that certifies the composite public key is obtained, the digital certificate including the composite public key and a digital signature of a certificate authority.

A system and method includes mobile device, a SIM associated with mobile device, an MNO computer, a computer associated with an owner of the mobile device, a first set of keys stored in the SIM for securely communicating with the MNO computer, and a second set of keys for securely communicating with the computer associated with the owner of the mobile device, to exchange application information. The SIM can be configured to determine when updated information related to the second set of keys is required, securely send a request to the MNO computer for updated information related to the second set of keys using the first set of keys, and responsively receive the updated information related to the second set of keys from the MNO computer, the updated information being provisioned by the computer associated with the owner of the mobile device. The mobile device is configured to utilize the updated information related to the second set of keys to establish data communication between an application running on the mobile device and the computer associated with the owner of the mobile device.