Abstract: An authentication method is disclosed in which a knowledge graph is provided for a user, wherein nodes of the knowledge graph represent entities associated with the user and edges of the knowledge graph represent semantic relationships between the entities. The method involves selecting a first node of the knowledge graph, identifying a second node of the knowledge graph such that information associated with the second node has a higher expected obviousness to the user than to an attacker, and generating an authentication challenge for the user based on the information associated with the second node. Also disclosed are a corresponding data processing apparatus, computer program and computer-readable data carrier.

Abstract: A method of managing storage units representing digital assets in a decentralised repository arranged in a peer-to-peer network comprising a plurality of peer computing systems, comprising steps of: selecting at least one storage unit hosted on a first peer computing system, where the selecting is carried out using selection criteria rules encoded in software; performing a cryptographic processing function taking as inputs information related to a current version of a first storage unit and information related to the selected at least one storage unit to generate a result as an output of the cryptographic processing function, where the first storage unit is hosted on a second peer computing system; and storing the result into a new version of the first storage unit.

Abstract: A method of consensus for a distributed transactional database having a logical chain of blocks of stored data is disclosed. Each, block can identify a relationship to a preceding block such that a most recently added block is a current state of the database, and the database stores data relating to a system in execution having associated a measurable characteristic capable of improvement. Each, block of the database can store a specification of a modification to the system and a measure of the characteristic of the system that corresponds to the modification of the system.

Abstract: A computer implemented method of clustering computer systems in a plurality of systems to identify computer systems being subject to a common security occurrence, each computer system generating data records corresponding to security events in respect the systems, the method comprising: receiving a set of one or more data records associated with each computer system, each record including a sequence of data fields; generate a vector embedding for each data field in each record; evaluate a distance of each vector embedding from a reference vector as an indicator of semantic distance; identifying similar data records based on a measure of a degree of similarity of the distances of vector embeddings for each record; defining a cluster of computer systems including computer systems associated with the similar data records for applying protective measures to the computer systems in the cluster.

Abstract: A computer-implemented method of obfuscating user sensor data is provided. The method comprises collecting sensor data from one or more sensors of one or more user devices, assessing the user's current behaviour from the sensor data, and determining that an obfuscation period is required. The method further comprises generating obfuscated sensor data for the one or more sensors, different to the collected sensor data, during the obfuscation period, and providing the obfuscated sensor data to the one or more programs on the one or more user devices.

Abstract: A computer implemented method to protect data input to a user input device from detection, the device including an artificial haptic feedback mechanism arranged to generate an occurrence of haptic feedback for sensing by a user of the device in response to each input gesture on the device by the user, wherein at least a subset of each occurrence of haptic feedback is adjusted with respect to a previous occurrence of haptic feedback by one or more of: a timing of the haptic feedback with respect to a time of occurrence of a corresponding input gesture; an adjustment to a duration of haptic feedback relative to a duration of the previous occurrence of haptic feedback; and a generation of one or more addition occurrences of haptic feedback.

Abstract: A method, computer system and non-transitory computer-readable storage medium are provided for validating a secure authentication token for accessing an application. The method captures a user gesture provided by a user as an authentication token and analyzes the gesture to evaluate a measure of complexity of the gesture. Responsive to a determination that the measure of complexity does not meet a minimum measure of complexity, repeating the capturing and analyzing steps until the gesture meets the defined measure of complexity. Then the user is requested to repeat the approved gesture and the repeated gesture is captured, and it is determined if the repeated gesture meets defined requirements for repeatability. Responsive to a determination that the repeated gesture does not meet the requirements for repeatability, the method is repeated; and, responsive to a determination that the repeated gesture does meet the requirements for repeatability, the gesture is validated as a secure authentication token.

Abstract: A method, computer system and computer program are provided for achieving a secure authentication token for accessing an application. The method captures a user gesture provided by a user as an authentication token and analyses the gesture to evaluate a measure of complexity of the gesture. Responsive to a determination that the measure of complexity does not meet a minimum measure of complexity, an amendment is determined and proposed to the gesture to increase a complexity of the gesture. The capturing and analysing steps are repeated, and, responsive to a determination that the gesture meets the minimum measure of complexity, the gesture is approved as a secure authentication token.

Abstract: A method of managing storage units representing digital assets in a decentralised repository arranged in a peer-to-peer network comprising a plurality of peer computing systems, comprising steps of: selecting at least one storage unit hosted on a first peer computing system, where the selecting is carried out using selection criteria rules encoded in software; performing a cryptographic processing function taking as inputs information related to a current version of a first storage unit and information related to the selected at least one storage unit to generate a result as an output of the cryptographic processing function, where the first storage unit is hosted on a second peer computing system; and storing the result into a new version of the first storage unit.

Abstract: A method of managing a decentralised repository of stored digital units of information, the decentralised repository comprised of a plurality of inter-acting peer-to-peer computing systems, comprising steps of: (a) loading a software agent on each of a plurality of peer-to-peer computing systems, the software agents making up a network of distributed software agents; (b) using the network of distributed software agents to manage the decentralized repository of stored digital units of information; wherein at least one of (i) software agent code for at least one of the software agents, and (ii) a cryptographic digest of such software agent code, is stored in at least one block in the decentralised repository.

Abstract: A method of storing storage units representing digital assets into a decentralised repository arranged in a peer-to-peer network comprising a plurality of peer computing systems, to create an archive of the digital assets, comprising steps of, for each new storage unit being submitted to the archive by a submitting peer computer system: determining a specific quantity of stored existing storage units, each of which the new storage unit is to be cryptographically linked to, where the existing storage units have been previously submitted to the archive; selecting specific ones of all of the existing storage units up to the received specific quantity of stored existing storage units, where the selection has been made from existing storage units stored by specific ones of the peer computing systems; performing cryptographic processing by taking as inputs to such cryptographic processing, the selected specific existing storage units and the new storage unit, and obtaining a result of such cryptographic processing;

Abstract: A method, computer system and computer program are provided for validating a secure authentication token for accessing an application. The method captures a user gesture provided by a user as an authentication token and analyses the gesture to evaluate a measure of complexity of the gesture. Responsive to a determination that the measure of complexity does not meet a minimum measure of complexity, repeating the capturing and analysing steps until the gesture meets the defined measure of complexity. Then the user is requested to repeat the approved gesture and the repeated gesture is captured, and it is determined if the repeated gesture meets defined requirements for repeatability. Responsive to a determination that the repeated gesture does not meet the requirements for repeatability, the method is repeated; and, responsive to a determination that the repeated gesture does meet the requirements for repeatability, the gesture is validated as a secure authentication token.

Abstract: A method, computer system and computer program are provided for achieving a secure authentication token for accessing an application. The method captures a user gesture provided by a user as an authentication token and analyses the gesture to evaluate a measure of complexity of the gesture. Responsive to a determination that the measure of complexity does not meet a minimum measure of complexity, an amendment is determined and proposed to the gesture to increase a complexity of the gesture. The capturing and analysing steps are repeated, and, responsive to a determination that the gesture meets the minimum measure of complexity, the gesture is approved as a secure authentication token.

Abstract: A method for monitoring or validating compliance of the attributes of a device (709) on a network (703), the method including: obtaining, from a distributed ledger technology (701), a first tree data structure including compliance data associated with a network-(703), and a second tree data structure comprising attribute data associated with an electronic device (709); comparing the first tree data structure (705) with the second tree data structure to compare the compliance data with the attribute data; and determining, based on the comparison, whether the electronic device (709) is compliant with the network (703).

Abstract: A method for monitoring or validating device compliance of the attributes of a device on a network, the method including providing a first tree data structure including compliance data associated with a network; performing a comparison of the first tree data structure with a second tree data structure comprising attribute data associated with an electronic device to compare the compliance data with the attribute data; and determining, based on the comparison, whether the electronic device is compliant with the network.

Abstract: A method for processing data performed by one or more processors, the method comprising: receiving input data that comprises a plurality of elements, each element comprising a plurality of attributes; and generating geometric data based on the input data by determining locations in a space for elements of the plurality of elements based on attributes of the elements and generating geometries in the space for the elements at the respective determined locations, wherein determining locations in the space for elements based on attributes of the elements comprises performing clustering on the elements based on attributes of the elements. The method may further comprise generating Geographic Information System, GIS, data by encoding the generated geometric data in a GIS format.

Abstract: A method of recording a network path in a network that includes a plurality of nodes is provided. The network path includes a source node, a destination node, and one or more intermediate nodes. The method includes receiving, at an intermediate node, a transaction, the transaction including a first cryptographic object and signatures of at least a subset of any preceding intermediate nodes in the network path; generating, by the intermediate node, a second cryptographic object based on the first cryptographic object; updating, by the intermediate node, the transaction with a signature of the intermediate node and with the second cryptographic object; and sending, from the intermediate node, the transaction to a succeeding node in the network path. Each cryptographic object allows the transaction to be verified up to the node that generated that cryptographic object. Nodes and a system for implementing the method are also provided.

Abstract: A beacon device transmits a challenge message to each of one or more responder devices over a respective direct communication link, inviting each responder device to prove the existence of its respective direct communication link by transmitting to a respective recipient device, distinct from the beacon device, a respective response message indicating knowledge of contents of the challenge message. A predetermined time period after its transmission of the challenge message, the beacon device transmits a confirmation message indicating knowledge of the contents of the challenge message to a message store. A validation device then compares contents of each response message which preceded the confirmation message in time, if any, to contents of the confirmation message and infers therefrom which of the respective responder devices, if any, received the challenge message over the respective direct communication link.

Abstract: A computer implemented method for detecting an occurrence of an event indicated by a set of data records, the event being associated with an event type, can include receiving a plurality of sets of training data records, each training data record having associated a geospatial indication, wherein the training data records in each set relate to an occurrence of an event of the event type; generating a training bitmap to represent each set of training data records in the plurality of sets, the bitmap defining a representation of a geospatial region including the locations identified by geospatial indications of training data records in the set, and the bitmap including identifications of each training data record in the set mapped into the geospatial region of the bitmap; training an image classifier based on each training bitmap such that the trained classifier is operable to classify an input bitmap as indicating an event of the event type.

Abstract: A computer implemented method for detecting the existence of a condition indicated by a signature vector sequence of events in an input vector sequence of events, each of the signature and input vector sequences being constituted by an ordered sequence of vectors, can include converting the signature vector sequence into an signature ordered numerical sequence in which each vector in the signature vector sequence is converted to a number indicative of a magnitude of the vector such that the signature numerical sequence is a sequence of magnitudes in the order of the signature vector sequence; converting the input vector sequence into an input ordered numerical sequence in which each vector in the input vector sequence is converted to a number indicative of a magnitude of the vector such that the input numerical sequence is a sequence of magnitudes in the order of the input vector sequence; and determining a degree of similarity of the signature numerical sequence and the input numerical sequence to detect the