A method and system for certification and authentication of objects is disclosed herein. The method and system use multiple attestations along with digital ledger technology to provide a digital certificate of authenticity for an object such as a work of art, collectible, or a non-fungible token (NFT).

Techniques for identifying a fraudulent interaction of a user device using time based risk features are described herein. In embodiments, time stamp information provided by an external clock and time units may be maintained by a user device. The user device may include an authentication component that is communicatively coupled to a clock component that generates the time units. In response to conducting an interaction with an access device and user device first time information may be received from the access device. Second time information may be determined based at least in part on the time units from the clock component and the time stamp information. The second time information may be compared to the first time information. An authentication plan for the interaction may be determined based at least in part on the comparison of the second time information to the first time information.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

An indication of a security alert and a context for the security alert is received. The context includes one or more entities related to the context and a timestamp for the security alert. Data sources for the one or more entities are searched during a time window around the timestamp. One or more anomaly detection models are executed to identify anomalies that are related to the security alert based on the context. Identified anomalies for investigation of the security alert are output.

The present disclosure is directed to a method of identifying an infected network node. The method includes identifying a first network node as infected. The method includes collecting a first set of network data from the first network node including anomalous activities performed by the first network node. The method includes generating an anomalous behavior model using the first set of network data. The method includes collecting a second set of network data from a second network node including anomalous activities performed by the second network node. The method includes comparing the second set of data to the generated anomalous behavior model. The method includes determining, from the comparison, that a similarity between first characteristics and second characteristics exceeds a predefined threshold. The method includes ascertaining, based on the determination, the second network node as an infected network node.

Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.

Compact timestamps and related methods, systems and devices are described. An encoder is configured to generate compact timestamps of the disclosure by sampling states of linear feedback shift registers (LFSRs). A decoder may be configured to determine timing information responsive to the compact timestamps.

Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

A system for committing event data includes an interface and a processor. The interface is configured to receive input data and receive a client key. The processor is configured to generate an Nth sequence number; determine an Nth event hash using the input data, an N−1 signature, and the Nth sequence number; encrypt the Nth event hash with the client key to generate an Nth signature; generate an Nth event from the input data, the N−1 signature, the Nth sequence number, and the Nth signature; and, in response to an aggregate N−1 of one or more prior events being valid, apply Nth event onto the aggregate N−1.

Disclosed embodiments are related to technologies for the provision of contact tracing services (CTS) in an affordable and non-intrusive means for individuals to check in and check out of gathering places so that their contact information can be stored and made available to contact tracers. A gathering place operator scans a machine-readable element (MRE) of a contact tracing participant that enters or exits the gathering place. The MRE encodes a unique identifier (UID) generated by the CTS for the participant, and the scan captures the UID along with a location and a timestamp at entry or exit of the gathering place. The UID, location, and timestamp are provided to the CTS for storage in a contact tracing database, which is used for providing contact tracing information to contact tracers. Other embodiments may be described and/or claimed.