A computer program product having a computer readable non-transitory storage medium. The storage medium having encoded thereon a computer code for instructing at least one hardware processor to automatically: (a) intercept a plurality of data packets transported over a computer network; (b) analyze said plurality of data packets to identify at least one secure connection request to an unsecure domain hosted on at least one web server; (c) retrieve a digital security certificate for the unsecure domain from a trusted certification authority; (d) associate the digital security certificate with the unsecure domain, thereby converting the unsecure domain to a secure domain; (e) send the digital security certificate to at least one second client terminal. Thereby the computer program product facilitates a secure connection between the at least one second client terminal and the secure domain.

Methods, computer readable media, and devices for escrow of master keys and recovery of previously escrowed master keys may be disclosed. A method for escrow of master keys may include registering a root certificate authority (CA) within each of two first-party hardware security modules (HSMs), initializing each of three third-party HSMs as master escrow recovery devices, performing a bootstrap operation on an authoritative blockchain to generate three master keys, generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set using a second one of the three master escrow recovery devices, and a third set using a third one of the three master escrow recovery devices, and storing the first, the second, and the third set of master key shard ciphertexts as opaque objects in each of the two first-party HSMs.

An access control system for electric vehicle charging is provided that includes an access device, a secure reservation interface, a reservation server and a smartphone application installed on the smartphone. The access device includes a short-range wireless communication module connected to a processor having control of an electric vehicle charger. The secure reservation interface receives a reservation request for a reservation at a given destination. The reservation server receives the reservation request for the destination, issues a reservation certificate, and transmits the reservation certificate from the reservation server to a smartphone. The smartphone application has access to a short range wireless communication setting corresponding to the access device. The access device receives the reservation certificate from the smartphone application based on use by the smartphone application of the short-range wireless communication setting. The processor activates the electric vehicle charger based on at least the receipt of the reservation certificate.

A public key may be recorded on the blockchain by a certificate authority in such a manner that any third party may quickly and easily verify that the public key is certified by the certificate authority and that the certification has not been revoked. The certificate authority may be able to revoke the certification nearly instantaneously, and/or may be able to simultaneously certify a new key for the same entity while revoking the old key. The verification may be incorporated into a new transaction so that there is no gap between reliance on the certificate and the verification of its validity. In some cases, each transaction in which the certificate is used may also serve as linked certificate transaction that renews the certificate to enable a subsequent use.

Disclosed are various implementations for distributing and installing packages in response to user logon events. A logon event associated with a user account is detected for a client device. A query containing a respective user account identifier is sent to a provisioning service to retrieve a set of packages to install on the client device. The set of packages are received from the provisioning service and installed on the client device.

A blockchain-based data processing method and apparatus, a computer device, and a computer-readable storage medium. The method includes: obtaining a data authorization request transmitted by an authorization terminal, the data authorization request including a data authorization certificate associated with an authorizer; performing authorization verification on the authorizer according to the data authorization request to obtain a first verification result; signing the data authorization certificate according to a private key of a first blockchain in a case that the first verification result is a valid result to obtain a first certificate signature, determining the first certificate signature as a to-be-uploaded signature, and performing uploading on the data authorization certificate carrying the to-be-uploaded signature; and transmitting the data authorization certificate to a second blockchain, and providing a query permission to a query terminal in a case that signature verification on the to-be-uploaded signature by the second blockchain succeeds.

A computer-implemented method for managing a life-cycle of at least in parts interdependent cryptographic keys is disclosed. Each of the cryptographic keys is signed and relates to a different one of artifacts. The method comprises creating a key manifest, wherein the key manifest comprises data about determined dependencies of the cryptographic keys at a point in time when one of the artifacts is built encrypting the key manifest with a manifest key, and upon a life-cycle change happening to one out of the group comprising one of the artifacts and one of the interdependent cryptographic keys in the key manifest of the one of the artifacts, the method comprises decrypting the key manifest and invoking an action to a related one out of the group comprising the one of the artifacts and at least one of the interdependent cryptographic keys in accordance with the key manifest.

Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Dynamic directory service object creation and certificate management can be performed. In response to discovering a device connected to a network, a corresponding directory service object can be automatically created, and a digital certificate can be automatically acquired and deployed on the device to facilitate authentication. Further, actions can be logged, and notifications generated based on logged actions. Time involved in deploying and configuring directory services is reduced, efficiency is improved, and there is less of a chance for errors associated with manual configuration.

Disclosed is a method for secured communication by a V2X communication device. A method for secured communication by a V2X communication device comprises the steps of: receiving a message on the basis of V2X communication; extracting adaptive certificate pre-distribution (ACPD) target information when the message includes the ACPD target information; pre-authenticating a short-term certificate; and transferring the pre-authenticated short-term certificate so that the pre-authenticated short-term certificate can be broadcasted at a predicted position.