Abstract: Multi-party consent to performance of an action is securely registered by receiving from at least one consent requesting entity (CRE) a consent action request (CAR), which is matched with a consent policy. The policy may specify a plurality of consent voting entities (CVE), and direct confirmation of registration of an identity of each CVE in a blockchain. A consent request (CR) may then be issued to the CVEs. Consent request responses (CRRs) from the CVEs are then compared with at least one condition in the consent policy. A representation of a state of the CRRs is relative to the consent policy is registered in the blockchain. If the policy condition(s) is satisfied, a subject entity may be signaled to perform the action corresponding to the CAR, and a state indication of performance of the action may also be registered in the blockchain.

Abstract: A distributed hash tree-based authentication system for digital input records has more than one upper-level core node, each of which receives at least one uppermost value from aggregators. Communicating with each other about which aggregator values they have received, the nodes try to reach agreement as to which of these values should be included in duplicated current intra-node hash tree evaluations so as to form a consistent top-level value used as the basis for digital signatures associated with the digital input records. The top-level value is then entered either directly, or after combination with other top-level values over a period, into a block of a blockchain.

Abstract: Control of access by a requesting entity to an asset includes defining an approved state of the requesting entity. A validation of a representation of the approved state of in a non-repudiatable form in obtained from an event validation system. The requesting entity is triggered to determine its current state by an access-control entity, which compares the current state with the approved state and allows access by the requesting entity to the asset only if the current state is the same as the approved state. In a pre-authorization procedure, one or both of the entities issues a data set challenge to the other, which then validates the challenge via the event validation system and returns this validation to the challenging entity, which then checks the validation to see if it is correct. Data sets may be validated, for example, with hash tree based signatures or blockchain entries.

Abstract: A distributed hash tree-based authentication system for digital input records has more than one upper-level core node, each of which receives at least one uppermost value from aggregators. Communicating with each other about which aggregator values they have received, the nodes try to reach agreement as to which of these values should be included in duplicated current intra-node hash tree evaluations so as to form a consistent top-level value used as the basis for digital signatures associated with the digital input records.

Abstract: A client system is configured to obtain signatures for digital input records. An application program interface reformats each digital record, and this is used as an argument to a cryptographic hash function, from which a signature request is formed. The signature request is then submitted to a keyless, distributed hash tree infrastructure system, which returns a signature that includes recomputation values enabling recomputation from the result of the cryptographic hash function upward through the hash tree infrastructure to a root hash value at a calendar period corresponding to a time during which the signature request was originally submitted. An arbitrary subsequent test digital record is considered authenticated if, applying the cryptographic hash function to it, along with any other parameters included in the original computation, and recomputing an uppermost value using the recomputation values, the same composite calendar value is attained as when it was originally computed.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.

Abstract: An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.

Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.

Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: Location data from one or more geolocation engines such as GPS, a system that determines location from relative signal strengths or transit times, etc., within and/or connected to a device, such as a mobile phone, vehicle, movable electronic device, computer, etc., is included in a digital record that submitted to obtain a digital signature such that the presence of the device at the particular location can later be proven. The digital record may include data that encodes a message, as well as other parameters such as time. The digital signature may include recomputation parameters for recomputing a verifying calendar value, formed by a keyless, hash tree-based signing infrastructure as an uppermost hash value in a calendar period.

Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.

Abstract: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.