Abstract: Access by a requesting entity to an asset is authorized by an access-controlling entity, which transmits to the requesting entity a challenge data set and then receives from the requesting entity a response purportedly corresponding to a representation of the challenge data set in a non-repudiatable form, obtained from an event validation system. The access-controlling entity queries the event validation system to determine whether the response does correspond to a correct representation of the challenge data set in the non-repudiatable form, and authorizes the requesting entity for access only if the response is correct representation. Non-repudiation can be established through entry into a blockchain, or using a hash-tree-based digital signature infrastructure.

Abstract: Data acquired, for example by a mobile platform, such as a sequence of images observed by a mobile platform, is grouped. A signature is computed for each group and is transmitted along with frame data to a reception system, which verifies correct transmission based on the group signature. The signature may be a root value of a hash tree that has at least selected ones of each group as inputs. Transmission events may also be separately signed as a whole using an event validation system. Although the signature maybe computed for all frames in a group, it may also be computed based on only a subset, selected pseudo-randomly.

Abstract: Whenever users receive or transfer a copy of any of a set of documents, prior verification of the document is enforced by an administrative system, which associates verification metadata with the copy. As each copy is itself copied and transferred, updated verification metadata is included with the previous verification metadata to form a verification lineage chain, which can later be examined to determine the circumstances of any verification failure. Documents are preferably verified by comparing the digital signature of the current copy with the signature of a reference copy. Documents may be signed by submitting them as input records to a distributed, keyless, hash tree infrastructure.

Abstract: Control of access by a requesting entity to an asset includes defining an approved state of the requesting entity. A validation of a representation of the approved state of in a non-repudiatable form in obtained from an event validation system. The requesting entity is triggered to determine its current state by an access-control entity, which compares the current state with the approved state and allows access by the requesting entity to the asset only if the current state is the same as the approved state. In a pre-authorization procedure, one or both of the entities issues a data set challenge to the other, which then validates the challenge via the event validation system and returns this validation to the challenging entity, which then checks the validation to see if it is correct. Data sets may be validated, for example, with hash tree based signatures or blockchain entries.

Abstract: Location data from one or more geolocation engines such as GPS, a system that determines location from relative signal strengths or transit times, etc., within and/or connected to a device, such as a mobile phone, vehicle, movable electronic device, computer, etc., is included in a digital record that submitted to obtain a digital signature such that the presence of the device at the particular location can later be proven. The digital record may include data that encodes a message, as well as other parameters such as time. The digital signature encodes recomputation parameters of a hash tree signature infrastructure to a highest level value, a function of which is submitted as a transaction in a blockchain.

Abstract: Initial data is included in a data structure such as an initial container at an initial entity, along with rules and a data signature of at least a portion of the initial data and other container contents relating to the initial entity and the initial data. Each rule defines at least one condition governing the permissible transfer and processing of the initial data by other entities in a provenance chain. Each receiving entity creates a container of its own to encapsulate received containers, and, after optional processing of its own, such as adding or altering data and rules, digital signature for its container. The digital signatures may be obtained from a hash tree-based signing infrastructure that returns data signatures enabling recomputation of a logically uppermost value of the hash tree. A lineage map of any given container may also be displayed for analysis by a user.

Abstract: A distributed hash tree-based authentication system for digital input records has more than one upper-level core node, each of which receives at least one uppermost value from aggregators. Communicating with each other about which aggregator values they have received, the nodes try to reach agreement as to which of these values should be included in duplicated current intra-node hash tree evaluations so as to form a consistent top-level value used as the basis for digital signatures associated with the digital input records. The top-level value is then entered either directly, or after combination with other top-level values over a period, into a block of a blockchain.

Abstract: Blockchain blocks are provided with either or both of two element types that enable later verification of block validity. One element type is identifiers, such as signatures, of trusted validators that approve entry of the block into the blockchain. Another element is a history hash tree that encodes data from not only the current block, but also at least one previous block.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having nodes computed as digital combinations of child node values up to a current calendar value. Signature vectors are generated for each of the digital records and have parameters that enable recomputation of the respective current calendar. Recomputation yields the same calendar value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value. Either the current calendar value, or a function of a plurality of calendar values over a period, is encoded in a transaction value that is stored in a block of a blockchain.

Abstract: Access by a requesting entity to an asset is authorized by an access-controlling entity, which transmits to the requesting entity a challenge data set and then receives from the requesting entity a response purportedly corresponding to a representation of the challenge data set in a non-repudiatable form, obtained from an event validation system. The access-controlling entity queries the event validation system to determine whether the response does correspond to a correct representation of the challenge data set in the non-repudiatable form, and authorizes the requesting entity for access only if the response is correct representation. Non-repudiation can be established through entry into a blockchain, or using a hash-tree-based digital signature infrastructure.

Abstract: Control of access by a requesting entity to an asset includes defining an approved state of the requesting entity. A validation of a representation of the approved state of in a non-repudiatable form in obtained from an event validation system. The requesting entity is triggered to determine its current state by an access-control entity, which compares the current state with the approved state and allows access by the requesting entity to the asset only if the current state is the same as the approved state. In a pre-authorization procedure, one or both of the entities issues a data set challenge to the other, which then validates the challenge via the event validation system and returns this validation to the challenging entity, which then checks the validation to see if it is correct. Data sets may be validated, for example, with hash tree based signatures or blockchain entries.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: Data acquired, for example by a mobile platform, such as a sequence of images observed by a mobile platform, is grouped. A signature is computed for each group and is transmitted along with frame data to a reception system, which verifies correct transmission based on the group signature. The signature may be a root value of a hash tree that has at least selected ones of each group as inputs. Transmission events may also be separately signed as a whole using an event validation system. Although the signature maybe computed for all frames in a group, it may also be computed based on only a subset, selected pseudo-randomly.

Abstract: Data packets passing from a source to a destination in a network according to a Service Function Chain (SFC) are processed by an ordered sequence of at least one service function (SF). For each SF in the SFC in order, a current value of a function, such as a hash function, is recursively computed including, as input values, at least current identifying data that identifies a corresponding current one of the SFs, and a value of the function output from an immediately preceding SF. After computing the current value of the function for a selected SF in the SFC, the current value of the function is compared with an expected value. If the value of the function for the selected SF is the same as the expected value, the data packet is allowed to be transmitted to a subsequent processing stage; if not, then an error response action is taken.

Abstract: Control of access by a requesting entity to an asset includes defining an approved state of the requesting entity. A validation of a representation of the approved state of in a non-repudiatable form in obtained from an event validation system. The requesting entity is triggered to determine its current state by an access-control entity, which compares the current state with the approved state and allows access by the requesting entity to the asset only if the current state is the same as the approved state. In a pre-authorization procedure, one or both of the entities issues a data set challenge to the other, which then validates the challenge via the event validation system and returns this validation to the challenging entity, which then checks the validation to see if it is correct. Data sets may be validated, for example, with hash tree based signatures or blockchain entries.

Abstract: Whenever users receive or transfer a copy of any of a set of documents, prior verification of the document is enforced by an administrative system, which associates verification metadata with the copy. As each copy is itself copied, possibly modified, and transferred, updated verification metadata is included with the previous verification metadata to form a verification lineage chain, which can later be examined to determine the circumstances of any verification failure. Documents are preferably verified by comparing the digital signature of the current copy with the signature of a reference copy. Documents may be signed by submitting them as transactions to a blockchain, with the blockchain receipt comprising the digital signature of the respective document.

Abstract: Whenever users receive or transfer a copy of any of a set of documents, prior verification of the document is enforced by an administrative system, which associates verification metadata with the copy. As each copy is itself copied and transferred, updated verification metadata is included with the previous verification metadata to form a verification lineage chain, which can later be examined to determine the circumstances of any verification failure. Documents are preferably verified by comparing the digital signature of the current copy with the signature of a reference copy. Documents may be signed by submitting them as input records to a distributed, keyless, hash tree infrastructure.

Abstract: Location data from one or more geolocation engines such as GPS, a system that determines location from relative signal strengths or transit times, etc., within and/or connected to a device, such as a mobile phone, vehicle, movable electronic device, computer, etc., is included in a digital record that submitted to obtain a digital signature such that the presence of the device at the particular location can later be proven. The digital record may include data that encodes a message, as well as other parameters such as time. The digital signature encodes recomputation parameters of a hash tree signature infrastructure to a highest level value, a function of which is submitted as a transaction in a blockchain.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.

Abstract: An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.