Abstract: A computer implemented method for authenticating a user, the method including receiving an authentication request from a first computer system, the authentication request including an indication of an identity of the user to be authenticated; receiving one or more authentication factors for verifying the identity of the user, the one or more authentication factors including at least one authentication factor obtained from a second computer system associated with the user having the indicated identity; receiving an auxiliary authentication factor, the auxiliary authentication factor comprising data for verifying that the second computer system is currently in the possession of the user having the indicated identity; and verifying the identity of the user based on the one or more authentication factors and the auxiliary authentication factor.

Abstract: A method of configuring a user device. The method includes sending, from the user device to a node of a distributed ledger network (DLN), the node configured to store a distributed ledger of the DLN, a request for characteristic data indicative of a characteristic associated with a service provider, receiving, at the user device, a response from the node of the DLN in response to the request, and configuring a functionality of the user device accessible to the service provider, based at least in part on the response from the node of the DLN. Further aspects relate to a data processing system, a network, and a method of operating a network.

Abstract: A method for facilitating secure communication between a user device and a network device. Encrypted data from a user device is received at the network device. The encrypted data is encrypted based on first physiological data captured by a first sensor of the user device. The first physiological data is representative of a physiological characteristic of a user of the user device. A second sensor of the network device captures second physiological data representative of the physiological characteristic of the user. A common key for encrypting further data transferred between the user device and the network device is determined, based on the encrypted data and the second physiological data. Further aspects relate to other methods for facilitating secure communication between a user and network device, a network, and a method of operating a network.

Abstract: A method of pairing a user device with a remote system. The user device communicates with an intermediary device via a secure communication channel to cause a secret key generated by the remote system to be received by the user device, from the intermediary device. The secret key is thereby assigned to the user device. The user device establishes communication with the remote system to pair the user device with the remote system using the secret key, such that data sent from the user device to the remote system is encrypted using the secret key and data received by the user device from the remote system is decrypted using the secret key.

Abstract: There is provided a computer implemented method for accessing a resource at a computing device, as well as for controlling access to a resource by a computing device. The computing device receives a policy indicating a set of conditions under which access to the resource is permitted, determines whether each of the conditions are initially present based on an output of one or more sensors of the device, and monitors the one or more sensors to detect a change in the presence of one or more of the conditions. In response to detecting the change in the presence of one or more of the conditions, the computing device determines whether each of the conditions are present. In response to determining that each of the conditions is present, access to the resource is enabled. If at least one of the conditions is not present, access to the resource is prevented.

Abstract: Computer implemented methods for enrolling a user as an authenticated user of a computing device and for authenticating a user of a computing device are provided. The methods make use of behavioral biometrics to determine a set of shares that represent a secret credential according to a secret sharing scheme. The set of shares is initially determined when the user is enrolled based on typical measurements of the user's behavioral biometrics and authentication data indicating how to generate the set of shares from a user's behavioral biometrics is generated. When authenticating the user, the computing device can generate the set of shares based on the authentication data and measurements of the current user's behavioral biometrics. The computing device can use the generated set of shares to recreate a copy of the secret credential with which to authenticate the user.

Abstract: A computer implemented method of access control for a restricted resource of a resource provider in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; defining a cryptocurrency for indicating authorization to access the resource, the cryptocurrency being formed of tradeable units of value associated with records in the blockchain and wherein transfer of the cryptocurrency between records in the blockchain is validated by the miners; receiving a request from an authenticated resource consumer for authorization to access the resource; and submitting a blockchain transaction to the miner components to transfer a quantity of cryptocurrency to a consumer record in the blockchain, the transaction including an identification of

Abstract: A computer implemented method of access control for a user device having at least one component for determining behaviours of the user, the method comprising: defining a training period during which access to the device is determined based on a credential-based authentication scheme wherein each access determination is used to generate an item of training data including at least a result of the credential-based authentication and a behaviour of the user; training a machine learning classifier based on the training data such that the classifier is operable to classify user behaviour as compliant or non-compliant such that compliant behaviour is determined by the classifier to be consistent with prior behaviour for permitting access to the device subsequent to the training period; and responsive to a determination that a behaviour subsequent to the training period is classified as non-compliant, requesting a credential-based authentication of the user and permitting access to the device in response to the crede

Abstract: A computer implemented method of access control for a user device having at least one component for determining behaviors of the user. The method including accessing a machine learning classifier trained based on at least one prior behavior of the user using the device, the classifier classifying user behavior as compliant or non-compliant such that compliant behavior is determined by the classifier to be consistent with prior behavior for permitting access to the device. The method further includes, in response to a determination that a subsequent behavior is classified as non-compliant, requesting a credential-based authentication of the user and permitting access to the device in response to the credential-based authentication, wherein permitting access to the device further includes constructively training the classifier based on the subsequent behavior as a compliant behavior by providing the subsequent behavior as an additional training example.

Abstract: A computer implemented method of access control for a user device having at least one component for determining behaviors of the user. The method including accessing a first machine learning classifier trained based on at least one prior behavior of the user using the device, the classifier classifying user behavior as compliant or non-compliant. The method further including, in response to a determination that a subsequent behavior is classified as non-compliant, accessing a second machine learning classifier trained based on at least one prior behavior of the user using the device where the prior behavior is classified as non-compliant by the first classifier.

Abstract: A computer implemented method for code distribution by a base station to a target device via a network, the distribution being made via one or more distribution servers arranged between the base station and the target device on the network, is disclosed.

Abstract: A computer implemented method for access control for a consumer accessing a restricted resource in a network connected computer system, the method including receiving a continuous sequence of data records relating to use, by the consumer, of the restricted resource, the resource being accessed by the consumer over an access network; continuously comparing the data records with an access control policy for the restricted resource; in response to a determination that the behavior is non-compliant with respect to the policy, generating and communicating a shared secret to the consumer, the shared secret being communicated via a communications channel other than the access network; receiving a response to a challenge from the user via the access network; and notifying the computer system that access to the resource by the consumer should be precluded based on a comparison of the response to the challenge and the shared-secret.

Abstract: A computer implemented method to execute a software application in a network attached computing environment, the application being defined by a set of required software services to constitute the application, the required services being selected from services indicated in a component registry, the method including recording a block to a blockchain data structure, the new block identifying at least a subset of the set of required services; receiving one or more further blocks from the blockchain data structure, each of the further blocks referencing a service provider for providing one or more of the required services; and selecting one or more service providers identified in the blockchain and defining a specification for an application assembler component to assemble the software application, the specification identifying selected service providers.

Abstract: A computer implemented method of a resource provider for access control for a restricted resource in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components including a provider record associated with the resource provider, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; receiving a request from a resource consumer for access to the resource; communicating, to the resource consumer, an indication of a quantity of a cryptocurrency required for access to the resource; and in response to a determination that the required quantity of cryptocurrency is transferred to the provider record in the blockchain, the transfer being caused by a blockchain transaction including an identification of the role and the transaction being validated by a miner component, granting the consumer acc

Abstract: A computer implemented method of a network connected data storage system, the method including receiving, via the network, and storing a data set including a plurality of data items encrypted using an index-based searchable encryption scheme, wherein the searchable encryption scheme has associated a server index and a client index; receiving, via the network, and storing a set of hashed information for each of a plurality of queries of the data set, each item of hashed information including a hash of a query and a hash of an expected result of executing the query using the server index; receiving, via the network, a query from a data requester to retrieve a set of data items from the data store and a hash of an expected result of executing the received query using the server index; generating a result of the received query for the data set based on the server index; and responsive to a comparison of a hash of the generated result, the received hash of the expected result, and the hashes of expected results in

Abstract: A computer implemented method for validating use of a computing resource by a requester software component including: validating a characteristic of the requester; generating a first transaction defining criteria for consumption of the resource by the requester, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester to consume the resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.

Abstract: A computer implemented method to execute a software application in a network attached computing environment, the application being defined by a set of required software services to constitute the application, the required services being selected from services indicated in a component registry, the method including recording a block to a blockchain data structure, the new block identifying at least a subset of the set of required services; receiving one or more further blocks from the blockchain data structure, each of the further blocks referencing a service provider for providing one or more of the required services; and selecting one or more service providers identified in the blockchain and defining a specification for an application assembler component to assemble the software application, the specification identifying selected service providers.

Abstract: A computer implemented method to provide allocation of one or more computing resources for a consumer computing component, each resource having a resource type and being provided by one or more resource providers, and the consumer having associated a quantity of tradeable value constraining an extent of resource consumption.

Abstract: A computer implemented method for code distribution by a base station to a target device via a network, the distribution being made via one or more distribution servers arranged between the base station and the target device on the network, is disclosed.

Abstract: Computer implemented methods for access control for a restricted resource in a computer system and related methods train a hierarchical temporal memory and use cryptocurrency allocations and blockchain records to determine whether resource consumers are authorized or unauthorized to access the restricted resource.