Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: The invention relates to a computer-implemented method for performing an electronic discovery process using a blockchain. For at least two of phases of the electronic discovery process individual electronic data processing tools are used for executing the respective phase. For each of the phases of the electronic discovery process metadata of the electronic data objects subject to the respective phase of the electronic discovery process and to the electronic data processing tool used for executing the respective phase are stored in the blockchain. Furthermore, audit information about auditable actions carried out during the respective phase by the electronic data processing tool used for executing the respective phase on the electronic data objects is stored in the blockchain. The stored audit information provides an end-to-end audit trail for each of the electronic data objects subject to at least one of the phases of the electronic discovery process.

Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: The invention relates to a computer-implemented method for performing an electronic discovery process using a blockchain. For at least two of phases of the electronic discovery process individual electronic data processing tools are used for executing the respective phase. For each of the phases of the electronic discovery process metadata of the electronic data objects subject to the respective phase of the electronic discovery process and to the electronic data processing tool used for executing the respective phase are stored in the blockchain. Furthermore, audit information about auditable actions carried out during the respective phase by the electronic data processing tool used for executing the respective phase on the electronic data objects is stored in the blockchain. The stored audit information provides an end-to-end audit trail for each of the electronic data objects subject to at least one of the phases of the electronic discovery process.

Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: The present invention provides for a method and a computer system for managing the retention of data on WORM disk media employing an event-based scheme of retaining data. The protection of the files is accomplished by establishing a retention period for the WORM disk media file volume containing the data files, followed by a reclamation period. The retention and reclamation periods are managed by comparing the amount of reclaimable space on the file volume to a threshold value, and if the threshold is not exceeded, the retention period of the file volume is extended by a default retention extension value. If the threshold value is exceeded, the files are moved to another file volume, and the retention period of this target file volume is extended based on the longer of the default retention extension value and the latest expiration date of the file contained within the file volume.