Abstract: A system for credential authentication includes an interface and a processor. The interface is configured to receive a create indication to create a guest credential representing a guest badge associated with a visitor and receive a claim indication from an authentication device to claim the guest credential. The processor is configured to provide the guest credential to the authentication device in response to the claim indication, provide a proof request to the authentication device, receive a proof response from the authentication device, validate the proof response, determine a visitor tracking system associated with a request from the authentication device to authenticate entry, and provide a check-in indication to the visitor tracking system that the visitor has checked in.

Abstract: A system for credential authentication comprises an interface configured to receive a create indication to create a visitor network credential and receive a certify indication to certify an authentication device to use a network, and a processor configured to provide the visitor network credential to the authentication device in response to the certify indication, provide a proof request to the authentication device, receive a proof response, validate the proof response using a distributed ledger, generate a network certificate, and provide the network certificate to the authentication device.

Abstract: A system for tenant security control includes an interface and a processor. The interface is configured to receive a request to access shared services; provide a user interface for selecting a shared service of the shared services; and receive a selection of the shared service of the shared services. The processor is configured to determine data associated with the shared service of the shared services; store a shared-service tag indicating the data is associated with the shared service of the shared services and a tenant identifier tag indicating the data is associated with a contributing tenant; transfer the data to a model development system; determine a model using the data transferred to the model development system; and store the model.

Abstract: A system for shift design and assignment comprises an interface configured to receive scheduling input data which includes labor demand data, worker data, and scheduling configuration data, and a processor configured to generate a set of shift candidates, determine a set of decision variables, determine a cost function, determine a set of constraints, and determine simultaneously, using a SAT, a MP solver, or a MIP solver, a subset of the shift candidates selected in a final schedule and a set of shift assignments of which worker is assigned to which selected shift candidate of the subset of the shift candidates such that the hard constraints are fully respected, violations to the soft constraints are minimized, and the cost function is minimized.

Abstract: A system includes an interface and a processor. The interface is configured to receive an indication to render a proposed organization chart. The processor is configured to determine a net action queue for the proposed organization chart. Determining the net action queue includes scanning an action queue to consolidate actions for the net action queue, apply the net action queue to an original organization chart to obtain the proposed organization. The processor is further configured to chart and render the proposed organization chart.

Abstract: A system for credential authentication includes an interface and a processor. The interface is configured to receive a request from an application for authorization to access. Access to the application is requested by a user using a user device. The processor is configured to provide an authentication request to the user device, receive a device credential, wherein the device credential is backed by data stored in a distributed ledger, determine a user identifier and an authentication device associated with the user based at least in part on the device credential, provide a proof request to the authentication device, receive a proof response, determine that the proof response is valid, generate a token, and provide the token to the application authorizing access for the user.

Abstract: A system for ledger data includes a block repository, a metadata database, and a processor. The block repository stores verified secure ledger data in one or more blocks that are cryptographically linked. The metadata database stores metadata information for the one or more blocks in the block repository. The processor is configured to receive a request to create a block content and to determine the block content for a block to be stored in the block repository and metadata content to be stored in the metadata database associated with the block to be stored in the block repository, wherein the metadata content includes one or more flags and source information; and broadcast the block to be stored in the block repository to be approved by participating nodes in a network.

Abstract: A system for credential authentication includes and interface and a processor. The interface is configured to receive a request for authorization to access from an application. The processor is configured to determine a set of credentials that can enable authorization to access; generate a proof request challenge; receive a proof response; determine that the proof response is valid based at least in part on information stored in a distributed ledger; generate a token; and provide the token.

Abstract: To verify compliance with a data access policy, a query result including data specified by a requesting entity and a representation of a data access policy is received from a database. Based on the representation of the data access policy included in the query result, it is verified whether the requesting entity is permitted to access the data included in the query result. Transmission of the data included in the query result to the requesting entity is controlled responsive to the verification. Related methods, systems, and computer program products are also discussed.

Abstract: A system includes an interface and a processor. The interface is configured to receive an indication that a change has occurred to partition data on a first node, wherein the partition data is stored on a partition on the first node. The processor is configured to: determine whether the change to the partition data causes a change to a predetermined partition result of a set of predetermined partition results stored by the partition; and in response to a determination that the change to partition data affects the predetermined partition result stored by the partition: determine a new value for the predetermined partition result; store the new value; and provide an indication to a service node that the new value for the predetermined partition result has been determined, wherein the service node is selected by a client application system to manage execution of a task.

Abstract: A system for updating a hypercube includes an interface and a processor. The interface is configured to receive an indication to update a cell of the hypercube. The processor is configured to determine a primary dimension value associated with the cell; determine a group of dependencies based at least in part on the primary dimension value, wherein a dependency of the group of dependencies comprises one or more primary dimension values and a pattern; for the dependency of the group of dependencies, determine a set of source locations based at least in part on the one or more primary dimension values and the pattern; and mark the set of source locations as invalid.

Abstract: A system for providing access is configured to receive an application access request from an application for authorization to access and a sensitive data access request from the application for authorization to access a document that includes sensitive data. The system is further configured to determine to authorize access to the application in response to the application access request; to determine the user authentication device in response to the sensitive data access request; to provide a secondary request for authorization to access sensitive data to the user authentication device in response to the sensitive data access request, receive a secondary request response from the user authentication device to the secondary request; and to provide the secondary request response to the application enabling access to the sensitive data, where the document is encrypted for delivery to the application for the user using a blinding secret and an identity private key.

Abstract: A system for credential storing and verifying includes an interface and a processor. The interface is configured to receive an indication to register a credential. The processor is configured to indicate to store in a distributed ledger a DID document associated with a holder identifier using a smart contract. Storing using the smart contract employs a dual signature authentication scheme to authorize storing based at least in part on an individual signature and a ledger writer signature. The processor is further configured to indicate to store in the distributed ledger a schema associated with an issuer of the credential using the smart contract and indicate to store in the distributed ledger a credential definition associated with the schema using the smart contract.

Abstract: A system for credential authentication include an interface configured to receive a create indication to create a location aware credential, wherein the location aware credential specifies visit location data and receive a check in indication to check in from an authentication device, wherein the authentication device provides the check in indication to check in in response to determining that a detected location is within a geographic boundary designated in the visit location data of the location aware credential, and a processor configured to provide a proof request, receive a proof response, validate the proof response using a distributed ledger, and provide a success indication of successful check in.

Abstract: A processor-implemented system and method for enabling a relying party device associated with a relying party to verify an identity of a user. The method includes the steps of (i) generating, using a cryptographic processor on a user device associated with the user, a first set of credentials including a public-private key pair associated with the user, (ii) receiving at least one cryptographic challenge from the relying party device associated with the relying party, (iii) verifying at least one of a biometric or a PIN code, (iv) responding to the at least one cryptographic challenge by performing the at least one cryptographic operation on the cryptographic challenge using the user private key to form a result of the at least one cryptographic operation and (v) transmitting the result of the at least one cryptographic operation as a cryptographic challenge response to the relying party device.

Abstract: A system includes an interface and a processor. The interface is configured to receive, at an application routing platform, an API call for an application platform comprising a signed tenant token. The processor is configured to determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.

Abstract: A system for creating an identity mapping on a distributed ledger includes an interface and a processor. The interface is configured to receive a request to create an identity mapping on a distributed ledger. The processor is configured to generate an identity key pair; generate a mobile encryption key; encrypt a private identity key of the identity key pair using the mobile encryption key to create an encrypted private key; store the encrypted private key; create a mapping document; sign the mapping document with the private identity key of the identity key pair; and provide the signed mapping document to be stored in a distributed ledger.

Abstract: A credential accessing system includes an interface and a processor. The interface is configured to receive a request to access a credential using a credential access application. The processor is configured to execute the credential access application in response to a request from a user application, wherein the request from the user application comprises an indication of a target application. Executing the credential access application comprises:1) receiving an indication of interactive control, wherein interactive control is redirected from the user application, and wherein the indication of interactive control comprises the indication to access the credential; 2) determine whether to allow access to the credential; and 3) in response to determining to allow access to the credential, access the credential and provide the credential to the target application; and 4) indicate to redirect interactive control to the target application.

Abstract: A system for blockchain-based authentication comprises an interface and a processor configured to (i) receive, by a first device, a command from a second device, where the first device is associated with a first trust certificate, (ii) receive a second trust certificate from the second device, (iii) communicate a cryptographic challenge using a public key of the second device to the second device, (iv) receive a response to the cryptographic challenge from the second device, (v) check whether the response matches with a predetermined correct response or not, and (vi) authenticate the second device and execute the commend received from the second device only if the response matches with the predetermined correct response.

Abstract: A system for credential authentication comprises an interface configured to receive a create indication to create a badge credential representing an employee badge and receive a claim indication from an authentication device to claim the badge credential, and a processor configured to provide the badge credential to the authentication device in response to the claim indication, receive a proof response from the authentication device comprising the badge credential and a lock identifier, validate the proof response using a distributed ledger, and provide a token for unlocking a lock associated with the lock identifier to the authentication device.