Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

An autonomous distributed wise area network (AD-WAN) includes several nodes, where each node connects a local area network to an open wide area network, and provides tunnels over the open wide area network to other nodes in the AD-WAN so that computing resources behind each node can communicate as if they were located on a common intranet. Each node has a blockchain wallet and receives updates to a private permissioned blockchain ledger for that AD-WAN. The updates are provided by a control node. Set up, and subsequent change to the AD-WAN are commenced via a customer portal which provides order information to the control node, where the control node processes the order information and generates a blockchain update that informs the affected nodes in the AD-WAN as to what changes are to be made. As a result, the blockchain provides both control plane and order management operation of the AD-WAN.

In one example an apparatus comprises accelerator logic to pre-compute at least a portion of a message representative, hash logic to generate the message representative based on an input message, and signature logic to generate a signature to be transmitted in association with the message representative, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and determine whether the message representative satisfies a target threshold allocation of computational costs between a cost to generate the signature and a cost to verify the signature. Other examples may be described.

A method comprises receiving a first outbound request, from an internal user account of an internal platform, indicating a first action to be performed by a first third-party user account of a first third-party platform. In response to authenticating the first outbound request, the method further comprises sending an application programming interface (API) request to the first third-party platform to perform the first action on the first third-party platform on behalf of the internal user account. The method further comprises receiving a first inbound request, from the first third-party user account, indicating a second action to be performed on behalf of the internal user account on the internal platform. In response to authenticating the first inbound request, the method further comprises sending an internal request to the internal platform to perform the second action on the internal platform on behalf of the first third-party user account.

Systems and methods are disclosed with respect to using a blockchain for managing the subrogation claim process related to a vehicle collision, in particular, utilizing evidence oracles as part of the subrogation process. An exemplary embodiment includes receiving recorded data from one or more connected devices at a geographic location; analyzing the recorded data, wherein analyzing the recorded data includes determining that an collision has occurred involving one or more vehicles; generating a transaction including the data indicative of the collision based upon the analysis; and transmitting the transaction to at least one other participant in the distributed ledger network.

The disclosed technology teaches confirming proper deployment of sensors, with an authorization server (AS) issuing to a first client a Macaroon access token (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. The client modifies the MAT to produce multiple instances by appending caveats that add a deployment location to each of the instances, and applies a message authentication code (MAC) chaining algorithm to generate updated signatures to include in the instances of a MAT with caveats (MATwC). The first client forwards the multiple instances of the MATwC to respective sensor instances, and a second client receives, from the sensor instances, sensed data and location indicative data, accompanied by respective MATwC instances. The second client verifies that the location indicative data is consistent with the deployment location caveat in the respective MATwC and utilizes instances of the sensed data that are verified as consistent.

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

The disclosed technology teaches confirming delegation of authorization from an authorization server (AS) by a client to a service, including an AS issuing an OAuth2 access token in the form of a Macaroon (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. Included is the client modifying the OA2 access token by appending caveats that narrow authorization, and by applying a message authentication code (MAC) chaining algorithm to generate an updated signature to include in the resulting MAT with caveats (MATwC), the client delegating authorization to a service by forwarding the MATwC to the service and the service using the MATwC to access a resource server (RS), the RS passing the MATwC to the AS, and the AS determining authenticity of the MATwC as a bearer token and evaluating scope of authorization from the MAT as narrowed by the caveats, and reporting results.

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.

Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.