A proof of provenance system receives database logs from an existing system that does not natively provide data provenance verification. The system produces a local representation of the database (or a portion thereof). The system periodically or in response to another triggering event flattens the local representation of the database to generate an aggregated slice, which is stored in an aggregated slice store. A reduced representation of the aggregated slice (e.g., a hash or checksum) is determined and appended to a distributed ledger, such as a blockchain. The provenance of data from the existing system can then be verified by redetermining the reduced representation and comparing it to the version appended to the distributed ledger.

This disclosure provides a method, performed in a resource-constrained device 60, for establishing a secure session with a service 800 delivered by a server terminal 80 using a security protocol over a communication network. The resource-constrained device 60 is registered at a management terminal 70. The method comprises receiving, from the server terminal 80, a credential associated with the service 800. The method comprises sending, to the management terminal 70, a service approval request 803. The service approval request 803 comprises an identifier of the service 800 and/or the credential. The method comprises receiving, from the management terminal 70, a response 804. The response 804 comprises an indication that the service 800 is approved, and a security context for a resumption of the secure session. The secure session has been established by the management terminal 70. The method comprises initiating the resumption of the secure session with the service 800 using the security context.

Methods, devices, and systems are provided for approving a transaction through an exchange of presented user contextual approval information and approval decryption. The user contextual approval information is generated by a user during a transaction, cryptographically signed, and provided to a transaction server. The user contextual data uniquely describes the transaction to the user and can be employed to aid a user in approving or validating the transaction in a subsequent approval action. In particular, a transaction may present the contextual approval information to a user in the form of an approval challenge message. The approval challenge message may be sent to a known user device via the transaction server in the form of a text or multi-media message. The user may respond to the message with an approval or denial response.

A proof of provenance system receives database logs from an existing system that does not natively provide data provenance verification. The system produces a local representation of the database (or a portion thereof). The system periodically or in response to another triggering event flattens the local representation of the database to generate an aggregated slice, which is stored in an aggregated slice store. A reduced representation of the aggregated slice (e.g., a hash or checksum) is determined and appended to a distributed ledger, such as a blockchain. The provenance of data from the existing system can then be verified by redetermining the reduced representation and comparing it to the version appended to the distributed ledger.

An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage.

An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage.

In one example an apparatus comprises receive, in a processing platform, an input request from a remote device comprising a digital signature signing or verify function and determine a selected digital signature scheme for the request based at least in part on a determination of whether the processing platform is to apply a signing function or a verify function to the input request. Other examples may be described.

A signature generation method performed by an electronic apparatus is provided. A message abstract is generated according to a to-be-signed message and eigenvalues of a plurality of signature parties, an eigenvalue of a signature party being based on a random number of the signature party. Public keys and sub signatures of the plurality of signature parties are obtained, and a sub signature of the signature party is based on the random number of the signature party, the message abstract, and private keys of the plurality of signature parties. An aggregation public key is generated according to the public keys of the plurality of signature parties, and a length of the aggregation public key is less than a length of the plurality of public keys after splicing. An aggregation signature is generated according to a sum value of the plurality of sub signatures and the message abstract.

A system includes terminating, at a reverse proxy, a mutual authentication handshake with a client computing system, the handshake including reception by the reverse proxy of a public key certificate associated with the client computing system, generating, by the reverse proxy, of an authentication token based on the public key certificate, receiving, at the reverse proxy, a request to access an application from the client computing system, forwarding the request and the authentication token from the reverse proxy to the application, receiving the request and the authentication token at the application, requesting, by the application, of an authorization token from an OAuth server based on the authentication token, receiving the authorization token from the OAuth server, storing the authorization token in association with a session identifier associated with the request received from the client computing system, and transmitting a response to the client computing system based on the authorization token and the request received from the client computing system.

Methods, devices, and systems are provided for approving a transaction through an exchange of presented user contextual approval information and approval decryption. The user contextual approval information is generated by a user during a transaction, cryptographically signed, and provided to a transaction server. The user contextual data uniquely describes the transaction to the user and can be employed to aid a user in approving or validating the transaction in a subsequent approval action. In particular, a transaction may present the contextual approval information to a user in the form of an approval challenge message. The approval challenge message may be sent to a known user device via the transaction server in the form of a text or multi-media message. The user may respond to the message with an approval or denial response.