Abstract: Systems and methods described herein securely compute private data on a cloud platform. A network device in the cloud platform obtains a product or service description from a first user. The description includes a combination of public data and encrypted private data based on a first encryption key. The network device receives a query from an end device of a second user and retrieves, based on the query, the product or service description. The network device forwards the description to a trusted execution environment (TEE) instance for decryption of the encrypted private data, processing of the private data, and re-encryption of the private data with a second encryption key. The network device receives the re-encrypted private data from the TEE instance and assembles the re-encrypted private data and the public data into a query response for presentation on the end device. The network device sends, to the end device, the query response including the re-encrypted private data and the public data.

Abstract: A network device receives a smart contract for permissions to access a service, wherein the smart contract is in an initial block for authorizations in a shared ledger. The network device receives, from an authorization server device, an update to the shared ledger, wherein the update is a proposed block in the shared ledger requiring validation. The network device stores, in a local memory, a copy of the shared ledger with the update, when the update is validated by the distributed consensus network. The network device receives, from a client device, an item request for an item associated with the service, wherein the item request includes a client identifier. The network device identifies if there is match of the client identifier and the item in the copy of the shared ledger and sends, to the client device, the item when there is match of the client identifier and the item.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is first initiated to authenticate, via iris, a person claiming to be an authorized user, in which a first set of signals is randomly generated for controlling light strobing to be applied to the iris of the person for detecting liveness of the iris. A second set of signals is accordingly generated for controlling iris picture capturing synchronized with the light strobing. The light strobing is applied to the person via strobes generated based on the first set of signals and pictures of the iris of the person are acquired, based on the second set of signals, that are synchronized with the light strobing. Whether the person is live is then determined based on the synchronized pictures acquired when the light strobing is applied.

Abstract: A device determines, based on location verification data that has been received, that the device is indoors at a first geographic location. The device determines a base measured barometric pressure, and an initial floor that the device is located on in a structure that includes the first geographic location. The device determines an adjusted measured barometric pressure for a second geographic location based on a second measured barometric pressure for the second geographic location and one or more reference barometric pressures that are associated with a reference location. The device determines an altitude for the second geographic location based on the base measured barometric pressure and the adjusted measured barometric pressures. The device causes a server to predict a floor that the device is located on at the second geographic location and to provide floor data that identifies the floor to an interface that is accessible to the device.

Abstract: A network device receives a smart contract for permissions to access a service, wherein the smart contract is in an initial block for authorizations in a shared ledger. The network device receives, from an authorization server device, an update to the shared ledger, wherein the update is a proposed block in the shared ledger requiring validation. The network device stores, in a local memory, a copy of the shared ledger with the update, when the update is validated by the distributed consensus network. The network device receives, from a client device, an item request for an item associated with the service, wherein the item request includes a client identifier. The network device identifies if there is match of the client identifier and the item in the copy of the shared ledger and sends, to the client device, the item when there is match of the client identifier and the item.

Abstract: A microservice node can include a network real-time kinematics (RTK) device to receive raw satellite data associated with a physical reference station via a first message in a first message queue, to receive static virtual location data associated with a static virtual reference station (VRS) agent, to generate corrections data for the static VRS agent based on the raw satellite data and the static virtual location data, and to transmit the corrections data to the static VRS agent. The microservice node can include the static VRS agent to publish the corrections data in a second message in a second message queue. The microservice node can include an adapter device to determine that the client device is located within a geographic area associated with the static VRS agent and to transmit the corrections data from the second message queue to the client device.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a trusted entity. A request is first received for validating one or more data items related to a record owner in order to carry out a transaction between the record owner and a service provider. With respect to the one or more data items, at least one access limitation associated therewith is determined. A cloaked identifier is generated for the request with information related to the transaction and the one or more data items incorporated therein and sent to the record owner to proceed with the validation.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a transaction engine. A request is received from a record owner for validating one or more data items related to a record owner in order to carry out a transaction involving the record owner and a service provider. A trusted entity that is in possession of the one or more data items is determined and a request is sent to the trusted entity with first information related to the record owner. A cloaked identifier is obtained where the cloaked identifier is generated in connection with the request for validating the one or more data items. The obtained cloaked identifier is then forwarded to the record owner.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management associated with a record owner. A request is first received from a service provider for validating one or more data items in order to carry out a transaction between the record owner and the service provider. The record owner performs authentication required and send the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items. When a cloaked identifier to be used for validating the one or more data items is received from the trusted party, it is sent to the service provider for the service provider to use for validating the one or more data items.

Abstract: Systems and methods for blockchain ledger growth management using separation of a blockchain ledger into multiple blockchain ledgers (each ledger having a state that can be tracked and used). The systems and methods also include linking the separated ledgers by utilizing a linking application and smart contracts added to the separated ledgers.

Abstract: The present teaching relates to method, system, medium and implementation for secure transaction. A transaction package is received from a trusted entity, which is generated by a trusted entity in response to a request for validating one or more data items related to a record owner in order to carry out a transaction involving the record owner and a service provider and incorporates at least one access limitation associated with the one or more data items. A transaction package identifier is provided to the trusted entity, which uniquely identifies the transaction package and is used to store the transaction package.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a service provider. A request is first received for carrying out a transaction with a user and one or more data items associated with the user are then determined that need to be validated prior to the transaction. A request is then sent to the user seeking to validate the one or more data items. When a cloaked identifier is received from the user with information related to a trusted party, the cloaked identifier is then sent to the trusted party with a request for a validation response. When the validation response is received with an indication that the one or more data items are validated, the transaction with the user is carried out.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is first initiated to authenticate, via iris, a person claiming to be an authorized user, in which a first set of signals is randomly generated for controlling light strobing to be applied to the iris of the person for detecting liveness of the iris. A second set of signals is accordingly generated for controlling iris picture capturing synchronized with the light strobing. The light strobing is applied to the person via strobes generated based on the first set of signals and pictures of the iris of the person are acquired, based on the second set of signals, that are synchronized with the light strobing. Whether the person is live is then determined based on the synchronized pictures acquired when the light strobing is applied.

Abstract: The present teaching relates to method, system, medium, and implementation for biometric authentication in secure data management. Authentication is initiated for a person claiming to be a record owner prior to a transaction between the record owner and a service provider. Biometric based authentication of the person is performed by detecting liveness of the person and authenticating an identity of the person based on biometric information of the person. Upon successful authentication of the person, a trusted party processes a request directed to a trusted entity to validate one or more data items related to the record owner in order to proceed with the transaction and forward a cloaked identifier obtained based on the request, where the cloaked identifier is to be used by the service provider to seek a validation response with regard to the one or more data items from the trusted party.

Abstract: Technologies for compressing a blockchain. In some examples, the technologies include removing selected blocks within a blockchain, and replacing the selected blocks with a summary block and a padding block. Each block of the selected blocks includes data in a certain state (such as data in an obsolete state). The technologies can include generating the summary block and padding blocks according to the data in the selected blocks and an original root hash included in the selected blocks and other blocks of the blockchain. The generating of the summary and padding blocks can include generating a new root hash in the summary and padding blocks that only replaces the original root hash in the summary and padding blocks. The generation of the new root hash can be based on a part of a header of a non-selected block of the blockchain directly linked to an end block of selected blocks.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is initiated to authenticate, via iris, a person claiming to be an authorized user. A trajectory is determined with respect to a display visible to the person. A plurality of focus dots are generated with corresponding coordinates on the trajectory with respect to the display and rendered to the person on the display in accordance with the corresponding coordinates during a specified period of time. A plurality of pictures of the iris of the person are captured during the period of time and used to determine whether the person is live based on the captured plurality of pictures of the iris of the person.

Abstract: A system can include a producer device to receive reference data from a reference station. The system can include a queue device to store a reference message, corresponding to the reference data, in a message queue. The system can include a mapping device to store mapping information indicating that the message queue is associated with the reference station. The system can include a consumer device to identify the message queue as being associated with a microservice to be provided to a client device based on a microservice request. The message queue can be identified based on the mapping information. The consumer device can obtain the reference message from the message queue, generate corrections data associated with the client device, and provide the corrections data.

Abstract: A network device receives a first application programming interface (API) call from an application. The first API call requests a micro-service of a blockchain-based technology. The blockchain-based technology includes use of a shared ledger among participating nodes in a distributed consensus network. The micro-service provides a function for the application. The network device sends, in response to the first API call, a second API call to one of the participating nodes. The second API call initiates a framework module of a multiple of framework modules in the participating nodes. The network device receives, from the one of the participating nodes, a response to the second API call, the response indicating consensus of the participating nodes. The network device generates, based on the response to the second API call, a reply to the first API call.

Abstract: A network device receives a smart contract for permissions to access a service, wherein the smart contract is in an initial block for authorizations in a shared ledger. The network device receives, from an authorization server device, an update to the shared ledger, wherein the update is a proposed block in the shared ledger requiring validation. The network device stores, in a local memory, a copy of the shared ledger with the update, when the update is validated by the distributed consensus network. The network device receives, from a client device, an item request for an item associated with the service, wherein the item request includes a client identifier. The network device identifies if there is match of the client identifier and the item in the copy of the shared ledger and sends, to the client device, the item when there is match of the client identifier and the item.