Abstract: A system and method in accordance with examples may include an identity verification kiosk. The identity verification kiosk may include a display comprising a user interface; a card reader; a document scanner; a printer; and a processor in data communication with a server and a database storing user information. The processor may be configured to receive an identification verification request from the user interface; receive user information via the document scanner or the card reader; retrieve user information from the database; verify the identity of a user; and print a unique identifier on a document using the printer.

Abstract: Methods and systems disclosed herein recite the use of linking cryptography-based digital repositories in order to perform blockchain operations in decentralized applications. For example, the system may link a first cryptography-based, storage application (e.g., a first digital wallet) with a second first cryptography-based, storage application (e.g., a second digital wallet). The first cryptography-based, storage application may correspond to a first private key, and wherein the first private key is stored on a first user device. The second cryptography-based, storage application corresponds to a first partial private key and a second partial private key, wherein the first partial private key is stored on a first remote device, and wherein the second partial private key is stored on the first user device.

Abstract: Authentication that leverages a Physical Unclonable Function (PUF) to generate bitstrings, session keys and long-lived keys (LLK).

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols, a first subset of data symbols and a second subset of data symbols. Disclosed example apparatus also modify the first subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, but not modify the second subset of data symbols based on the further timestamp symbol, the further timestamp symbol to identify the one of the plurality of timestamp cycles to be represented by the timestamp of the watermark. Disclosed example apparatus further embed the watermark in a piece of media.

Abstract: A method includes receiving an event, the event associated with a digital signature in a first time-based message comprising a first trusted time stamp token generated using a first hash of digitally signed content from a trusted timing authority; generating a first block on a distributed ledger; generating a second hash of the first trusted time stamp token; receiving a second trusted time stamp token from the trusted timing authority in response to transmitting the second hash to the trusted timing authority; and generating a second block on the distributed ledger; wherein verification of data integrity of the digitally signed content is provided via the first hash of the digitally signed content and second hash of the first trusted time stamp token and via the hash of the first block and a hash of the second block.

Abstract: A blockchain object stores multiple user blockchains, each blockchain comprising an ordered set of records in the blockchain object. The records of a user blockchain have the same blockchain key value. Users can create multiple blockchains by establishing respective blockchain key values for the blockchains. Like blocks in a blockchain, the records in a user blockchain are ordered by a sequence of numbers that is specific to the user blockchain; each user blockchain has its own sequence of numbers. Each record in a user blockchain holds a sequence number in a field of the blockchain object. An efficient mechanism maintains and assigns a sequence number to a record when appended to a user blockchain.

Abstract: Disclosed is a blockchain-based electricity charge settlement method and system for an energy storage station. A trusted terminal directly collects two-way electricity quantity data of an energy storage station, and distributes the two-way electricity quantity data to a blockchain; and a consensus node of a power-consuming enterprise and a consensus node of an energy storage station investment operator in the blockchain perform consensus calculation on the two-way electricity quantity data, and write the two-way electricity quantity data into the blockchain after reaching a consensus. The two-way electricity quantity data is accurate and cannot be tampered with, ensuring authenticity of the two-way electricity quantity data.

Abstract: A method for facilitating a distributed catalog service via a federated blockchain is disclosed. The method includes receiving, via an initiator, a submission, the initiator corresponding to a node from among a plurality of nodes of a distributed ledger; validating, via a validator, the submission, the validator corresponding to another node from among the plurality of nodes of the distributed ledger; determining whether a threshold is satisfied based on a result of the validating; initiating an action when the threshold is satisfied, the action including a modification of the distributed ledger at each of the plurality of nodes according to the submission; and notifying subscribers to the distributed ledger.

Abstract: A system described herein may utilize artificial intelligence/machine learning (“AI/ML”) or other suitable techniques to automatically identify blocks added to or proposed to be added to a blockchain, with conflicting and/or otherwise incompatible information, and to automatically remediate the blockchain based on the identified conflict and/or incompatibility. The model may associate different types of conflicts and/or incompatibilities with different types of remedial measures. The remedial measures may include the rejection of a proposed block, recording a new block that takes precedence or priority over a previously recorded block, or other suitable remedial measures.

Abstract: An example method includes accessing a first block of a first blockchain, the first block comprising first block content; generating an intermediate first block, the intermediate first block comprising the first block of the first blockchain; accessing a second block of the first blockchain, the second block comprising a first backward link comprising a hash of the first block of the first blockchain, and second block content; generating a first forward link comprising a hash of the second block of the first blockchain; generating a first prime block, the first prime block comprising the intermediate first block, and the first forward link; and digitally signing the first block using SignedData cryptographic message syntax to generate a first SignedData message, wherein digitally signing comprises binding the first forward link to the first SignedData message via an attribute of the first SignedData message.

Abstract: Methods and devices are provided for establishing secure communication between the devices without relying on local time information. According to the methods, a client device, which is going to establish the secure communication to a server device, is provided by the server device with a proof of its integrity. The proof of integrity of the server device is issued by a trusted third party (TTP) to which both devices have a trust relation.

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: An electronic device according to various embodiments of the present disclosure includes: at least one sensor; a communication circuit; at least one processor operably coupled with the at least one sensor and the communication circuit; and at least one memory operably coupled with the at least one processor, wherein the memory may store instructions which, when executed, cause the processor to: receive a request for authenticating a user of the electronic device using a designated authentication method; identify whether a device selected as a reference device is a first device among the first device and a second device which are included in the at least one sensor and the communication circuit, and are capable of generating authentication data required for using the designated authentication method to authenticate the user; generate data, when first authentication data for authenticating the user is acquired from the first device, indicating a first time point at which the processor acquired the first authent

Abstract: The present invention relates to information technology and can be used for monitoring the behavior of a user during interaction with content in order to obtain relevant feedback from content consumers, inter alia, based on non-verbal signals. The technical result is that of simplifying the procedure for transmitting user behavior data from a user device to a server, and at the same time speeding up said procedure. The system comprises a server equipped with a database and a central unit for storing conditions of the occurrence of user behavioral events, and at least one user device equipped with a data collection unit, an event recognition unit, and a local unit for storing conditions of the occurrence of user behavioral events. The data collection unit is intended for the collection of primary data.

Abstract: The present disclosure provides a system, device and method for data management. The system includes a processor configured to: receive, from an entity, data packets; receive, from the entity; generate a plurality of shares pertaining to the data packets by applying a threshold scheme to the data packets; and distribute the plurality of shares amongst at least two secure cryptoprocessors, wherein each secure cryptoprocessor allows access to the plurality of shares stored within it upon receipt of a corresponding second password, and wherein the processor is configured to re-generate the data packets from a threshold number of shares out of the plurality of generated shares, the value of the threshold number being predetermined.

Abstract: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.

Abstract: The disclosure provides a method for recording a data block on a blockchain, a leader accounting node, and a storage medium. The method includes: generating a target data block; determining whether the plurality of branch blockchains include a branch blockchain having at least one data block waiting to be added onto the blockchain and for which no consensus has been reached; based on a determination that first branch blockchains have no data block waiting to be added onto the blockchain and for which no consensus has been reached, selecting, from the first branch blockchains, a branch blockchain for recording the target data block; recording a digest value of a previous data block recorded on the selected first branch blockchain in a block header of the target data block; and transmitting the target data block to other accounting nodes in the group of accounting nodes for reaching a consensus.

Abstract: For validation of position, navigation, time (PNT) signals, a hash included in messages with PNT data is used to validate the source of the message without backhaul. Different tags from a hash chain are included in different messages. The receiver is pre-loaded with the root or later trusted hash tag of the chain as created. The hash of any received message may be hashed by the receiver. The result of the hashing will match the pre-loaded or trusted hash tag if the transmitter of the message is a valid source. The PNT data may be validated using a digital signature formed from the PNT data for one or more messages and the hash tag wherein a hash tag of the chain in a subsequently received message is used as the key. The digital signature may be formed from data across multiple messages.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols, a first subset of data symbols and a second subset of data symbols. Disclosed example apparatus also modify the first subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, but not modify the second subset of data symbols based on the further timestamp symbol, the further timestamp symbol to identify the one of the plurality of timestamp cycles to be represented by the timestamp of the watermark. Disclosed example apparatus further embed the watermark in a piece of media.

Abstract: An operation method of a memory system, the operation method may include: determining a garbage collection trigger condition based on current time and usage of the memory system over a set period of time; and performing a garbage collection operation when the garbage collection trigger condition is satisfied.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a first communication request, from a web browser of a user. A request for information is sent to the web browser. A first communication as part of the first conversation is received from the user. A conversation identifier is identified and used to store the conversation of the first user. A request is received from a second, different, responder for the conversation. The conversation identifier is determined based on the request from the second responder. The request for information and first communication are retrieved from a persistent data store and sent to the second responder.

Abstract: A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: A system and method in accordance with examples may include an identity verification kiosk. The identity verification kiosk may include a display comprising a user interface; a card reader; a document scanner; a printer; and a processor in data communication with a server and a database storing user information. The processor may be configured to receive an identification verification request from the user interface; receive user information via the document scanner or the card reader; retrieve user information from the database; verify the identity of a user; and print a unique identifier on a document using the printer.

Abstract: Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A packet from a sender entity to a recipient entity is intercepted. A determination is made whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, and each entity identifier is unique among the plurality of entity identifiers. Rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other. The packet is forwarded to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity. At least one mitigation action is performed when it is determined that the recipient entity is not permitted to communicate with the sender entity.

Abstract: The present disclosure relates to a method and system for enabling TOT security using a decentralized TOT security platform that leverages the advanced communication and blockchain security thread model to protect TOT eco-systems. The platform uses a multi-chain data schema including a device chain and an event chain. The multi-chain data schema uses a time-envelope mechanism to generate an event to connect different device chains and enforce a set of security rules through smart contracts. The method comprising receiving an encrypted block from TOT device with event data and verifying the device signature and identity based on certain rules within the device chain. Further, the method comprising determining access to event chain using previous token, current token and timestamp of the encrypted block and updating the event chain upon access determination. The event chain protects data integrity and confidentiality against malicious packets, unauthorized devices, weak encryption and man-in-the-middle attacks.

Abstract: A distributed key management system, which contains a server, a plurality of key-holding devices adapted to communicate with the server; and a key-requesting device adapted to communicate with the server. Each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key. The server is adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices. The key-requesting device is adapted to obtain the private key from the server. The systems according to the invention provide a zero-trust model key management scheme and would eliminate the risk of key leakage to unauthorized person while providing flexibility of authorizing devices.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark. Disclosed example apparatus also swap at least two symbols of the watermark when the timestamp is to represent a second one of the timestamp cycles, but do not swap the at least two symbols of the watermark when the timestamp is to represent a first one of the timestamp cycles. Disclosed example apparatus further embed the watermark in a first piece of media.

Abstract: A multi-framework blockchain service may be implemented with a common interface to manage different types of blockchain networks. Requests to create a blockchain network may be received via an interface for the control plane that triggers the creation of the blockchain network according to an identified workflow. Various operations to change the blockchain network, including membership changes, node additions, governance changes, analytics changes, and monitoring changes may be allowed or denied by the control plane according to a distributed governance policy in effect for the blockchain network.

Abstract: Disclosed is a method of witnessing electronic signing of a document. The method may include identifying an eligible witness device from a signature request. Furthermore, the witness electronic device may be configured to verify the signor electronic device before making a document available to a signor electronic device based on a witness action from the witness electronic device. Additionally, the method may include transmitting the document to the signor electronic device upon verification of the signor electronic device. Furthermore, the signed document may include the electronic signature of the signor.

Abstract: A computer-implemented method includes displaying first content within an interface of a group-based communication channel of a group-based communication platform on a first user device associated with a member of the group-based communication channel; receiving a request from the first user device to share the first content outside of the group-based communication platform; in response to the request from the first user device, generating a link to the first content for sharing outside of the group-based communication platform; receiving a request to view the first content from a second user device, wherein the request to view the first content originated outside of the group-based communication platform and is associated with the link; and displaying the first content on the second user device.

Abstract: A device includes a memory and a processor. The processor is to execute the instruction to: receive, from a user device, a username of a user and a string; retrieve a first Message Authentication Code (MAC) and a salt from a database in response to receiving the username and the string; send the first MAC, the salt, and one or more parameters to a Hardware Security Module (HSM); receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters and the salt. In addition, the processor to perform one of: authenticate the user when the message indicates that the first MAC matches the second MAC; or not authenticate the user when the message indicates that the first MAC does not match the second MAC.

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: Disclosed are a method and apparatus for processing an account of a blockchain network. The method includes: obtaining an account transaction request associated with a chain account, wherein, the chain account belongs to the blockchain; obtaining an account smart contract from the account transaction request, and writing the account smart contract into a block, wherein, the account smart contract is configured to perform operation on a chain element in the chain account when executed.

Abstract: A method and system of authenticating a device within a network of connected devices that share a ledger of transactions between them under the form of exchanged blockchain messages and comprising: computing a PoK chain (70) based on the enhanced blockchain, receiving an authentication request from an application or a device, the authentication request including one or more PoKs (71), retrieving from the PoK database the PoK chain (70) corresponding to the application or device identified in the authentication request; computing a PoK (71) based on the PoK chain (70) retrieved from the PoK database, comparing it with the PoK (71) included in the authentication request, and if they match, validating the authentication request.

Abstract: A method for obtaining a blockchain structure includes providing a first data block and a second data block, wherein a first data processing rule is assigned to first data of the first data block, and a second data processing rule is assigned to second data of the second data block. The first data processing rule is linked to the second data processing rule to obtain a third data processing rule, wherein the first data processing rule is executed before the second data processing rule when the third data processing rule is executed. The second data processing rule is linked to the first data processing rule to obtain a fourth data processing rule. When the fourth data processing rule is executed, the first data processing rule is executed after the second data processing rule. The third data processing rule is stored in the second data block and the fourth data processing rule is stored in the first data block to obtain the blockchain structure.

Abstract: An entity can disseminate nonces by introducing them into various aspects of network traffic, and then listening for them, thereby detecting eavesdroppers on the Internet. A nonce may be numeric, alphanumeric, or otherwise; nonces are contextually appropriate to how they are disseminated. Preferably, a nonce is disseminated by incorporating it into some aspect of network traffic. For example, a nonce can be placed in a network identifier such as an IP address or domain name label. Correlating the circumstances under which the nonce was disseminated and under which it was observed to “propagate”, intelligence about who is eavesdropping on what portions of the Internet can be derived. Such intelligence can be put to many uses, including reporting on eavesdroppers, routing traffic around eavesdroppers, developing reputation scores, and adopting enhanced obfuscation/privacy/security techniques.

Abstract: A delivery method, device, system, unmanned vehicle, and computer-readable storage medium, relating to the field of logistics technology. The delivery method includes monitoring a state of the unmanned vehicle; verifying a verification code input by the user and received from the unmanned vehicle in response to the unmanned vehicle being not in an abnormal working state, and transmitting an unpacking instruction to the unmanned vehicle in response to successful verification.

Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols, a first subset of data symbols and a second subset of data symbols. Disclosed example apparatus also modify the first subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, but not modify the second subset of data symbols based on the further timestamp symbol, the further timestamp symbol to identify the one of the plurality of timestamp cycles to be represented by the timestamp of the watermark. Disclosed example apparatus further embed the watermark in a piece of media.

Abstract: A first electronic media is received at a first display device. The first display device is located in a first environment. One or more metadata items may be identified based on the first electronic media. The one or more metadata items associated with at least one portion of the first electronic media. One or more users is detected, including a first user, in the first environment. A view permission of the first user is determined based on the one or more metadata items. The view permission indicates whether the first user is permitted to view the at least one portion of the first electronic media. An electronic media update to the first electronic media is performed based on the view permission of the first user. The updated first electronic media is displayed by the first display device after performing the electronic media update.

Abstract: Apparatus, methods, and computer-readable media for facilitating detection of false base stations based on signal times of arrival are disclosed herein. An example method for wireless communication of a UE includes receiving a signal from each of one or more neighboring base stations. The example method also includes determining a system timing associated with the wireless communications network based on a respective time of arrival at which each signal is received from the neighboring base stations. The example method also includes receiving a signal from an FBS, the FBS signal being associated with a PCI different than the PCIs associated with the signals received from each of the neighboring base stations. Additionally, the example method includes identifying a presence of the FBS based on a difference between the system timing and a time of arrival at which the signal is received from the FBS.

Abstract: The invention relates to a method for the tamper-proof storing of data in a bidirectionally linked blockchain structure. The method comprises the steps of creating an additional block Bi to extend the blockchain structure which comprises the data to be stored as payload data creating a bidirectional linking of the additional block Bi to a predefined number of preceding blocks, wherein creating the bidirectional linking comprises performing a backward linking of the additional block to the predefined number of preceding blocks and performing a forward linking of the predefined number of preceding blocks to the additional block.

Abstract: A computational device receives an input/output (I/O) operation directed to a data set. In response to determining that there is a time lock on the data set, a determination is made as to whether a clock of the computational device is providing a correct time. In response to determining that the clock of the computational device is not providing the correct time, the I/O operation is restricted from accessing the data set. In response to determining that the clock of the computational device is providing the correct time, a determination is made from one or more time entries of the time lock whether to provide the I/O operation with access to the data set.

Abstract: Methods, apparatus, systems and articles of manufacture to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark. Disclosed example apparatus also swap at least two symbols of the watermark when the timestamp is to represent a second one of the timestamp cycles, but do not swap the at least two symbols of the watermark when the timestamp is to represent a first one of the timestamp cycles. Disclosed example apparatus further embed the watermark in a first piece of media.

Abstract: For validation of position, navigation, time (PNT) signals, a hash included in messages with PNT data is used to validate the source of the message without backhaul. Different tags from a hash chain are included in different messages. The receiver is pre-loaded with the root or later trusted hash tag of the chain as created. The hash of any received message may be hashed by the receiver. The result of the hashing will match the pre-loaded or trusted hash tag if the transmitter of the message is a valid source. The PNT data may be validated using a digital signature formed from the PNT data for one or more messages and the hash tag wherein a hash tag of the chain in a subsequently received message is used as the key. The digital signature may be formed from data across multiple messages.

Abstract: An SSD includes a controller having a first non-volatile memory in which a power-off timestamp is stored, and a hardware register accessible by a host. The SSD also includes a second non-volatile memory coupled to the controller, the second non-volatile memory storing instructions for at least one boot-up mode of the SSD. Upon power up of the controller and prior to the controller executing the instructions for at least one boot-up mode of the SSD, the controller receives, in the hardware register, a power-on timestamp from the host and determines, based on the power-on timestamp and the stored power-off timestamp, a boot-up mode of the SSD.

Abstract: A system for credentialing a miner for a blockchain system is provided. The system interacts with a Trusted Witness to obtain a witness statement attesting to the identity of the miner. The witness statement includes a miner public key of the miner and a signed miner public key signed using the corresponding miner private key. The system provides to a notary the witness statement and signed bylaws signed using the miner public key. The system receives from the notary a digital identity signed by the notary that includes an identification of the notary, the witness statement, and the signed bylaws. The miner uses the digital identity when participating in mining for the blockchain system.

Abstract: A system detects deviation from a computer operating system boot and operating system load. The system identifies approved operating system boot modules, approved operating system load modules, essential operating system boot components, and essential operating system configuration information, which are then hashed to create an operating system boot profile. The operating system boot modules and the operating system load modules are then executed to start the operating system. The operating system boot profile is used to verify that that there has not be any deviation from the start of the operating system.

Abstract: Aspects create a tree data structure that indexes a collection of documents present in a data repository at a point in time. The tree data structure includes a plurality of nodes. For each such node, a respective root hash value of that node is determined. The root hash value of a leaf node is determined from hash value(s) for element(s) of that node that are keyed to documents in the collection. The root hash value of a parent node is determined from a root hash value for each of its child nodes. For a given document that is purported to be a target document present in the data repository at the point in time, processing is performed that uses the tree data structure in facilitating verification that the given document is the target document. This includes providing a cryptographic proof to demonstrate whether the given document is the target document.