Abstract: Techniques are provided for monitoring a database system. A set of data elements may be read from a database system into a device. The device may be external to the database system. From the device, a set of analysis operations are performed on the data elements in order to identify if any of the date elements satisfy a criteria for being considered potentially anomalous. A notification is signaled if potentially anomalous data is identified.

Abstract: A multi-step signing system and method uses multiple signing devices to affix a single signature which can be verified using a single public verification key. Each signing device posesses a share of the signature key and affixes a partial signature in response to authorization from a plurality of authorizing agents. In a serial embodiment, after a first partial signature has been affixed, a second signing device exponentiates the first partial signature. In a parallel embodiment, each signing device affixes a partial signature, and the plurality of partial signatures are multiplied together to form the final signature. Security of the system is enhanced by distributing capability to affix signatures among a plurality of signing devices and by distributing authority us affix a partial signature amond a plurality of authorizing agents.

Abstract: A revocation notification system for a public key certificate and associated method are provided. At the time of issuance, a CA requests and receives from an independent revocation service provider entity a THV corresponding to an IRV under the sole control of said revocation service provider. It then embeds such THV into the public key certificate and digitally signs the public key certificate with a private key. An entity requests revocation from the revocation service provider. The revocation service provider ceases publication of valid PFI updates for the public key certificate.

Abstract: A method is provided for communicating authenticated information concerning a digital public key certificate. A hash-tree data structure is created containing a pre-defined list of possible information, such as authorizations, restrictions, privileges, or validity period notices. The list items may include text and coded values. Each list entry is prefixed with a different random data (blocker) value that is securely stored and infeasible to guess. Each list item is hashed to produce a leaf hash, the leaf hashes are combined to produce a hash tree, and the root node of said tree is embedded into a digital certificate or message that is signed using a private key. In response to a request for authenticated information concerning a digital public key certificate, the certificate authority releases the relevant list item, its blocker value, and other hash values sufficient to authenticate the list item using the root node embedded in the digital certificate.

Abstract: Techniques are provided for monitoring a database system. A set of data elements may be read from a database system into a device. The device may be external to the database system. From the device, a set of analysis operations are performed on the data elements in order to identify if any of the date elements satisfy a criteria for being considered potentially anomalous. A notification is signaled if potentially anomalous data is identified.