Abstract: Systems and methods for detecting security threats using application execution and connection lineage tracing with embodiments of the invention are disclosed. In one embodiment, detecting suspicious activity in a network includes receiving at a collector server a first activity data including a first set of attributes, combining a first set of context information with the activity data to generate a first activity record, comparing the first activity record to a set of baseline signatures, incrementing a count of a first matching baseline signature when the first activity record has the same values for all attributes, receiving from a second activity data including a third set of attributes, combining a second set of context information with the second activity data to generate a second activity record, and generating an alert when the attributes of the second activity record differ from all baseline signatures.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: Technologies are disclosed herein for secure data access. A client device accesses a slice of data using a ticket retrieved from a permissioned blockchain. To obtain the ticket, the client device submits ticket requests to multiple nodes of the permissioned blockchain. Each request identifies the slice of data, e.g. a particular row in a particular database table. Each request also includes parameters describing the circumstances of the request, such as the requesting user account, the geographic location of the computing device, etc. The permissioned blockchain stores each authorized combination of request parameters and data slices in a different access level block. If an access level block can be found that is associated with the requested slice of data and with all of the supplied parameters, and if that access level block grants permission, then the requested ticket is returned to the client device.

Abstract: Methods and system for embedding digital watermark information into textual data arranged in a table of cells are provided. A first subset of cells are selected and for each primary cell key and cell partition number are determined. A portion of a digital watermark ID code is embedded at an embedding position determined based on the partition number. Methods and systems for extracting digital watermark information from the textual data are also provided. A cell is fetched from the table and the presence of portion of the digital watermark ID code is determined. A primary cell key and cell partition number are determined. A portion of the digital watermark ID code is extracted at the embedding position within the cell, the embedding position determined based on the cell partition number. The digital watermarking systems and methods provide tracking for unauthorized copying of the data while modifying only a subset of the data.

Abstract: A first network node, a client device and methods therein, for enabling acquisition and delivery of a resource to the client device in a communications network. When receiving from the client device a meta interest request indicating an interest for a wanted resource, the first network node extracts from the meta interest request one or more filter parameters related to desirable characteristics of the wanted resource. The first network node then obtains identifiers of resources available in the communications network, based on the one or more filter parameters, and sends the obtained identifiers of resources to the client device in response to the received meta interest request. Thereby, a user of the client device can see which resources with the desirable characteristics are available in the network and acquire one of the resources identified in this way, without having to specify the supplier nor the resource in the initial request.

Abstract: Concepts and technologies disclosed herein are directed to managing enterprise software licenses for virtual network functions (“VNFs”). According to one aspect disclosed herein, a system can acquire a software license for a software asset to be instantiated and used by a cloud computing environment associated with an enterprise. The system can prepare, with an enterprise anchor point (“EAP”) module managed by a vendor of the software asset, a certificate validation process that uses an enterprise security certificate to ensure the software license is valid for an execution instance of the software asset. The system can instantiate the execution instance of the software asset in the cloud computing environment. The system can validate, by the EAP module, the enterprise security certificate to ensure the software asset is instantiated and used in accordance with the software license.

Abstract: A method for verifying that event can take place before the event is executed is disclosed. A verification system is incorporated into an event processing network, such that the verification system can identify newly proposed events and determine whether they can be completed. The verification system can inform the network about verification results through distributed blockchain records. Other changes in event status can also be communicated through and stored in blockchain records.

Abstract: Systems and methods are described for obfuscating variants of content segments. Variants of content segments can be used to encode an identifying sequence in a transmission of content. The variants of the content segments can each include one or more marked frames and one or more unmarked frames. Variations can be introduced into the unmarked frames for each of the variants of the content segments.

Abstract: Systems and methods for maintaining immutable data access logs with privacy are disclosed. In one embodiment, in a cloud provider comprising at least one computer processor, the cloud provider having a plurality of clients, a method for maintaining immutable data access logs with privacy may include: (1) receiving data from a data owner, wherein the data owner is one of the clients; (2) storing the data in cloud storage; (3) executing an action or condition that impacts the data stored in cloud storage; (4) generating a log entry associated with the action or condition; (5) encrypting at least a portion of the log entry with a public key for the data owner; and (6) committing the log entry including the encrypted portion to a distributed ledger so that the committed log entry is immutable and cryptographically verifiable.

Abstract: A non-transitory storage medium including software for detecting malicious objects stored at a cloud-based remote service is described. Herein, the software includes first, second and third logic modules. The first logic module is configured to (i) identify the cloud-based remote service hosting one or more objects and (ii) acquire access the one or more objects stored within the cloud-based remote service. The second logic module is configured to retrieve the one or more objects from the cloud-based remote service and submit the object(s) to a plurality of analytic engines. Each analytic engine is configured to conduct analytics on at least a first object of the object(s) and generate results based on the analytics conducted on at least the first object. The third logic is configured to conduct an analysis of meta-information associated with the first object to determine whether the first object is to be classified as malicious or benign.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: A device may receive content data identifying content created by users and metadata associated with the content. The device may receive rules data identifying rules associated with utilization of the content. The device may utilize the metadata to generate digital DNA signatures for the content in near-real time. The device may store, in a repository, the rules data, the content, the digital DNA signatures, and relationships between the digital DNA signatures. The device may receive, from a client device, new content that is generated based on particular content of the content data and new metadata associated with the new content. The device may utilize the new metadata to generate a new digital DNA signature for the new content. The device may process the new digital DNA signature, the rules data, and the digital DNA signatures to determine whether the new content violates one or more rules of the rules data.

Abstract: A system and method for distributing watermarked media content assets in which a main track of a media content asset includes a first watermarking payload and at least one variant track includes a second watermarking payload. A plurality of composite segments of the media content asset are generated for distribution, wherein each composite segment includes a portion of the main track and may include a corresponding portion of at least one variant track. The composite segments may be uploaded to a delivery node operative to deliver segments responsive to a unique watermarking signature provided by a client controller operating in conjunction with a watermarking session manager.

Abstract: Systems and methods are provided for interacting with an Application Programming Interface (API) using a digital signature. In one embodiment, a system includes one or more processors that execute the instructions to perform operations. The operations may include receiving a first digital signature from a requesting device, the first digital signature being associated with a first set of fields in the database; identifying one or more requested fields; accessing the database to retrieve the information associated with the one or more requested fields, the information being associated with at least one API; and providing a response to the requesting device to cause a requesting application to consume the response from the API.

Abstract: A system includes a control module and a local server. The server is programmed to transmit a command to perform an operation to a plurality of vehicles including a vehicle including the control module. The command including a digital signature that is common across the vehicles. The control module is programmed to receive a temporary value; receive the command; decrypt the digital signature in the command with the temporary value; upon verifying the decrypted digital signature, perform the operation; and upon a metric incrementing to a threshold value, prevent decryption of the digital signature with the temporary value.

Abstract: The present disclosure relates to methods and systems for evaluating a storage medium. The method may include receiving, via a user interface of a host, a user request to evaluate a storage medium coupled to a first controller. The method may also include determining whether there is a first binding history table associated with the storage medium stored in the host. In response to a determination that there is no first binding history table stored in the host, the method may include retrieving a binding history table from the storage medium via the first controller and determining the storage medium as a second-hand storage medium if there is at least one second controller different from the first controller in the binding history table.

Abstract: A method includes verifying a digital signature on a dual-signed message by a relying party computing system. Verifying the digital signature on the dual-signed message includes generating a cryptographic hash of content identified in the dual-signed message and signing the cryptographic hash using public key of a signing party computing system to generate a verifying hash. Verifying the digital signature on the dual-signed message further includes comparing the verifying hash to a value of the dual-signed message. Verifying the digital signature on the dual-signed message further includes, responsive to the verifying hash matching the value of the dual-signed message, determining that the digital signature on the dual-signed message is valid. The method further includes identifying an attribute of the dual-signed message by the relying party computing system.

Abstract: A method for securely terminating a distributed trusted execution environment (TEE) spanning a plurality of work accelerators. After wiping sensitive data from the memory of its accelerator, a root of trust for each accelerator is configured to receive confirmation that the data has been wiped from the processor memory in relevant other accelerators prior to moving on to the next stage at which the TEE on its associated accelerator is terminated. Since the data has been wiped from the other accelerators, even if a third party were to inject malicious code into the accelerator, they would be unable to read out the secret data from the other accelerators since the data has been wiped from those other accelerators. In this way, a mechanism is provided for ensuring that when the distributed TEE is terminated, malicious third parties are unable to read out confidential data from the accelerators.

Abstract: A method for verifying content data to be used in a vehicle is provided. The method includes acquiring content data, acquiring, from partial data divided from the content data, a respective plurality of first hash values, acquiring a signature generated by using the first hash values and a key, acquiring state information that indicates a state of a vehicle, determining an integer N that is greater than or equal to one based on the acquired state information, generating, from N pieces of partial data included in the partial data, respective second hash values, verifying the content data by using each of (a) a subset of the plurality of first hash values respectively generated from partial data other than the N pieces of partial data, (b) the second hash values, and (c) the signature, and outputting information that indicates a result of the verifying.

Abstract: The unique watermark system comprising: identifying a presenter attendee, a first recipient attendee, and a second recipient attendee through a video conferencing session; detecting the presenter attendee sharing the visual content with the first recipient attendee and the second recipient attendee; selecting a first unique watermark and a second unique watermark from the plurality of unique watermarks and assigning them to a first recipient attendee and a second recipient attendee, respectively; inserting the first unique watermark into the visual content for the first recipient attendee and the second unique watermark into the visual content for the second recipient attendee; and transmitting the visual content with the first unique watermark to the first recipient attendee and the visual content with the second unique watermark to the second recipient attendee, wherein the method is performed by one or more special-purpose computing devices for hosting the video conferencing session.

Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

Abstract: A co-browse service implements a resource acquisition process to enable proprietary resources to be accessed on a co-browse session. In some embodiments, co-browse JavaScript in a visitor browser converts some or all of the resource URLs of the DOM to point to the resource acquisition process so that the agent browser seeks to retrieve the URLs referenced resources from the resource acquisition process rather than from the website. The resource acquisition process, in turn, obtains the resources from the website or the visitor browser. Since the resource acquisition process is able to obtain the proprietary resources on behalf of the agent and provide the proprietary resources to the agent during the co-browse session, the agent is able to have a consistent view of the visitor's browser during the co-browse session.

Abstract: A system, method, and computer program product for verifying signatures. The system includes at least one processing component, at least one memory component, and a reference storage comprising a set of reference signatures. The system also includes a model generator configured to generate a signature model based on the set of reference signatures. Further, the system includes a verification component configured to receive a signature, and determine whether the signature is valid.

Abstract: A system and method include obtaining and authenticating image files from users such as insured users at the request of an entity such as an insurance provider. The requesting entity may supply an electronic address of the user and a unique identifier. The system may transmit a link to the electronic address. When selected, the link causes an image authentication application to be installed on a user device. The application takes the images securely and separately from a native camera application. Each image authentication application may be customized for each requesting entity. The authentication server may identify the requesting entity that made the request and identify a corresponding image authentication application to be provided to the electronic address. The images from the image authentication application may be authenticated via reverse image search, time, geolocation, and/or other information. The authenticated images and/or related data may be provided to the requesting entity.

Abstract: A method of transferring access to a digital asset is disclosed. The method comprises receiving a first blockchain transaction (4) from a first participant (6) by each of a plurality of second participants (8), (10). The first participant (6) has a first private key of a first private-public key pair of a cryptography system, and each participant (6), (8), (10) has a respective first share of a second private key of a second private-public key pair of the cryptography system, and the first blockchain transaction is signed with the first private key. Signature of the first blockchain transaction with the first private key is verified by each second participant (8), (10). A respective first share is applied to the first blockchain transaction to generate a respective second share of a second blockchain transaction signed with the second private key.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: A computer implemented method of selectively controlling redacted content from an electronic document having one or more pages is provided. The method includes providing a file record associated with the electronic document and one or more page records within the file record. Each page record corresponds to the one or more pages in the electronic document. For each page with redacted content, one or more redacted page image records are provided and each redacted page image record is associated with an authorization level. The one or more page records are selectively displayed and the one or more redacted page image records are selectively displayed based on the authorization level associated with a user viewing the electronic document.

Abstract: Disclosed are methods and apparatuses for creating a verified mutually authenticated transaction between a service provider and an on-line identity for a physical client person. A dynamic optical mark may be displayed on a device screen where the physical client person is using a web service. The dynamic optical mark may be recognized via scanning the dynamic optical mark by a personal mobile device equipped with a camera. The verified mutually authenticated transaction between the service provider and the on-line identity for the physical client person may be used for sharing personal data of the physical client person by using out-of-band optical mark recognition of the dynamic optical mark. The verified mutually authenticated transaction may be initiated with a time-limited one-time password comprising a sequence of numbers encoded in the dynamic optical mark.

Abstract: Provided is a process including: receiving, with one or more processors, a first request to store a record from a computing entity; encoding, with one or more processors, the record in a first plurality of segments; arranging, with one or more processors, the first plurality of segments in respective content nodes of a first content graph, wherein at least some content nodes of the first content graph have two or more content edges of the first content graph pointing to two or more respective other content nodes of the first content graph; and storing, with one or more processors, the content nodes of the first content graph in a verification graph.

Abstract: A data authorization controlling and matching system includes a receiver, a plurality of display devices, and at least one transmitter. The receiver is used for receiving an image signal. The plurality of display devices are coupled to the receiver for displaying the image signal. The at least one transmitter is coupled to the receiver for outputting the image signal. After a member list saved in the receiver is configured, a data link between the receiver and the at least one transmitter is established. Hardware information of the at least one transmitter is saved in the receiver. The receiver automatically identifies the at least one transmitter according to the hardware information of the at least one transmitter. After the at least one transmitter is identified, the receiver sets authorization information of the at least one transmitter.

Abstract: System and methods for managing dynamic electronic documents on a private distributed ledger comprise establishing a dynamic electronic document comprising a first state object, wherein the state object references a prior approved first transaction; proposing a second transaction comprising as an input the first state object and as an output a transaction command to alter the state object as well as what parameters are required to validate the second transaction; validating the proposed second transaction; and updating the state object on a private distributed ledger to reference the second transaction.

Abstract: The present disclosure describes a computer-implemented platform for managing electronic instruments and electronic endorser verification information in order to validate endorser identity. A generated link and a verification information request are sent in one or more messages targeted a phone number of a computing device associated with a target party. The verification information request includes a request for imagery of the target party captured by the computing device. An endorsed electronic instrument and electronic verification information is received from the computing device, including received imagery data and a time stamp indicating when the received imagery data was captured. The received imagery data is validated at least according to whether the time stamp is sufficiently recent, and whether the received imagery data sufficiently matches expected imagery data of the requesting party based on performing a facial recognition on the received imagery data and the expected imagery data.

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Abstract: An example method is disclosed, for example a method of executing a software module in a computing system, the method comprising executing, in a first processing device of the computing system, a first software module to verify a second software module and to cause a second processing device of the computing system to execute the second software module, executing, in the second processing device, the second software module to execute, in the second processing device, a third software module and to provide a first key of a key pair to the third software module, and protecting, by the second processing device, a memory space associated with the third software module, wherein the memory space contains the first key of the key pair, wherein the first processing device contains a second key of the key pair.

Abstract: A mobile application and a method are described for servicing a second line service (“SLS”) based communication request originating from a subscriber's telecommunications device (“TD”) even if the call signal does not include sufficient information to identify the phone number from which the subscriber initiated the call. The method involves associating the SLS phone number of the subscriber, the primary number of the subscriber and the primary number of a third party via a special relationship number.

Abstract: A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.

Abstract: Systems and methods for media processing and streaming are provided. A method is performed by a Network-Based Media Processing (NBMP) source of a Framework for Live Uplink Streaming (FLUS) system. The method includes obtaining descriptions of capabilities of a FLUS sink via a FLUS source; and sending, to an NBMP workflow manager of the FLUS system via a path that does not include the FLUS source and the FLUS sink, a request to create or modify a workflow of the FLUS system based on the descriptions of the capabilities obtained.

Abstract: In an embodiment of the present invention, users with the appropriate permission can launch a function inside a system in order to anonymize and export the currently loaded study or studies, or one or more studies identified by a search criteria. The data from the studies that were identified is then anonymized on the system. In an embodiment of the present invention, the data from selected studies is anonymized on a server, and only then transmitted to another network device. In an alternative embodiment of the present invention, the data from selected studies is anonymized on a server, and only then stored to a hard disk or other media.

Abstract: The embodiment of the disclosure provides an unlocking control method and related products. The method includes: acquiring an environmental parameter; acquiring first biometric information; determining a first biometric control parameter and second biometric control information corresponding to the environmental parameter; performing a first biometric recognition on the first biometric information according to the first biometric control parameter; when the first biometric information is recognized, acquiring second biometric information and performing a second biometric recognition on the second biometric information according to the second biometric control information; performing a next unlocking process when the second biometric information is recognized. Thus, control parameters of recognition processes can be set suitable for the environment, and recognition processes are controlled based on these control parameters, thereby improving the pass rate and the efficiency of the multi-biometric recognition.

Abstract: A software and/or hardware facility that can be used by content owners to assert ownership of content so that copyright friendly websites and services can take action against copyright piracy effectively, efficiently and is scalable is disclosed. The facility makes available to all content owners watermarking/fingerprinting technology so an identifier (e.g., a unique code) can be embedded in the content (e.g., video/audio portion of each video content asset). The facility utilizes blockchain technology to add information related to each unique identifier in a database and allows an authorized user (e.g., the owner) to update the information through a blockchain transaction.

Abstract: Described processes include: determining portions of instances of a cryptographic token to be allocated to record providers, like providers of an asset indicated by a record, wherein: the portions are determined based on network effects associated with the records the record provider supplied on performance of a computer-implemented network in which both record providers and record consumers participate, patterns indicative of inorganic consumption may be determined from one or more of interactions of individual consumers, interactions of collections of consumers, or consumer interactions in the aggregate for a given provider or record; and the effects on network performance are adjusted responsive to designation of one or more entities as exhibiting inauthentic behavior; and appending to a distributed ledger, records indicating the respective portions, and adjustments, are allocated to record providers.

Abstract: A protection module operates to analyze threats, at the protocol level (e.g., at the HTML level), by intercepting all requests that a browser engine resident in a computing device sends and receives, and the protection agent completes the requests without the help of the browser engine. And then the protection module analyzes and/or modifies the completed data before the browser engine has access to it, to, for example, display it. After performing all of its processing, removing, and/or adding any code as needed, the protection module provides the HTML content to the browser engine, and the browser engine receives responses from the protection agent as if it was speaking to an actual web server, when in fact, browser engine is speaking to an analysis engine of the protection module.

Abstract: Techniques for monitoring for fraudulent login attempts to remote services through an application. The method generally includes receiving a request to connect an application to a remote service. A login attempt counter tracking a number of attempts by a user to connect the application to one or more remote services is incremented. Based on determining that the login attempt counter is less than a maximum number of login attempts predicted to correspond to legitimate login activity in the application, the first username is compared to a second username included in a previous request. A distance is calculated between the first username and the second username, and one or more actions are taken to process the request based on determining whether the calculated distance exceeds a maximum predicted distance between usernames in successive requests that corresponds to legitimate login activity.

Abstract: The present disclosure relates to a method for semantic analysis performed by a computing device in the financial field. The method includes constructing a knowledge graph with a computer device. The method further includes obtaining, by the computer device, information published by the first user on a social network over the network. The method further includes the computer device generating standard information based on the information. The method further includes generating, by the computer device, a user behavior based on the standard information and the knowledge graph. The method further includes searching, by the computer device, for another user with similar user behavior based on the user behavior.

Abstract: An apparatus in one embodiment comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify at least first and second datasets to be scanned to generate a data reduction estimate for a prospective combination of the first and second datasets, to designate a scan criterion to be utilized in the scan of each of the datasets, and for each of a plurality of pages of each of the datasets, to scan the page, where scanning the page comprises performing a computation on the page to obtain a page result, determining whether or not the page result satisfies the designated scan criterion, and responsive to the page result satisfying the designated scan criterion, updating a corresponding entry of a data reduction estimate table for the dataset. The processing device merges contents of the data reduction estimate tables, and generates the data reduction estimate based at least in part on the merged contents.

Abstract: A processing service of a provider network may protect media content from being tampered with when it is transmitted from the provider network/transcoder to untrusted networks (e.g., third-party networks/CDNs) and to a media player. The processing service (e.g., the transcoder) generates a public and a private key. The service uses the private key to digitally sign content portions (e.g., video frames) before distribution to untrusted CDNs. The provider network creates a manifest that includes the public key. To play the media content, the media player obtains a manifest that includes the public key (via a secure/trusted connection with the provider network). The media player may then obtain the media content from an untrusted edge server/CDN and validate it using the public key that was separately obtained from the manifest (to verify the content was not tampered with).

Abstract: A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values.

Abstract: A decentralized public key management system for named data networks based on blockchain, which solves the Compromised Certificate Authority (CA) Problem. The system divides the power of an individual CA among multiple Public Key Miners (PKMiners) that maintain the public key blockchains. The majority rule in name-principal validation allows the present invention to tolerate compromised PKMiners without causing any damage.

Abstract: Disclosed herein is a technique for implementing a secure lock screen on a computing device. The secure lock screen is configured to permit particular applications to display their content—such as main user interfaces (UIs)—while maintaining a desired overall level of security on the computing device. Graphics contexts, which represent drawing destinations associated with the applications, are tagged with entitlement information that indicates whether or not each graphics context should be displayed on the computing device when the computing device is in a locked-mode. Specifically, an application manager tags each application that is initialized, where the tagging is based on a level of entitlement possessed by the application. In turn, a rendering server that manages the graphics contexts can identify the tagged entitlement information and display or suppress the content of the applications in accordance with their entitlements.

Abstract: The present invention relates to an illumination system (1) for illuminating an object (2) located in an object space (8), comprising an illumination unit (3) adapted to emit illumination light (4b) into the object space (8), a distance measuring unit (5) for taking a distance image (41) of the object space (8) with the object (2) located therein, which distance measuring unit is arranged in relation to at least a part of the illumination unit (3) so that it is fixed at this part of the illumination unit, a marker system (6) with a marker emitter unit (66a) for emitting a marker signal (7), and a marker receiver unit (6ab) for detecting at least a portion (7a) of the marker signal (7), wherein the illumination system (1) is configured to localize the object (2) on the basis of the distance image (41) within an area of the object space (8) and individualise the object using the signal portion received with the marker receiver unit (6ab) and to illuminate the object (2) accordingly with the illumination unit (3