Abstract: Data security is provided in the form of a method for digitally signing a data message. A client device issues a issuing a signature request to a server and generates a first signature part as functions of selected ones of first signature parameters. It then receives from the server a second signature part, said second signature part having been computed by the server as functions of second signature parameters and at least one of the first signature parameters. The client device then attempts to verify components of the second signature part and generates a final digital signature of the message only if the components of the second signature part are valid. Part of the computational effort of creating the signature is thus offloaded to the server, even though the server may not be fully trusted.

Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.

Abstract: A set of secret, indexed keys is generated and used in requests from a signing entity to a signing server for digital signature of messages. The signing server maintains a counter as well as a hash tree that aggregates requests during a round into a root value that is stored in an append-only data structure in a repository. Each signing entity is associated with a leaf of the hash tree. After a signature is formed, the counter for the requesting signing entity is incremented, whereby the secret key that was used cannot be used again.

Abstract: Parties communicate input values to a central entity by first decomposing them according to a chosen operation into share values, which are sent either directly or, in a transformed form such as being hashed and/or encrypted, via a bulletin board data structure, to respective nodes, such that no node receives the input value itself. The nodes then combine the share values using the operation and pass these respective node values to the central entity for computation of a global value. The operation of the parties and of the nodes may be made verifiable by aggregating the share values within a party or the received share values within a node using a data and computational structure such as a hash tree or skip list. Digital signing and timestamping may also be applied.

Abstract: Parties communicate input values to a central entity by first decomposing them according to a chosen operation into share values, which are sent either directly or, in a transformed form such as being hashed and/or encrypted, via a bulletin board data structure, to respective nodes, such that no node receives the input value itself. The nodes then combine the share values using the operation and pass these respective node values to the central entity for computation of a global value. The operation of the parties and of the nodes may be made verifiable by aggregating the share values within a party or the received share values within a node using a data and computational structure such as a hash tree or skip list. Digital signing and timestamping may also be applied.

Abstract: Data security is provided in the form of a method for digitally signing a data message. A client device issues a issuing a signature request to a server and generates a first signature part as functions of selected ones of first signature parameters. It then receives from the server a second signature part, said second signature part having been computed by the server as functions of second signature parameters and at least one of the first signature parameters. The client device then attempts to verify components of the second signature part and generates a final digital signature of the message only if the components of the second signature part are valid. Part of the computational effort of creating the signature is thus offloaded to the server, even though the server may not be fully trusted.

Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.

Abstract: A set of secret, indexed keys is generated and used in requests from a signing entity to a signing server for digital signature of messages. The signing server maintains a counter as well as a hash tree that aggregates requests during a round into a root value that is stored in an append-only data structure in a repository. Each signing entity is associated with a leaf of the hash tree. After a signature is formed, the counter for the requesting signing entity is incremented, whereby the secret key that was used cannot be used again.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.

Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.

Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.

Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.

Abstract: Occurrence of an event is detected within a device such as a computer, a communications device, a machine or process component. A non-deterministic time value (NDT) is requested for and associated with the detected event. Each NDT value is generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure.

Abstract: A non-deterministic time value (NDT) is generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. A clock displays the NDT value, which it may derive from a sub-set of the calendar value, and presents the NDT to a user in either visual or audible form, or both. may be presented to is presented may also be generated simply for display by a clock, for example as an NDT time zone.

Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.

Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.

Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.

Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.