Abstract: The disclosure provides a method for recording a data block on a blockchain, a leader accounting node, and a storage medium. The method includes: generating a target data block; determining whether the plurality of branch blockchains include a branch blockchain having at least one data block waiting to be added onto the blockchain and for which no consensus has been reached; based on a determination that first branch blockchains have no data block waiting to be added onto the blockchain and for which no consensus has been reached, selecting, from the first branch blockchains, a branch blockchain for recording the target data block; recording a digest value of a previous data block recorded on the selected first branch blockchain in a block header of the target data block; and transmitting the target data block to other accounting nodes in the group of accounting nodes for reaching a consensus.

Abstract: For validation of position, navigation, time (PNT) signals, a hash included in messages with PNT data is used to validate the source of the message without backhaul. Different tags from a hash chain are included in different messages. The receiver is pre-loaded with the root or later trusted hash tag of the chain as created. The hash of any received message may be hashed by the receiver. The result of the hashing will match the pre-loaded or trusted hash tag if the transmitter of the message is a valid source. The PNT data may be validated using a digital signature formed from the PNT data for one or more messages and the hash tag wherein a hash tag of the chain in a subsequently received message is used as the key. The digital signature may be formed from data across multiple messages.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols, a first subset of data symbols and a second subset of data symbols. Disclosed example apparatus also modify the first subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, but not modify the second subset of data symbols based on the further timestamp symbol, the further timestamp symbol to identify the one of the plurality of timestamp cycles to be represented by the timestamp of the watermark. Disclosed example apparatus further embed the watermark in a piece of media.

Abstract: An operation method of a memory system, the operation method may include: determining a garbage collection trigger condition based on current time and usage of the memory system over a set period of time; and performing a garbage collection operation when the garbage collection trigger condition is satisfied.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a first communication request, from a web browser of a user. A request for information is sent to the web browser. A first communication as part of the first conversation is received from the user. A conversation identifier is identified and used to store the conversation of the first user. A request is received from a second, different, responder for the conversation. The conversation identifier is determined based on the request from the second responder. The request for information and first communication are retrieved from a persistent data store and sent to the second responder.

Abstract: A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

Abstract: A system and method in accordance with examples may include an identity verification kiosk. The identity verification kiosk may include a display comprising a user interface; a card reader; a document scanner; a printer; and a processor in data communication with a server and a database storing user information. The processor may be configured to receive an identification verification request from the user interface; receive user information via the document scanner or the card reader; retrieve user information from the database; verify the identity of a user; and print a unique identifier on a document using the printer.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A packet from a sender entity to a recipient entity is intercepted. A determination is made whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, and each entity identifier is unique among the plurality of entity identifiers. Rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other. The packet is forwarded to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity. At least one mitigation action is performed when it is determined that the recipient entity is not permitted to communicate with the sender entity.

Abstract: A distributed key management system, which contains a server, a plurality of key-holding devices adapted to communicate with the server; and a key-requesting device adapted to communicate with the server. Each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key. The server is adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices. The key-requesting device is adapted to obtain the private key from the server. The systems according to the invention provide a zero-trust model key management scheme and would eliminate the risk of key leakage to unauthorized person while providing flexibility of authorizing devices.

Abstract: The present disclosure relates to a method and system for enabling TOT security using a decentralized TOT security platform that leverages the advanced communication and blockchain security thread model to protect TOT eco-systems. The platform uses a multi-chain data schema including a device chain and an event chain. The multi-chain data schema uses a time-envelope mechanism to generate an event to connect different device chains and enforce a set of security rules through smart contracts. The method comprising receiving an encrypted block from TOT device with event data and verifying the device signature and identity based on certain rules within the device chain. Further, the method comprising determining access to event chain using previous token, current token and timestamp of the encrypted block and updating the event chain upon access determination. The event chain protects data integrity and confidentiality against malicious packets, unauthorized devices, weak encryption and man-in-the-middle attacks.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark. Disclosed example apparatus also swap at least two symbols of the watermark when the timestamp is to represent a second one of the timestamp cycles, but do not swap the at least two symbols of the watermark when the timestamp is to represent a first one of the timestamp cycles. Disclosed example apparatus further embed the watermark in a first piece of media.

Abstract: A multi-framework blockchain service may be implemented with a common interface to manage different types of blockchain networks. Requests to create a blockchain network may be received via an interface for the control plane that triggers the creation of the blockchain network according to an identified workflow. Various operations to change the blockchain network, including membership changes, node additions, governance changes, analytics changes, and monitoring changes may be allowed or denied by the control plane according to a distributed governance policy in effect for the blockchain network.

Abstract: Disclosed is a method of witnessing electronic signing of a document. The method may include identifying an eligible witness device from a signature request. Furthermore, the witness electronic device may be configured to verify the signor electronic device before making a document available to a signor electronic device based on a witness action from the witness electronic device. Additionally, the method may include transmitting the document to the signor electronic device upon verification of the signor electronic device. Furthermore, the signed document may include the electronic signature of the signor.

Abstract: A computer-implemented method includes displaying first content within an interface of a group-based communication channel of a group-based communication platform on a first user device associated with a member of the group-based communication channel; receiving a request from the first user device to share the first content outside of the group-based communication platform; in response to the request from the first user device, generating a link to the first content for sharing outside of the group-based communication platform; receiving a request to view the first content from a second user device, wherein the request to view the first content originated outside of the group-based communication platform and is associated with the link; and displaying the first content on the second user device.

Abstract: A device includes a memory and a processor. The processor is to execute the instruction to: receive, from a user device, a username of a user and a string; retrieve a first Message Authentication Code (MAC) and a salt from a database in response to receiving the username and the string; send the first MAC, the salt, and one or more parameters to a Hardware Security Module (HSM); receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters and the salt. In addition, the processor to perform one of: authenticate the user when the message indicates that the first MAC matches the second MAC; or not authenticate the user when the message indicates that the first MAC does not match the second MAC.

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: Disclosed are a method and apparatus for processing an account of a blockchain network. The method includes: obtaining an account transaction request associated with a chain account, wherein, the chain account belongs to the blockchain; obtaining an account smart contract from the account transaction request, and writing the account smart contract into a block, wherein, the account smart contract is configured to perform operation on a chain element in the chain account when executed.

Abstract: A method and system of authenticating a device within a network of connected devices that share a ledger of transactions between them under the form of exchanged blockchain messages and comprising: computing a PoK chain (70) based on the enhanced blockchain, receiving an authentication request from an application or a device, the authentication request including one or more PoKs (71), retrieving from the PoK database the PoK chain (70) corresponding to the application or device identified in the authentication request; computing a PoK (71) based on the PoK chain (70) retrieved from the PoK database, comparing it with the PoK (71) included in the authentication request, and if they match, validating the authentication request.

Abstract: A method for obtaining a blockchain structure includes providing a first data block and a second data block, wherein a first data processing rule is assigned to first data of the first data block, and a second data processing rule is assigned to second data of the second data block. The first data processing rule is linked to the second data processing rule to obtain a third data processing rule, wherein the first data processing rule is executed before the second data processing rule when the third data processing rule is executed. The second data processing rule is linked to the first data processing rule to obtain a fourth data processing rule. When the fourth data processing rule is executed, the first data processing rule is executed after the second data processing rule. The third data processing rule is stored in the second data block and the fourth data processing rule is stored in the first data block to obtain the blockchain structure.

Abstract: An entity can disseminate nonces by introducing them into various aspects of network traffic, and then listening for them, thereby detecting eavesdroppers on the Internet. A nonce may be numeric, alphanumeric, or otherwise; nonces are contextually appropriate to how they are disseminated. Preferably, a nonce is disseminated by incorporating it into some aspect of network traffic. For example, a nonce can be placed in a network identifier such as an IP address or domain name label. Correlating the circumstances under which the nonce was disseminated and under which it was observed to “propagate”, intelligence about who is eavesdropping on what portions of the Internet can be derived. Such intelligence can be put to many uses, including reporting on eavesdroppers, routing traffic around eavesdroppers, developing reputation scores, and adopting enhanced obfuscation/privacy/security techniques.

Abstract: A delivery method, device, system, unmanned vehicle, and computer-readable storage medium, relating to the field of logistics technology. The delivery method includes monitoring a state of the unmanned vehicle; verifying a verification code input by the user and received from the unmanned vehicle in response to the unmanned vehicle being not in an abnormal working state, and transmitting an unpacking instruction to the unmanned vehicle in response to successful verification.

Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols, a first subset of data symbols and a second subset of data symbols. Disclosed example apparatus also modify the first subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, but not modify the second subset of data symbols based on the further timestamp symbol, the further timestamp symbol to identify the one of the plurality of timestamp cycles to be represented by the timestamp of the watermark. Disclosed example apparatus further embed the watermark in a piece of media.

Abstract: A first electronic media is received at a first display device. The first display device is located in a first environment. One or more metadata items may be identified based on the first electronic media. The one or more metadata items associated with at least one portion of the first electronic media. One or more users is detected, including a first user, in the first environment. A view permission of the first user is determined based on the one or more metadata items. The view permission indicates whether the first user is permitted to view the at least one portion of the first electronic media. An electronic media update to the first electronic media is performed based on the view permission of the first user. The updated first electronic media is displayed by the first display device after performing the electronic media update.

Abstract: Apparatus, methods, and computer-readable media for facilitating detection of false base stations based on signal times of arrival are disclosed herein. An example method for wireless communication of a UE includes receiving a signal from each of one or more neighboring base stations. The example method also includes determining a system timing associated with the wireless communications network based on a respective time of arrival at which each signal is received from the neighboring base stations. The example method also includes receiving a signal from an FBS, the FBS signal being associated with a PCI different than the PCIs associated with the signals received from each of the neighboring base stations. Additionally, the example method includes identifying a presence of the FBS based on a difference between the system timing and a time of arrival at which the signal is received from the FBS.

Abstract: The invention relates to a method for the tamper-proof storing of data in a bidirectionally linked blockchain structure. The method comprises the steps of creating an additional block Bi to extend the blockchain structure which comprises the data to be stored as payload data creating a bidirectional linking of the additional block Bi to a predefined number of preceding blocks, wherein creating the bidirectional linking comprises performing a backward linking of the additional block to the predefined number of preceding blocks and performing a forward linking of the predefined number of preceding blocks to the additional block.

Abstract: A computational device receives an input/output (I/O) operation directed to a data set. In response to determining that there is a time lock on the data set, a determination is made as to whether a clock of the computational device is providing a correct time. In response to determining that the clock of the computational device is not providing the correct time, the I/O operation is restricted from accessing the data set. In response to determining that the clock of the computational device is providing the correct time, a determination is made from one or more time entries of the time lock whether to provide the I/O operation with access to the data set.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark. Disclosed example apparatus also swap at least two symbols of the watermark when the timestamp is to represent a second one of the timestamp cycles, but do not swap the at least two symbols of the watermark when the timestamp is to represent a first one of the timestamp cycles. Disclosed example apparatus further embed the watermark in a first piece of media.

Abstract: For validation of position, navigation, time (PNT) signals, a hash included in messages with PNT data is used to validate the source of the message without backhaul. Different tags from a hash chain are included in different messages. The receiver is pre-loaded with the root or later trusted hash tag of the chain as created. The hash of any received message may be hashed by the receiver. The result of the hashing will match the pre-loaded or trusted hash tag if the transmitter of the message is a valid source. The PNT data may be validated using a digital signature formed from the PNT data for one or more messages and the hash tag wherein a hash tag of the chain in a subsequently received message is used as the key. The digital signature may be formed from data across multiple messages.

Abstract: A system detects deviation from a computer operating system boot and operating system load. The system identifies approved operating system boot modules, approved operating system load modules, essential operating system boot components, and essential operating system configuration information, which are then hashed to create an operating system boot profile. The operating system boot modules and the operating system load modules are then executed to start the operating system. The operating system boot profile is used to verify that that there has not be any deviation from the start of the operating system.

Abstract: A system for credentialing a miner for a blockchain system is provided. The system interacts with a Trusted Witness to obtain a witness statement attesting to the identity of the miner. The witness statement includes a miner public key of the miner and a signed miner public key signed using the corresponding miner private key. The system provides to a notary the witness statement and signed bylaws signed using the miner public key. The system receives from the notary a digital identity signed by the notary that includes an identification of the notary, the witness statement, and the signed bylaws. The miner uses the digital identity when participating in mining for the blockchain system.

Abstract: An SSD includes a controller having a first non-volatile memory in which a power-off timestamp is stored, and a hardware register accessible by a host. The SSD also includes a second non-volatile memory coupled to the controller, the second non-volatile memory storing instructions for at least one boot-up mode of the SSD. Upon power up of the controller and prior to the controller executing the instructions for at least one boot-up mode of the SSD, the controller receives, in the hardware register, a power-on timestamp from the host and determines, based on the power-on timestamp and the stored power-off timestamp, a boot-up mode of the SSD.

Abstract: Aspects create a tree data structure that indexes a collection of documents present in a data repository at a point in time. The tree data structure includes a plurality of nodes. For each such node, a respective root hash value of that node is determined. The root hash value of a leaf node is determined from hash value(s) for element(s) of that node that are keyed to documents in the collection. The root hash value of a parent node is determined from a root hash value for each of its child nodes. For a given document that is purported to be a target document present in the data repository at the point in time, processing is performed that uses the tree data structure in facilitating verification that the given document is the target document. This includes providing a cryptographic proof to demonstrate whether the given document is the target document.

Abstract: A method for protecting the integrity of log data. The log data includes a sequence of log data elements associated with an operation of a first logic circuit. The method includes receiving, at a second logic circuit remote from the first logic circuit, a log data element of the sequence of log data elements. Based on the log data element and secret information unknown to the first logic circuit, a protected log data element is generated at the second logic circuit is provided.

Abstract: A computing device may perform a method that includes determining whether internal time reference data is available while booting the computing device. When the internal time reference data is unavailable, the device clock is set to a default time setting. However, when the internal time reference data is available while booting the computing device, the method includes searching the internal time reference data for a most recent time reference, and setting the device clock to a current time setting based on the most recent time reference.

Abstract: A system for secured logging of a second event. The system includes a logging device and a triggering device The triggering device receives an input related to the second event, creates second event message based on received input related to the second event, and receives the first set of data related to first logged event from the logging device. The triggering device further creates a first position-lock data from the first set of data, creates a second append request, and provides the second append request to the logging device. The logging device is configured to verify the second append request. Based on positive verification, the logging device creates a logging device signature over a second log-append-approval, and combines the created logging device signature with the provided second append request to form a second logged event.

Abstract: An example operation may include one or more of receiving, by an orderer, a split transaction that contains configuration transactions for new channels, generating, by the orderer, a split block that includes a split transaction payload and a block header, and sending, by the orderer, the split block to participant nodes to form new channels based on a content of the split block.

Abstract: A device includes a memory and a processor. The processor is to execute the instruction to: receive, from a user device, a username of a user and a string; retrieve a first Message Authentication Code (MAC) and a salt from a database in response to receiving the username and the string; send the first MAC, the salt, and one or more parameters to a Hardware Security Module (HSM); receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters and the salt. In addition, the processor to perform one of: authenticate the user when the message indicates that the first MAC matches the second MAC; or not authenticate the user when the message indicates that the first MAC does not match the second MAC.

Abstract: Methods and systems for consistent reads in a distributed transaction protocol are disclosed. A method includes: receiving, by a computing device, a request to write a revision of a data object in a dispersed storage network (DSN); sending, by the computing device, a proposal with the revision of the data object to a plurality of storage units; receiving, by the computing device, a response to the proposal from each of the plurality of storage units, the response including a proposed minimum timestamp corresponding to the data object; determining, by the computing device, a minimum timestamp for the data object based on the proposed minimum timestamps received from the plurality of storage units; and determining, by the computing device, a version of the data object written in the DSN based on the minimum timestamp.

Abstract: One embodiment provides a method, including: identifying, using a tamper detection switch of an information handling device, a tampering event; determining, using a processor, contextual data associated with the tampering event; constructing, based on the determining, a signal comprising the contextual data; and broadcasting, using a radio transmission beacon, the signal. Other aspects are described and claimed.

Abstract: An embodiment of a system for securing media content includes a digital media device comprising a memory associated with a secure element. The memory contains a private key and storage for at least one group key. The private key is used to decrypt transmissions from a remote access control system that are encrypted by a corresponding public key. The digital media device further comprises logic configured to respond to a first message received from the remote access control system encrypted by the public key and including a first group key, the logic responding to the first message by decrypting the first group key and storing the first group key in the memory of the secure element. The digital media device further comprises logic configured to decrypt a content key with the first group key. The content key is used to encrypt media content stored on a medium accessible by the digital media device.

Abstract: In implementations of the subject matter described herein, a new approach for controlling and tracing an object across a plurality of parties is proposed. A rule set may be enabled by the confirmation of a plurality of parties. The rule set may define constraints on operations related to the object. Upon receipt of a request for an operation related to the object, the requested operation may be verified based on the rule set agreed by the plurality of parties. In response to verifying that requested operation is valid, the requested operation may be performed, and a record for the operation may be created and stored in a blockchain database accessible to the plurality of parties.

Abstract: A method for encrypting database data includes generating an encryption key for a first file stored in a data store, wherein a table in a database comprises an entry pointing to the first file. The method includes generating a second file by encrypting the data the first file in the data store using the encryption key without modifying the first file. The method includes, in response to generating the second file, modifying the entry in the table to point to the second file, wherein the modification of the entry is performed atomically. A process for rekeying from the first file to the second file may happen in the background without blocking, interfering, or otherwise obstructing user interaction with a database system.

Abstract: Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.

Abstract: A system performs digital notarization using a biometric identification service. A signature requesting service receives a request to validate a digital item with a signature for a person. The signature requesting service provides a payload that identifies the digital item and/or the person to an identity service. The identity service obtains one or more digital representations of biometrics for the person, determines an identity for the person, and returns a data structure including the payload and one or more identity attestations regarding the determined identity. The identity service encrypts at least a portion of the data structure using a private encryption key. A public encryption key for the identity service can then be used to decrypt the portion to verify that the data structure was generated by the identity service after determining the identity. In this way, validation can be verified to the full trust level of the identification service.

Abstract: This disclosure describes dynamic access control using capabilities (via dynamic access control interface (150)) on a blockchain system (180). The blockchain data structure is a time-stamped list of blocks, chained together cryptographically. In this disclosure, capabilities can be recorded on a blockchain system (via capabilities storage (170)) and thus access propagation is known. This makes revocation of access achievable by recording a new transaction, which in effect removes the previous authorization. There will be no change to transaction history and instead a new transaction records (170) the current status of the capability. An example implementation on a blockchain system (180) is given in Ethereum, which allows programs called “smart contracts” to run as transactions.

Abstract: Some embodiments are directed to a blockchain verification method for a secondary blockchain, the blockchain verification method including sending an activation transaction to a primary blockchain management device which is configured to manage the primary blockchain. The primary blockchain management device is configured to execute a smart contract based on input in the activation transaction generating a result, and publish the result on the primary blockchain.

Abstract: Systems, methods, apparatus, and articles of manufacture to improve timestamp transition resolution of watermarks are disclosed.

Abstract: A computer implemented method, system, and program product comprising examining points in time in each journal of each of the replication sites, determining certain points of time in each journal of each of the replication sites to be deleted based on a policy, and deleting the certain points of time in each journal of each of the replication sites.