A computer implemented method for automatically certifying documents with integrity and authenticity guarantees and computer programs thereof. The method comprising: receiving, by a second computer (20), a document (D.sub.o) to be certified, identifying it with metadata and computing a first cryptographic function (h.sub.o); sending, by the second computer (20), the first cryptographic function (h.sub.o) to a third computer (30) hold within a distributed ledger; receiving, by the second computer (20), a message digest (h.sub.ro) corresponding to an identifier of having stored the first cryptographic function (h.sub.o) in the third computer (30); computing, by the second computer (20), a key (K), said computed key (K) being decoded into a watermark, which is applied to the document (D.sub.o) providing a modified document (D.sub.w); sending, by the second computer (20), the modified document (D.sub.w) to the first computer system (10); computing, by the second computer (20), a second cryptographic function (h.sub.w), and sending it and the modified document (D.sub.w) to the third computer (30); the second computer (20) receiving a message digest (h.sub.rw) corresponding to an identifier of having stored the (h.sub.w) and (D.sub.w).

Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a timestamp indicating a time at which an update to a text segment within the textual content is performed to provide an updated text segment; generating, by the computing device, a unique identifier (ID) based on the timestamp and copyright information associated with the textual content, wherein the timestamp, the textual content, the updated text segment, and the copyright information are recorded on a blockchain of a blockchain network; and embedding, by the computing device, the unique ID in at least a portion of the updated text segment to provide an information-embedded updated text segment that enables retrieval of the copyright information associated with the updated text segment from the blockchain based on the unique ID.

An analysis apparatus includes a memory and a processor configured to execute receiving log data transmitted from each device among a plurality of devices connected to a network, via the network; determining, for said each device, which one of a plurality of types of events corresponds to an event occurring in said each device, based on the log data transmitted from said each device; and detecting an occurrence of events across the plurality of devices, based on a comparison of the log data of the plurality of devices related to a plurality of events of a same type of determination results as determined by the determining.

A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

The described technology provides a capability to perform in-session updates to entitlements associated with a user's access to content served by a web application. The content may be from one or more external servers. The technology provides for automatically detecting changes to entitlements, and without requiring a user of an active session to initiate a new session, updating entitlement data in a memory such that subsequent requests for data made by the client in the same active session are serviced using the updated entitlements.

A method for preserving the privacy of sensor data from a smartphone associates the sensor data with heatspots instead of with actual geographic locations. Sensor data is collected from a plurality of sensors installed on the smartphone of a user. The sensor data is grouped by a plurality of heatspots in which the sensor data was sensed by the smartphone. Each heatspot corresponds to a geographic area that has a distinct significance to the user, such as the user's home or workplace. Each of the heatspots is labeled with a unique identifier associated with the corresponding geographic area. The collected sensor data together with the unique identifier of the heatspot in which the sensor data was sensed and a timestamp of when the data was sensed is transmitted from the smartphone to a server. Information identifying the actual geographic area in which the sensor data was sensed is not transmitted.

A computer-implemented index creation method includes obtaining, by a server storing data in a blockchain ledger, an identifier, in which the identifier identifies an attribute value of a data record; determining location information of the data record in the blockchain ledger, in which the location information includes a block height of a data block in which the data record is located and an offset of the data record in the data block; and writing the location information into an index, in which the index stores a correspondence between the location information and the attribute value, the attribute value being used as a primary key in the index.

Techniques are described for transaction-based read and write operations in a distributed system. In an embodiment, an authorization protocol overlaid onto a transaction to control access to each of the data pools. Using the techniques described herein, the DTRS provides authorization mechanism to ensure that the entity, which hosts the data pool, may only access the data set from an originating entity based at least upon the access rules of the originating entity set for the data set. Additionally, the DTRS's read/write transactions keep the data pools of the DTRS in synch with each other, so each data pool stores the same data sets as another data pool of the DTRS. When a data integrity service of an entity generates a new data entry from a user transaction with a client application, a new write request is generated for the DTRS to which the data integrity service belongs. The DTRS receives the data entry and its metadata from the data integrity service and performs steps to update all data pool of the DTRS, in an embodiment.

In one embodiment, a trusted cloud service such as an “electronic vault” may store records of a consumer's electronic data file history. These documents may come from disparate providers and include financial statements and the like. The trusted vault cloud may act as an online notary to certify documents are legitimate and may be trusted. For example, a retailer may dispute whether the consumer paid a debt. To resolve the issue the retailer may access the cloud vault to retrieve a bank statement for the consumer, whereby the bank statement is electronically notarized by the vault cloud and is thus credible to the retailer. The retailer may then see proof the consumer had indeed paid a past debt to the retailer. Other embodiments are described herein.