Abstract: A method includes receiving a first transaction request and a second transaction request including identification of a first trust action and a second trust action requested to be performed with respect to an electronic document. A first trust service provider and a second trust service provider, different from the first trust service provider, are selected to perform the requested first trust action and the second trust action, respectively. Performance of the first trust action and the second trust action on the same electronic document is coordinated with the selected first trust service provider and the second trust action provider. A first proof and a second proof are obtained confirming performance of the requested first trust action and the requested second trust action by the respective trust service providers.

Abstract: A method and a wireless device for exchanging messages with an access point (AP) while the wireless device is in a pre-associated state during which the wireless device is unauthenticated and is not associated with a network. The wireless device receives a beacon from the AP indicating that the AP will protect messages communicated with the wireless device. The wireless device then sends to the AP a message including a request for information from the AP. The wireless device obtains a public key of the AP, and receives an encrypted response to the request and an encrypted symmetric key. The wireless device decrypts the encrypted symmetric key using the public key of the AP to recover a symmetric key that is not encrypted, and decrypts the encrypted response to the request using the decrypted symmetric key to recover a response to the request that is not encrypted.

Abstract: A system for auditing event data includes an interface and a processor. The interface is configured to receive an audit query request and a client key. The processor is configured to determine whether the audit query request is valid; determine whether a chain of events is stored in an audit store, wherein the chain of events is associated with the audit query request; and in response to determining that the chain of events is stored in the audit store, provide data for the audit query request.

Abstract: A system for committing event data includes an interface and a hardware processor. The interface is configured to receive modified input data for desired events. The hardware processor is configured to retrieve the desired events from a desired aggregate; select requested event to modify from the desired aggregate; replace input data of the requested event with the modified input data to create a modified aggregate; replay events of the modified aggregate N to generate a new state of aggregate N; and provide the new state of aggregate N.

Abstract: A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data in response to determining that a size of the compressed instance of data is less than a predetermined threshold; creating a message authentication code (MAC) for the encrypted compressed instance of data; and adding a variable-length zero pad and the MAC to the encrypted compressed instance of data to create a formatted string.

Abstract: In IaaS (Infrastructure as a Service), when it is desirable to delegate the authority to a user outside a system, a recipient of an access token is designated, thereby preventing illegal distribution of the access token. There is provided an access token system including a generator and a verifier. The generator generates, using secret information of a recipient, a recipient-designated access token for which the recipient is designated, and provides the recipient-designated access token to a user. The verifier verifies that the user who makes access using the recipient-designated access token is the designated recipient.

Abstract: An information processing device of one embodiment includes a first memory being volatile, a second memory being non-rewritable and nonvolatile, and a processor. A first program, a second program, and a digital signature for the second program are loaded into the first memory. A third program and a public key are stored in the second memory. Upon satisfaction of a certain condition during execution of the first program, the processor verifies the second program on the basis of the digital signature and the public key, in accordance with the third program. After finding a result of the verification as a pass, the processor analyzes the first program in accordance with the second program. The processor refrains from analyzing the first program after finding the result of the verification as a fail.

Abstract: A device configured to identify a first digital document in a digital document repository, to identify a first graphical code that represents the first digital document, and to send the first graphical code to an approved user device. The device is further configured to obtain a second graphical code that represents a public encryption key for the organization and to extract the public encryption key for an organization from the second graphical code. The device is further configured to obtain a third graphical code from the approved user device. The third graphical code represents a second digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to determine the third graphical code passes validation using the public encryption key for the organization and to store the second digital document in a digital document repository.

Abstract: A method to synchronize tags between two databases comprises receiving a first command to add a tag to a resource in a first database, the tag comprising a key value pair that defines an access privilege associated with the resource. A determination is made that the tag satisfies validation criteria associated with a second database. The tag is stored in the first database, and an entry for the tag is added to a synchronization table, wherein the entry lacks a synchronized flag. A synchronization process is performed between the first database and the second database. A determination is made that the entry of the synchronization table lacks the synchronized flag. A copy of the tag is then written to the second database, and the synchronized flag for the entry in the synchronization table is set.

Abstract: A computer-implemented method may include: receiving, from at least one camera, image data associated with a first user at a public access user computing device; detecting, based on the received image data, by employing a machine learning model trained using a dataset of actions collected from a plurality of previous users, that the first user has moved away from the public access user computing device; automatically encrypting, based upon the detection, a user session associated with the first user, wherein the encrypted user session is configured to be subsequently activated by the first user; and initiating a new generic user session on the public access user computing device for a second user.

Abstract: An example apparatus can include a processor and an external communication component. The external communication component can be coupled to the processor and can be configured to, in response to determining a vehicular entity is within a particular proximity to the external communication component, generate an external private key and an external public key. The external communication component can further provide the external public key and data to a vehicular communication component associated with the vehicular entity. The external communication component can further receive data from the vehicular communication component in response to providing the external public key and data to the vehicular communication component. The external communication component can further decrypt the received data using the external private key, and provide a service to the vehicular entity based on the decrypted received data.

Abstract: A system includes a data module for receiving an original data and a verification fingerprint, and generating a verification data by inserting the verification fingerprint into an embeddable location of the original data. The system also includes an interpretation module for generating data type information of the original data, and deriving an input-enabled location from an embedding location preset list of the original data, wherein the input-enabled location is included in an inactive area of the original data. The system further includes a preset database for storing the embedding location preset list according to the data type information.

Abstract: The system is used by both Producer and Consumer of digital evidence, which use the system to provide a secure and irrefutable record of a transaction involving the use of the digital evidence to produce new protected digital evidentiary content, e.g. transcription, according to a set of rules and limitations on the use of the digital evidence over a specific period of time which expires after a certain time. The newly create evidentiary content along with security and metadata are evaluated, and results used to confirm that the evidence has been maintained according to the terms and conditions.

Abstract: A system and method for sending end-to-end encrypted messages comprising a sender's web browser, a recipient's web browser, and a server. The system and method avoid both the sender and the recipient having to download encryption programs themselves onto their respective computers. In addition, the system and method ensure that unencrypted messages are never disclosed to the server. The system and method operate by first downloading the web browser files, verifying them and then preventing the web browser page from refreshing, thereby preventing malicious code from entering the web browser each time the web browser page would normally be refreshed. The system and method also provide for securely implementing cryptography using client-side scripting in a web browser.

Abstract: A computer-implemented method for identifying possible leakage paths of sensitive information may include (i) discovering an original set of users having permission to read the sensitive information at an originating storage device in an originating location via an original set of information transfer paths and (ii) performing a security action. The security action may include (A) determining an additional set of information transfer paths having information transfer paths other than the information transfer paths already discovered, via which the original set of users can write the sensitive information and (B) identifying an additional set of users having permission to read the sensitive information via the additional set of information transfer paths.

Abstract: A system for querying a state of aggregate N or creating a projection comprises an interface and a processor. The interface is configured to receive request to query the state of the aggregate N or to create a projection up to a target event and receive a client key. The processor is configured to rehash each event input data of the aggregate N with its corresponding sequence number and a prior event signature to generate a hash value; reencrypt the hash value using the client key to create a check signature; determine whether the check signature is equal to the prior event signature; in response to each check signature being equal to the prior event signature, replay the events of the aggregate N to generate and provide the state of the aggregate N; and in response to a check signature not being equal to the prior event signature, indicate that the aggregate N is not valid.

Abstract: In one example, a server obtains a plurality of code modules configured to identify issues in one or more network devices of a target network. Based on the plurality of code modules, the server generates a fingerprinting process configured to produce a fingerprint that includes a plurality of key-value pairs. Each key of the plurality of key-value pairs is a unique key that corresponds to select data associated with raw data obtained from the one or more network devices. Each value of the plurality of key-value pairs represents information regarding the select data. Based further on the plurality of code modules, the server generates an analysis model that is uniquely compatible with the fingerprinting process. The analysis model is configured to identify the issues in the one or more network devices based on the key-value pairs.

Abstract: A secure server is configured to host one or more secure applications. A first user device includes a camera operable to capture a first image of a first user of the first user device. The first user device receives a notification that indicates confirmation of authentication of a second user of a second user device is needed after the second user requests access to the secure server. Following receipt of the notification, the first user device captures a first image of the first user. The first image includes at least a portion of a face of the first user. Facial recognition is performed, and results of facial recognition are provided to the second user device where it is used for multi-person authentication.

Abstract: A system and method for compression and encryption of data includes creating a plurality of hash table keys by applying a bit mask to an encryption key, applying a hashing function to the encryption key, creating a hash table using the hashing function, the hash table including the plurality of hash table keys and index values, the index values each identifying a location of data in the hash table connected to one of the plurality of hash table keys, receiving input data, and encoding the input data to generate encoded data, the encoding including both compression and encryption of the input data using the encryption key and the hash table.

Abstract: A system and method for recording and verifying the data integrity, identity of the recorder, and no-later-than date-of-existence for digital content of an arbitrary size is provided. The provided system and method employ blockchain technology to ensure immutability and accessibility of digital content state, digital content recorder identity, and timestamp of recording for the recorded digital content. The provided system and method also generate meta-data files associated with the recorded digital content that consist of a manifest file, a signature file, and a signature block file. The meta-data files are included into the digital content in order to facilitate the verification of the digital content against the records held in the blockchain.