A media distribution system provides controlled distribution of media owned by various parties hosted on a local media access device. A media image communication system provides a secure method of communications between the media host and the client receiving and viewing the media. The media image communication system converts a typical text message into an image file format to prevent unauthorized access to the message, and to prevent any changes and/or manipulation of the message content.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Techniques are disclosed for securely distributing entropy in a distributed environment. The entropy that is distributed may be quantum entropy that is generated by a quantum entropy generator or source. The true random entropy generated by a trusted entropy generator can be communicated securely among computer systems or hosts using secure communication channels that are set up using a portion of the entropy. The distribution techniques enable computer systems and hosts, which would otherwise not have access to such entropy generated by the trusted entropy source, to have access to the entropy.

A security solution having a system, a method, or a computer program for protecting contents in a target storage device that is arranged to be removable from a storage system having a unique combination of a system complex key (SCK) and a system identification (SID). The solution includes receiving a request to remove the target storage device from the storage system, where the storage system may have a plurality of storage devices each containing the identical combination of system complex key (SCK) and system identification (SID), and receiving a system complex key password (SCKP). The solution includes comparing the system complex key password (SCKP) to the system complex key (SCK) in the storage system, determining whether the system complex key password (SCKP) matches the system complex key (SCK) in the storage system, and suspending all read or write operations to the target storage device when the system complex key password (SCKP) matches the system complex key (SCK) in the storage system.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

Systems and methods to timestamp and authenticate digital documents using a secure ledger are described. Some implementations can include computer-implemented method to timestamp and authenticate electronic documents. The method can include receiving, by a timestamp and authentication server and from a user device, a unique hash value that is generated at the user device based on a source document and a device identifier of the user device, and verifying, by the timestamp and authentication server, the device identifier. The method can also include, upon verifying the device identifier, inserting, by the timestamp and authentication server, the hash value and the device identifier into a secure ledger, and upon successful insertion into the secure ledger, transmitting, from the timestamp and authentication server to the user device, a success status message including a location in the secure ledger where the hash value was inserted.

Systems and methods of providing immutable records, and immutable ordering of records, in a computing system are disclosed. The computing system can be a member of a blockchain network of a plurality of blockchains. Each block can include a cryptographic digest (or hash) conforming to a minimum degree of difficulty, a nonce by which the cryptographic digest was generated in conformation with the degree of difficulty, and a list of cryptographic digests of most recent blocks of participating neighbor blockchains. Blocks may be passed between blockchains of the plurality of blockchains, which enables each member of the blockchain network to verify an immutable record of data transactions free of the mutual trust requirement of a typical blockchain environment. In conjunction with the generation of each block, an event record may be entered into an event log of the computing system wherein the block was generated. The event record, which may contain actionable instructions, requests, etc., may be transmitted to computing systems of participating neighbor blockchains, where actionable items may be acted upon. Further, the event logs of each computing system may be exchanged, compared, and adjusted to reflect the earliest appearance of each block of each participating neighbor blockchain.

A method of generating a deniable commitment of personal data of a user with an unlinkable proof of the commitment of the personal data for securing user privacy in a digital identity system includes receiving the personal data of the user and receiving the commitment of the personal data according to a commitment scheme. An interactive zero-knowledge proof is engaged in with the user so as to verify that the commitment of the personal data opens to the personal data of the user.

Auditing of mortgage documents is faster and simpler. An electronic mortgage application often contains or references a collection of many separate electronic mortgage documents. Electronic data representing an original version of an electronic mortgage document and its current version may be hashed to generate digital signatures. Any auditor may then quickly compare the digital signatures. If the digital signatures match, then the audit reveals that the electronic mortgage document has not changed since its creation. However, if the digital signatures do not match, then the electronic mortgage document has changed since its creation. The auditor may thus flag the electronic mortgage document for additional auditing processes.

A personal blockchain is generated as a cloud-based software service in a blockchain environment. The personal blockchain immutably archives usage of any device, perhaps as requested by a user. However, some of the usage may be authorized for public disclosure, while other usage may be designated as private and restricted from public disclosure. The public disclosure may permit public ledgering by still other blockchains, thus providing two-way public/private ledgering for improved record keeping. Private usage, though, may only be documented by the personal blockchain.