The disclosure relates to, among other things, systems and methods for facilitating the secure recording of assertions made by entities tied to identities. Embodiments of the disclosed systems and methods may allow users to make non-revocable, difficult to forge, cryptographic assertions tied to their identities through the posting of entries in an immutable ledger. In certain embodiments, a user's cryptographic assertions may be preceded by ledger entries which feature certificates from trusted authorities that tie the keys used for making assertions to the user's identity. Further embodiments provide for a mechanism for disabling further entries posted under a user's key, either automatically or at the user's initiation.

Methods for a virtual blockchain protocol include generating a public key and a private key for transmitting a message from a sender to a recipient. The sender encrypts the message using the public key and a cryptographic key of the recipient to generate a first data package. The sender signs a hash function of the first data package using a cryptographic key of the sender to generate a third data package. The sender transmits the first data package and the third data package to the recipient. The sender receives a signed version of the third data package signed using the cryptographic key of the recipient. The sender determines that the signed version of the third data package has been posted to a blockchain. The sender posts the private key to the blockchain.

Systems and methods are provided for using verifiable credentials. One example computer-implemented method includes receiving, by an identity provider (IDP) computing device, an identity request from a relying party and directing the request to a user of an application at a mobile device associated with the user, where the mobile device includes a verifiable credential. The method also includes receiving, by the IDP computing device, from the mobile device, the verifiable credential, verifying the verifiable credential based on a public key associated with an issuer of the verifiable credential, and transmitting a link and a first authorization of the verifiable credential to the relying party. The method further includes receiving, by the IDP computing device, a request for identity data from the relying party including a second authorization and, in response to the first authorization matching the second authorization, returning the identity data to the relying party.

A network communication method for accessing a service on a remote system by a client system includes receiving data from a user personal data management system, the data including at least one definition of at least one choice of a user for processing personal data associated with the user, the at least one definition being associated with an identifier of the user, transmission of a connection request to the remote server including at least the definition associated with the identifier, establishing a first communication between the client system and the remote system, and establishing a second communication from the remote system to the client system, the second communication being authorized by the management system, based on the definition.

In some aspects, an apparatus for encoding data for delivery to or for decoding data retrieved from a storage medium comprises a memory device and at least one hardware processor. The memory device is configured to store at least one parameter associated with at least one cryptographic protocol, the at least one parameter comprising one or more of a first cryptographic scheme, a first cryptographic key operation, a first cryptographic key length, and first cipher directives. The hardware processor is configured to generate a first frame comprising a first field for one parameter selected from the first cryptographic scheme, the first cryptographic key operation, the first cryptographic key length, and the first cipher directives and excluding fields for non-selected parameters, wherein the first frame is associated with the data delivered to or retrieved from the storage medium.

The present invention relates in particular to a pairing method between a multimedia unit and one operator having an operator identifier, the multimedia unit having a multimedia unit identifier and receiving conditional access data from said operator, the method being characterized in that: receiving by the multimedia unit a multimedia unit key formed by applying a first cryptographically function to a personalization key and to the multimedia unit identifier; receiving by the operator an operator key formed by applying a second cryptographically function to said personalization key and to the operator identifier; said multimedia unit further having a function of the multimedia unit and said operator further having a function of the operator, these functions being such that the result of the application of the function of the operator to said operator key and to said multimedia unit identifier is equal to the result of the application of the function of the multimedia unit to said multimedia unit key and to said operator identifier, this result forming a pairing key between said multimedia unit and said operator.

Embodiments relate to systems for distribution of cryptographic keys generated with high quality entropy on to new or configurable devices using a centralized entropy provider located at a server and a provisioning device that communicates between the server and the configurable devices. The server may receive a request from a provisioning device for a cryptographic keypair. For example, the provisioning device may be physically connected to a configurable device for bootstrapping and requests the identity keys to install on to the configurable device. The server generates the cryptographic keypair having newly generated public and private keys for the configurable device. The server encrypts the newly generated keypair (e.g., in the form of a private key and a certificate having the public key) using the public key of the provisioning device and transmits the encrypted keypair to the provisioning device for decryption and installation on to the configurable device.

This disclosure relates to method and system for encrypting and decrypting a facial segment in an image with a unique server key. The method includes receiving an image from one of a plurality of users. The image includes a plurality of facial segments. The method further includes, for each facial segment from the plurality of facial segments, identifying a unique user associated with the facial segment using a facial recognition algorithm, encrypting the facial segment with a unique server key, generating a protection frame, unlockable with the unique server key, to cover the facial segment, and decrypting the facial segment while rendering the image for at least one of the plurality of users upon receiving the unique server key from the at least one of the plurality of users.

A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

Disclosed are methods and systems for securely providing identity attributes. A server computer may receive, from a relying entity, a request for identity attributes associated with a target entity, wherein the request for identity attributes includes a session identifier associated with the target entity and an identifier of the relying entity. The server computer may validate the request based on the session identifier. The server computer may identify, based on the identifier of the relying entity, a package defining types of identity attributes for the relying entity and a data access token associated with the package. Based on validating the request, the server computer may transmit, to a digital identity provider, a request for a set of identity attributes corresponding to the package, the request comprising the data access token. The server computer may receive, from the digital identity provider, the set of identity attributes.