The present invention relates to a method to create, by a service provider, a trusted pool of security devices adapted to perform cryptographic operations in a secure service, comprising the steps of: for a service provider, setting up a secure service by allocating a first device in the service, setting the first security device's clock to a reliable time source, creating an internal secure-service-object defining at least a service clock-instance and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application and a security device part of the secure service, said secure-service-object being maintained by the security device internally preventing any service provider from arbitrarily changing it, when additional security devices are required, for the service provider, adding additional security devices to the service through ensuring the two security devices' clocks are synchronized by setting the target security device's clock to an accurate time value and defining, in the secure-service-object, a max-delta-time and a max-daily-correction per day values limiting the drift between two devices of the pool.

Various embodiments of the present disclosure are directed to a group-based communication apparatus that is configured to enable end-users (e.g., non-admin users) to initiate, by way of client devices, generation of a shareable resource associated with a group-based communication resource identifier to efficiently authorize communication between client devices associated with different organization identifiers in group-based communication interfaces associated with a shared group-based communication resource identifier.

A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

In an industrial system, a data capture apparatus can be configured to operate as a unidirectional communication connection between a private network and a public network. The data capture apparatus can be further configured to time stamp data, for instance digitally sign data with a time stamp, so as ensure data integrity over the unidirectional communication connection, while maintaining physical isolation between the private network and public network.

A system for committing event data includes an interface and a processor. The interface is configured to receive input data and receive a client key. The processor is configured to generate an Nth sequence number; determine an Nth event hash using the input data, an N−1 signature, and the Nth sequence number; encrypt the Nth event hash with the client key to generate an Nth signature; generate an Nth event from the input data, the N−1 signature, the Nth sequence number, and the Nth signature; and, in response to an aggregate N−1 of one or more prior events being valid, apply Nth event onto the aggregate N−1.

A system for querying a state of aggregate N or creating a projection comprises an interface and a processor. The interface is configured to receive request to query the state of the aggregate N or to create a projection up to a target event and receive a client key. The processor is configured to rehash each event input data of the aggregate N with its corresponding sequence number and a prior event signature to generate a hash value; reencrypt the hash value using the client key to create a check signature; determine whether the check signature is equal to the prior event signature; in response to each check signature being equal to the prior event signature, replay the events of the aggregate N to generate and provide the state of the aggregate N; and in response to a check signature not being equal to the prior event signature, indicate that the aggregate N is not valid.

The present innovative solution solves the problem of managing secure documents so that they can be verified, and protected from tampering and illegal printing. A legal document is converted to a secure document by embedding into the legal document one or more security codes that have been encrypted with a standard of proprietary cryptographic algorithm. The security codes are supplemented by a QR code associated with the archive location of each page of the secure document, and stored at a server or database. The security codes stored in the document and can be printed together with the document, as a form of watermark, using UV-sensitive ink or toner at a security printer. The security codes are encrypted and can be printed on varying locations in the secure document pages, which are defined in a geolocation template, separately transmitted in encrypted format.

Web usage behavior may be labeled by topics and used with other telecommunications network observations in various advertising campaigns. Web browsing behavior may be captured to identify domain names visited by subscribers, and the domain names may be classified using keywords or databases of domain topics. Subscriber usage behavior may identify those subscribers having a high affinity for specific topics. Further, affinity may be determined for subscribers having affinity in their baseline behavior patterns as well as those subscribers who may be deviating from their baseline behavior. Tables of users and their affinity may be generated, which may be used to identify potential candidates for various advertising campaigns.

Systems, apparatuses and methods may provide for technology that detects one or more non-compliant nodes with respect to a timing schedule, detects one or more compliant nodes with respect to the timing schedule, and identifies a malicious node based on positions of the one or more non-compliant nodes and the one or more compliant nodes in a network topography. The non-compliant node(s) and the compliant node(s) may be detected based on post-synchronization messages, historical attribute data and/or plane diversity data.