The disclosed exemplary embodiments include computer-implemented systems, devices, and processes that securely manage transfers of digital assets between computing devices using permissioned distributed ledgers. By way of example, an apparatus may receive, from a first device, a request to transfer a digital asset to a second device and a first digital signature applied to the request. Based on a validation of the first digital signature, the apparatus may approve the request and apply a second digital signature to the request and the first digital signature indicative of the approval of the request by the apparatus. The apparatus may also transmit the request, the first digital signature, and the second digital signature to a computing system, which may validate the first and second digital signatures and perform operations that record the first public key and asset data identifying the digital asset within at least one element of a distributed ledger.

Provided is a bootstrap method for registering a charging station (CS), which was in an offline state, to an electric vehicle charging station management system (CSMS) and operating same. The bootstrap method comprises the steps of: storing at least partial bootstrap information in a CS so as to configure bootstrap information; connecting the CS to a CSMS by setting a security channel between the CS and the CSMS for maintaining registration information about the CS; and registering the CS to the CSMS.

Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, a certification authentication method includes receiving a list of third party root certificates from a remote server, the list of third party root certificates including at least one association between a program configured to run on the computing apparatus and a public key for authenticating communication between the program and an associated server of the program. The method may also include authenticating the list of third party root certificates. The method may also include initiating a communication between the computing apparatus and the associated server and authenticating the communication with the associated server using the public key. Furthermore, the method may also include loading the program onto the one or more memories during a bootstrapping process in response to determining that the communication with the associated server is authentic.

A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

Provided is a method for securely diversifying a generic application stored in a secure processor of a terminal, said method comprising: Generating at the request of a manager application hosted in an application processor of said terminal, at the level of a distant server, a server challenge; Sending said server challenge to said application; Generating a first message at said application, said first message being function of said server challenge, an application challenge and an unique identifier of said application; Sending said first message to a Root-Of-Trust service hosted in a secure processor of said terminal, said Root-of-Trust service generating an attestation of said first message, said attestation guaranteeing that said first message has not been modified and originates from said secure processor; and Transmitting said attestation of said first message to said distant server in an enablement request message.

Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.

A method of authenticating a network device may include receiving an authentication message from a third party server, the authentication message identifying a network device. The method may also include receiving a zero touch provisioning request comprising a certificate from the network device. The method may additionally include, determining the network device is associated with a third party that manages the third party server based on the certificate. The method may include transmitting a redirect message comprising a root certificate chain indicating that the network device is to send the zero touch provisioning request to the third party server.

A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.