Abstract: A computer implemented method, system, and program product comprising examining points in time in each journal of each of the replication sites, determining certain points of time in each journal of each of the replication sites to be deleted based on a policy, and deleting the certain points of time in each journal of each of the replication sites.

Abstract: A host system may initiate a multiple node exchange of selected values to generate a random selection. The structure of the exchange may allow later verification that no single node had control of the generation of the random selection. Accordingly, the random selection may be unknown prior to the exchange. The host system may then provide the random selection to the device for integration of the random selection during the capture of video. The video may be recorded to a blockchain. Because of the integration with the random selection, the video may be date verifiable, such that the video can be verified to be created after the random selection and before recordation to the blockchain.

Abstract: Systems, methods, apparatus, and articles of manufacture to improve timestamp transition resolution of watermarks are disclosed.

Abstract: An example operation may include one or more of connecting, by a data aggregation node, to a blockchain configured to store data, configuring, by the data aggregation node, a transformation of the data, instantiating, by the data aggregation node, at least one rollup blockchain, transforming, by the data aggregation node, the data based on the configuration, executing, by the data aggregation node, a smart contract to populate the transformed data into the at least one rollup blockchain, and archiving the data on a data store outside of the blockchain.

Abstract: Systems and methods for providing automatic fork protection including determining that a transaction having fork protection was included in a first block that was appended to a blockchain, that a hash of the first block was validated, that a consensus decision was made by validator nodes approving the first block for addition to the blockchain, that a second block was appended to the blockchain after the first block, that the second block comprises a hash that is not based on the first block, that the first block was on a first fork and the second block was on a second fork, that the blockchain was resolved in favor of the second fork, and that the transaction failed as a result of the blockchain being resolved in favor of the second fork. The method including compensating a party that submitted the failed transaction based on the fork protection.

Abstract: A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

Abstract: Techniques for backend-specific cursor tracking are described. In one embodiment, an apparatus may comprise a local database synchronization component operative to initiate a client update at a messaging client on a client device, the client update associated with a specific backend service for a messaging system; retrieve an opaque backend-specific update cursor for the specific backend service; and store an updated opaque backend-specific update cursor for the messaging client; and a local network component operative to send the opaque backend-specific update cursor to the messaging system in association with a client update request; and receive an update package at the messaging client on the client device, the update package comprising the updated opaque backend-specific update cursor. Other embodiments are described and claimed.

Abstract: Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein include a timestamp cycle evaluator to determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark, the timestamp including a set of timestamp symbols. Disclosed example watermark encoding apparatus also include a symbol modifier to modify a subset of data symbols of the watermark based on a further timestamp symbol not included in the set of timestamp symbols of the timestamp, the further timestamp symbol identifying the one of the timestamp cycles to be represented by the timestamp of the watermark. Disclosed example watermark encoding apparatus further include a watermark embedder to embed the watermark in a first piece of media.

Abstract: Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to extend a time range supported by a watermark are disclosed. Example watermark encoding apparatus disclosed herein include a timestamp cycle evaluator to determine which one of a plurality of timestamp cycles is to be represented by a timestamp of a watermark. Disclosed example watermark encoding apparatus also include a symbol swapper to swap at least two symbols of the watermark when the timestamp is to represent a second one of the timestamp cycles but not to swap the at least two symbols of the watermark when the timestamp is to represent a first one of the timestamp cycles. Disclosed example watermark encoding apparatus further include a watermark embedder to embed the watermark in a first piece of media.

Abstract: Systems, methods, and apparatuses for generating a trusted chain code (“TCC”) message. The method includes receiving, by a computing system, an agreement message between a first entity and a second entity. The agreement message may be formatted as a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition. The smart contract includes chain code that corresponds to computer language to execute and corresponds to at least one of the occurrence of the event or the fulfillment of the condition. A chain code manifest is generated. The chain code manifest includes a hash of the chain code of the smart contract. A TCC message is generated including at least the smart contract and a digital signature on at least the chain code manifest. The TCC message is posted to a distributed ledger.

Abstract: An augmented reality user device includes a display, a physical identification verification engine, a gesture confirmation engine, and in interface. The display overlays a virtual file document onto a tangible object. The physical identification verification engine receives biometric data for a witness and confirms the witness's identity. The display displays a gesture motion from the signor. The gesture capture engine captures a gesture motion from the witness. The gesture capture engine generates a witness digital signature based on the captured gesture motion from the witness. The gesture capture engine generates a witness transfer token, the witness transfer token comprising the witness digital signature based on the captured gesture from the witness and the witness identity confirmation token. The interface communicates the witness transfer token to a server.

Abstract: One embodiment facilities user access to a standalone computing device. During operation, the system receives, by the standalone computing device from a mobile computing device associated with a user, a first command to access capabilities of the standalone computing device, wherein the first command includes an ephemeral user identifier which includes an ephemeral key and indicates user-specific metadata, wherein the ephemeral key is generated by a network service, wherein the ephemeral user identifier is digitally signed with a private key of the network service, and wherein the standalone computing device is not directly accessible by the network service. The system verifies, by the standalone computing device using a public key of the network service, that the ephemeral user identifier was generated by the network service. The system executes, by the standalone computing device, the first command based on the user-specific metadata.

Abstract: An entity can disseminate nonces by introducing them into various aspects of network traffic, and then listening for them, thereby detecting eavesdroppers on the Internet. A nonce may be numeric, alphanumeric, or otherwise; nonces are contextually appropriate to how they are disseminated. Preferably, a nonce is disseminated by incorporating it into some aspect of network traffic. For example, a nonce can be placed in a network identifier such as an IP address or domain name label. Correlating the circumstances under which the nonce was disseminated and under which it was observed to “propagate”, intelligence about who is eavesdropping on what portions of the Internet can be derived. Such intelligence can be put to many uses, including reporting on eavesdroppers, routing traffic around eavesdroppers, developing reputation scores, and adopting enhanced obfuscation/privacy/security techniques.

Abstract: Systems and methods for ensuring data security. A MAC is computed sequentially for each selected message from a data log that contains at least two messages. To build a data block, a preset encryption key is used for a first message and an encryption key for the previous message is used for subsequent messages. A determination that the data log is compromised can be made based on MAC data block data and an independent calculation of a MAC.

Abstract: A method for generating a blockchain configured for fast navigation includes: storing a blockchain comprised of a plurality of blocks, each block including a header comprised of a fast track flag, fast track reference, timestamp, and hash value, where the plurality of blocks includes standard blocks having a deactivated fast track flag and fast track blocks having an activated fast track flag; identifying a most recent fast track block based on the timestamp in the fast track blocks; identifying a most recent overall block based on the timestamp included in the plurality of blocks; generating a fast track hash value via hashing the most recent fast track block; generating a chain hash value via hashing the most recent overall block; and writing a new block to the blockchain including a block header comprised of a timestamp, activated fast track flag, the fast track hash value, and the chain hash value.

Abstract: At least one contemporaneous signature image is captured while a user generates an electronic signature for a document. When one or more contemporaneous signature images maps to a verification image, signature data representative of an electronic signature is associated with the document.

Abstract: A system includes a processor configured to approve an application vehicular-system-access request based on a temporary key and device ID transmitted with the access request matching a stored temporary key and device ID pair previously stored by the processor. This can assist in ensuring that only validated devices and/or applications are requesting access to a vehicle system.

Abstract: A system and method of recording data from a number of devices in a distributed network system in a manner adaptable for auditing the device output. The devices may include one or more control, sensor, edge, or peripheral computing devices physically separate in the distributed network system and in communication with a control server. Such distributed networks systems are common in SCADA or IoT applications. The content stream of data records output from the devices are recorded; a payload stripped stream of data records which are stripped of the payload are recorded and preferably retained by an escrow service. The metadata of the data records includes the hash value of one or more predecessor data records. The hash values are calculated based on the payload and a linkage function, preferably a cryptographic function. A comparison of hash values of the payload stripped stream and the content stream provides the audit ability.

Abstract: Example implementations relate to hiding sensitive data. For example, a device according to the present disclosure may include a scanning portion to receive a scan of a document, and a graphical user interface to receive a command with respect to the sensitive data. The device may also include a processor to analyze the scan of the document, process the command via the graphical user interface, determine the document contains sensitive data in response to the command, and perform an action to hide the sensitive data.

Abstract: Systems, methods, apparatus, and articles of manufacture to improve timestamp transition resolution of watermarks are disclosed. An example system includes a watermark detector to detect watermarks in media and a decoder to decode timestamps from respective ones of the watermarks.

Abstract: A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.

Abstract: A fork in a block chain data structure is identified, the block chain data structure including a first set of blocks each describing a respective transaction. The fork includes a first branch beginning with a first block and a second branch beginning with a different second block. The first branch includes a first set of blocks comprising at least the first block, and the second branch includes a second set of blocks including at least the second block. A determination is made, based on a consensus protocol, that the second branch is to be discarded. Accordingly, a meta block is generated to identify and describe the second branch. The meta block is to be included in a meta block chain data structure. The meta block chain data structure is separate from the block chain data structure and comprises meta blocks to record orphan branches of the block chain data structure.

Abstract: A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization's employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.

Abstract: A method and an apparatus for processing laser point cloud data includes obtaining laser point data to be used by a data receiver comprising an acquisition time; determining a timestamp for representing the acquisition time, and splitting the timestamp into a base timestamp and an offset timestamp; and storing the base timestamp and compressed laser point cloud data. Laser point cloud data output by a laser radar is compressed and comprises only offset timestamps corresponding to respective laser points. The base timestamp and the offset timestamp may be added to obtain the required synchronization precision timestamp, and the data is synchronized. The processing speed of a CPU or GPU for the laser point cloud data is improved while the timestamp precision reaches the precision required by synchronization of the laser point cloud data, and storage space is saved.

Abstract: Tamper-respondent assemblies are provided which include an enclosure assembly mounted to a circuit board and enclosing an electronic component(s) within a secure volume. The enclosure assembly includes an enclosure with an edge surface coupled to the circuit board, and a tamper-respondent sensor. The tamper-respondent sensor covers the edge surface and an inner surface of the enclosure. The sensor includes multiple layers, and at least one tamper-detect circuit. The tamper-detect circuit(s) includes a conductive trace(s) in a tamper-detect pattern covered, at least in part, by at least one layer of the multiple layers. The at least one layer is partially removed to provide exposed regions and unexposed regions of the conductive trace(s) at the edge surface of the enclosure. The conductive trace(s) is contacted where exposed by an adhesive securing the sensor to the circuit board. A monitor circuit monitors the tamper-detect circuit(s) for a tamper event.

Abstract: A method includes in response to receiving an I/O request for the storage system, determining information associated with the I/O request; generating a timestamp associated with the I/O request; and recording the information and the timestamp to reproduce an operation associated with the I/O request. A method comprises: in response to a request for reproducing an I/O operation of the storage system, obtaining information associated with at least one I/O request for the storage system, the information being recorded in response to reception of the at least one I/O request; obtaining at least one timestamp corresponding to the at least one I/O request; and reproducing the operation of the at least one I/O request on the storage system based on the information and the at least one timestamp.

Abstract: A method for communicating between devices is presented. The method includes dividing a first public key of a first device into at least two partial keys, transmitting the at least two partial keys through at least two communication channels having different physical characteristics, receiving a second public key of a second device through at least one of the at least two communication channels, authenticating the second device based on the received second public key, and performing secure communication with the second device using a public key generated based on the received second public key.

Abstract: An augmented reality user device includes a display, a physical identification verification engine, a gesture confirmation engine, and in interface. The display overlays a virtual file document onto a tangible object. The physical identification verification engine receives biometric data for a witness and confirms the witness's identity. The display displays a gesture motion from the signor. The gesture capture engine captures a gesture motion from the witness. The gesture capture engine generates a witness digital signature based on the captured gesture motion from the witness. The gesture capture engine generates a witness transfer token, the witness transfer token comprising the witness digital signature based on the captured gesture from the witness and the witness identity confirmation token. The interface communicates the witness transfer token to a server.

Abstract: At least one contemporaneous signature image is captured while a user generates an electronic signature for a document. When one or more contemporaneous signature images maps to a verification image, signature data representative of an electronic signature is associated with the document.

Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system that utilizes multiple digital signatures, and in some cases multiple public keys within one or more certificates. The improved secure certificate systems allows for additional security by having multiple certification authorities validate the organization as the owner of the organization application (e.g., website, dedicated application, or the like), as well as allowing for the use of the multiple digital signatures and/or certificates to provide seamless verification of the organization application should one or more of the digital signatures and/or certificates become compromised. Moreover, security may be improved by utilizing multiple public keys to encrypt a session key for use in sending and receiving data.

Abstract: A new approach is proposed to support monitoring Perfect Forward Secrecy (PFS) network traffic by utilizing a hardware security module (HSM) appliance. Here, the HSM appliance is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security hardware with embedded firmware, which can be used for management and sharing of ephemeral keys used in a secured PFS communication session between two parties. Specifically, the HSM allows a server to share one or more of its ephemeral keys and/or parameters used in PFS traffic during the session with a third party under specified access rights and/or authorization, wherein the third party can be but is not limited to a traffic monitoring module. The HSM allows the third party to access the ephemeral keys stored on the HSM under the specified access rights and/or authorization so that the third party may decrypt and run analytics on the PFS traffic captured during the session.

Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system for identifying potential authorized and unauthorized interactions between a web browser and a website. The certificate system utilizes stored certification requirements (e.g., pinned certification requirements, third-party certification requirement system, or the like), and compares the stored certification requirements with received certification requirements. The system may notify the user or prevent the interaction between the web browser and website when the stored certification requirements do not meet the received certification requirements (e.g., a threshold requirement of certificates to validate, validated certificates, or the like). The certificate system allows the interaction between the web browser and website when the stored certification requirements meet the received certification requirements and the website is verified based on the certification requirements.

Abstract: A user identifying system includes a user terminal and a server for communicating with the terminal. The terminal includes a detecting means that detects an event of a failure in accessing a service provided by the server, a recording means that records a timestamp indicating time of a failure in accessing the service when the event is detected, and a transmitting means that transmits, to the server, the timestamp and identification information allowing the server to identify the user of the terminal. The server includes a receiving means that receives the identification information and the timestamp transmitted from the transmitting means, and a specifying means that specifies a user identified by the identification information received by the receiving means when access by the terminal related to the timestamp has been made during an inaccessibility period wherein access to a service provided by the server has been unacceptable.

Abstract: There is provided an information processing apparatus. An acquisition unit acquires feature information of a latest block in a block chain when target data is generated. A registration unit registers proof information indicating that the generated target data is correlated with the feature information acquired by the acquisition unit when the target data is generated to a time proof service.

Abstract: Systems, methods, apparatus, and articles of manufacture to improve timestamp transition resolution of watermarks are disclosed. An example system includes a watermark detector to detect watermarks and a decoder to decode timestamps in respective ones of the watermarks. The example system also includes a timestamp transition resolution enhancer that estimates a first transition window indicative of a transition between a first time period to a second time period based on a first one of the timestamps and a second one of the timestamps. The timestamp transition resolution enhancer also estimates, when the first transition window does not satisfy a threshold, a second transition window indicative of a transition between the second time period and a third time period based on the second timestamp and a third one of the timestamps.

Abstract: Aspects of the subject disclosure may include, for example, generating a digital certificate responsive to an authentication of a user according to a dynamic biometric process, associating the digital certificate with a transaction record for the transaction, storing information associated with authentication conditions of the dynamic biometric process, receiving an access request associated with the transaction, and providing access to the transaction record, the information associated with the authentication conditions of the dynamic biometric process or a combination thereof responsive to the access request, where granting of the access is according to transmitting an access acknowledgement to equipment of the user, or obtaining another authentication to allow permission to access or a combination thereof. Other embodiments are disclosed.

Abstract: In one embodiment, a method comprises: receiving, by a requestor device in a data network, authentication request parameters for generating a secured request for a data object, the authentication request parameters comprising a shared encryption key and a prescribed update time interval value; generating, by the requestor device, the secured request based on generating a reduced-resolution time value by dividing a current device timestamp value of the requestor device by the prescribed update time interval value, and encrypting the reduced-resolution time value using the shared encryption key; and outputting, by the requestor device, the secured request specifying an object name identifying the data object and the encrypted reduced-resolution time value, enabling a content supplier device to authenticate the secured request based on determining whether the reduced-resolution time value, multiplied by the prescribed update time interval, substantially matches a corresponding timestamp value of the content supp

Abstract: Storage divisions of a non-volatile storage medium may have a writable state and an unwritable state. Storage divisions may be reclaimed by, inter alia, resetting the storage division from an unwritable state to a writable state. Writable storage divisions may be used to service incoming storage requests. If no writable storage divisions are available, requests may stall. One or more storage divisions may be held in a writable state to avoid stall conditions. This, however, may increase the erase dwell time of the storage divisions, which can result in increased wear and reduce the usable life of the storage device. Storage divisions may be prepared for use such that the storage divisions are transitioned to a writable state such that erase dwell time of the storage divisions is reduced, and the storage divisions are available as needed to service incoming requests.

Abstract: A computing device connects a first client device to a session of a virtual machine. The computing device subsequently connects a second client device to the session in response to a request from the second client device to access the virtual machine. The computing device may then disconnect the first device from the virtual machine session or disable one or more functions associated with the first client device.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: A method for addition of a block to a permissioned blockchain using efficient consensus includes: generating a Merkle root for received transaction messages and hashing the header of the most recent block in a blockchain; hashing a new header consisting of the Merkle root and prior block hash; sending the new header to auditing nodes; receiving approval of the new header from a majority of auditing nodes; informing the auditing nodes of the approval of the new header; and providing the new header and a digital signature to each consensus node for writing of a new block to the blockchain that includes the new header and the received transaction messages.

Abstract: Techniques for personalizing short-term session credentials are described herein. A global session key is provided to a plurality of regions of a computing resource service provider and an account key is also provided to one or more of the plurality of regions based at least in part on those regions being trusted by a customer of the computing resource service provider. When a request for short-term session credentials is received at the trusted region by that customer, a session token is generated and encrypted with a combination of the global session key and the account key, thereby creating a session token that can be uniquely associated with the customer and that may only be used in regions that that customer has designated as trusted regions.

Abstract: A mobile device and methods for sharing content are provided. The mobile device includes a communicator configured to communicate with at least one external device; and a controller configured to control decryption of encrypted content that is shared with the at least one external device, in response to determining that the mobile device is located within a proximate spacing of the at least one external device.

Abstract: An augmented reality user device includes a display, a physical identification verification engine, a gesture confirmation engine, and in interface. The display overlays a virtual file document onto a tangible object. The physical identification verification engine receives biometric data for a witness and confirms the witness's identity. The display displays a gesture motion from the signor. The gesture capture engine captures a gesture motion from the witness. The gesture capture engine generates a witness digital signature based on the captured gesture motion from the witness. The gesture capture engine generates a witness transfer token, the witness transfer token comprising the witness digital signature based on the captured gesture from the witness and the witness identity confirmation token. The interface communicates the witness transfer token to a server.

Abstract: A computer implemented method for use of encrypted identity on a QR code encoded onto a permanent medium. The system includes mechanism to generate the encrypted identity into a QR code. Also, at patient authentication, the encrypted identity in QR code is read through a custom application. The custom application decrypts the double encrypted global ID using the application encryption key. The server decrypts the application decrypted ID using the server key and date of the encryption. The decrypted global ID is then used to match with the patient information.

Abstract: Disclosed are a data management system and computer-readable medium encoded with instructions to execute a method including communicating, by one or more of a document management application supporting integration protocols and a document management module in communication with the document management application, with one or more of a user relationship management system and a document management system using the one or more integration protocols; receiving a request to execute the document management application comprising a previously-created document management process; displaying an indication of a set of documents to be acquired; communicating with a signature acquisition module using the integration protocols configured to acquire a digital signature from a signature input device to create a digitally-signed electronic document; receiving the digitally-signed electronic document; creating an association in the form of a transaction file between user identification information and the digitally-signed el

Abstract: A computing system that provides access to electronic content includes a processor, a data store, and a user interface component. The data store is coupled to the processor and configured to store the electronic content. The user interface component is coupled to the processor and configured to generate a user interface allowing an internal user to generate a sharing request to share electronic content with an external user. The processor is configured to determine whether the internal user is a member of a group that is allowed to externally share content and to inhibit external sharing of the electronic content if the internal user is not a member of the group that is allowed to externally share the electronic content.

Abstract: Systems and methods for configuration of network-based firewall services based on network firewall configuration information provided by one or more sources are provided. The network firewall configuration information can include one or more lists of network address ranges that will be used by the network firewall to process data communications received at a data center. The received network firewall configuration information can be prioritized and filtered to conform to a maximum threshold number of network address ranges that can be configured on a network firewall service. The filtered and processed network address range information can then be utilized to configure one or more network firewall services or application hosted within a data center.

Abstract: A system and method are disclosed that methodologies concerning cryptographically verified blockchain-based contract data inputs and off-chain side-effects. The system and method provide a deterministic and cryptographically verifiable chain of transactions, recorded on a blockchain (distributed ledger) system. This system provides an irrefutable public accounting of the transactions involved in incorporating on-chain contract execution with off-chain data and side-effects (resource actions).

Abstract: One or more contemporaneous signature images are captured while a user generates an electronic signature for a document. When one or more contemporaneous signature images maps to a verification image, signature data representative of an electronic signature is associated with the document.