Methods and apparatus to provide extended object notation data are disclosed. An example apparatus includes a data handler having a first input to receive object data and a first output to output an object notation key-value pair for the object data; a string processor having a second input coupled to the first output and a second output to convey the object notation key-value pair without string literals; and a hashing and encryption handler having a third input coupled to the second output and a third output to convey the key-value pair signed with a private key, to convey the key-value pair encrypted with a public key, and to convey an indication that the encrypted key-value pair is encrypted in a key of the encrypted key-value pair.

A method for execution by a dispersed storage and task (DST) client module includes determining a storage unit performance level for storage units of a set of storage units. Storage resources of the set of storage units are temporarily selected based on the storage unit performance levels to produce identities of candidate primary storage slots. Identities of candidate primary storage slots are exchanged with another DST client module. Selection of primary storage slots of the candidate primary storage slots is coordinated with the other non-transitory computer readable storage medium to produce identities of selected primary storage slots. Data stored in the set of storage units is accessed using the selected primary storage slots.

A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (cryptokey). When the clear text data is compressible, cryptographic data (cryptodata) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (cryptochecksum) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (cryptodata) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (cryptochecksum) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.

A method is provided for providing a notary service for a file, the method includes the steps in which: (a) when a notary service request for a specific file is obtained, server generates, by using a hash function, or supports the generation of, a message digest of the specific file; and (b) if a predetermined condition is satisfied, the server registers, in a database, or supports the registration of, a representative hash value or a value obtained by processing the representative hash value, the representative hash value being generated by calculating at least one neighboring hash value that matches a specific hash value, wherein the specific hash value is a hash value of the result of encrypting the message digest with a private key of a first user, a private key of a second user and a private key of the server.

A method is provided for providing a notary service for a file, the method includes the steps in which: (a) when a notary service request for a specific file is obtained, a server generates, by using a hash function, or supports the generation of, a message digest of the specific file; and (b) if a predetermined condition is satisfied, the server registers, in a database, or supports the registration of, a representative hash value or a value obtained by processing the representative hash value, the representative hash value being generated by calculating at least one neighboring hash value that matches a specific hash value, wherein the specific hash value is a hash value of the result of encrypting the message digest with a private key of a first user, a private key of a second user and a private key of the server.

A method, system and computer program product for reducing the amount of helper data that needs to be stored using two innovative techniques. The first technique uses bit-error-rate (BER)-aware lossy compression. By treating a fraction of reliable bits as unreliable, it effectively reduces the size of the reliability mask. With the view of practical costs of production-time error characterization, the second technique enables economically feasible across-temperature per-bit BER evaluation for use in a number of fuzzy extractor optimizations based on bit-selection to reduce overall BER (with or without subsequent compression) using room-temperature only production-time characterization. The technique is based on stochastic concentration theory and allows efficiently forming confidence intervals for average across-temperature BER of a selected set of bits. By using these techniques, it is economically feasible to achieve a dramatic reduction in the amount of helper data that needs to be stored in non-volatile memory and/or one-time-programmable memory.

Technologies for secure software update include an update server and one or more client computing devices. The update server generates a software release including release components, such as packages and/or bundles, and a version number. The update server generates an integrity hash tree over the software release and a Lamport one-time signature key pair for each node of the integrity hash tree. The update server generates a Merkle signature scheme authentication tree based on the key pairs and signs each node of the integrity hash tree. The update server signs the root of the authentication tree with an anchor private key. A client computing device downloads one or more release components and verifies the release components with the integrity hash tree, the signatures, and the authentication tree. The client computing device verifies the root of the authentication tree with an anchor public key. Other embodiments are described and claimed.

The invention is particularly related with an encryption method that aims to secure an input data with reduced number of encryption operations. The invention claim the security by using the hardness of the unique decodability of the variable-length non-prefix-free (NPF) codes. The proposed encryption system is operated according to these steps, compression of the input data and coding with the introduced NPF encoding that splits the independent and identically distributed (IID) data to the two stream as code-word boundaries information data, which has all information of boundaries of NPF code words stream, and NPF code words stream which has all payload of encoded IID data except code-word boundaries information and then encrypting the code-word boundaries information without NPF code words stream.

The present disclosure relates to a method for tamper-proof storage of data of a field device operated by means of automation technology, wherein the field device comprises a sensor and/or actuator and an electronic unit, the field device generating data. The method comprises steps of creating at least one transaction containing generated data of the field device and storing the transaction in a data block of Blockchain technology comprising a data field containing stored transactions and a hash value. The method also includes steps of linking the data block to previously created data blocks, storing the data block in a service platform and creating and storing a security data block in the service platform.

In one embodiment, a first apparatus includes a processor and an interface, wherein the interface is operative to receive a request from a second apparatus to commence a keyed-hash message authentication code (HMAC) computation, the processor is operative to perform a first computation computing a first part of the HMAC computation using a secret key K as input yielding a first value, the interface is operative to send the first value to the second apparatus, the interface is operative to receive a second value from the second apparatus, the second value resulting from the second apparatus processing the first value with at least part of a message M, the processor is operative to perform a second computation based on the second value and the secret key K yielding an HMAC value, and the interface is operative to send the HMAC value to the second apparatus.