The present disclosure relates to generating a passphrase for an encrypted volume by at least cryptographically combing the first cryptographic key and the shared secret. Where the shared secret is split into a plurality of shares and a first number of the plurality of shares is greater than a second number of the plurality of shares and the second number of the plurality of shares is required to reconstruct the shared secret.

A decentralized public key management system for named data networks based on blockchain, which solves the Compromised Certificate Authority (CA) Problem. The system divides the power of an individual CA among multiple Public Key Miners (PKMiners) that maintain the public key blockchains. The majority rule in name-principal validation allows the present invention to tolerate compromised PKMiners without causing any damage.

A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

Systems, methods, and computer-readable storage media for receiving, from an issuer, an electronic prescription for a patient, then fulfilling that prescription using a blockchain/distributed ledger verification system. The system receives multiple public keys, combines them, then performs a hash function (or other encryption) on that combination. The resulting output is then transmitted to a pharmacy for prescription fulfillment.

Methods, systems, and devices for enabling public key infrastructure (PKI) in the generic could environment and the network function virtualization (NFV) environment. A host device may receive, from an orchestrator of a computer network environment, an indication of a workload to be executed by a virtual machine (VM) hosted on the host device, where the indication includes an identifier of the workload. The VM may transmit a request for a certificate to a hardware security module associated with the host device including the identifier of the workload. After transmitting the request for the certificate, the VM may receive the requested certificate from the HSM. In some cases, the VM may determine a private key associated with the workload and include the private key within the request for the certificate. Additionally or alternatively, the HSM may determine the private key. Here, the HSM may include the private key within the certificate.

A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

A multi-phase boot operation of a virtualization manager at a virtualization host is initiated at an offload card. In a first phase of the boot, a security key stored in a tamper-resistant location of the offload card is used. In a second phase, firmware programs are measured using a security module, and a first version of a virtualization coordinator is instantiated at the offload card. The first version of the virtualization coordinator obtains a different version of the virtualization coordinator and launches the different version at the offload card. Other components of the virtualization manager (such as various hypervisor components that do not run at the offload card) are launched by the different version of the virtualization controller.

A method for signing up a user to a service for controlling at least one functionality in a vehicle (10) by means of a user terminal (20) comprises the following steps: —communicating a user identifier and an identifier associated with the vehicle (10) to a server (50); —having the server (50) authenticate an electronics unit (11) of the vehicle (10); —in the event of successful authentication, registering the user identifier and the identifier associated with the vehicle (10) in association with one another in the server (50).

A cybersecurity infection detection system and method of use. In some embodiments, the system and process provide improved network security, computer security, or both, through mutually assured, defense in depth approaches. In some embodiments, one or more of defense in depth, collaborative attack detection, remediation, component redundancy, component self-monitoring, and component self-replacing are combined to effect an enhanced cybersecurity system. In some embodiments, the cybersecurity system and method include, but are not limited to, one or more of one or more probes, monitors, configuration ledgers, signature ledgers, audit ledgers, configuration controllers, message engines, switchboards, and a public-private key infrastructure.