Using a secure portable reference to medical information, stored on a portable storage medium, various embodiments allow a patient to give to their doctor an easy-to-use access key that will enable access to desired medical information stored on a computer network. The secure portable reference provides greater transportability of medical records to a patient or medical data repository including a doctor's office, clinic, or hospital, while maintaining data security to satisfy medical data privacy regulations and expectations. Some described embodiments use encrypted information inside the secure portable reference to hide, for example, who is allowed access to the stored medical information, and the network location of the stored information. Some embodiments use a secret PIN to authenticate the user attempting access to the referenced medical information. The secure portable reference contains information on network resources used to enable download access to medical information, including medical records and medical images.

A method of scheduling and validating a multiple-participant process, the method including: submitting, by a submitting node associated with a participant in the multiple-participant process, a proposed transaction by sending a cryptographically-protected message to one or more recipient nodes, wherein the cryptographically-protected message includes at least an unencrypted submessage readable by an external node and a cryptographically-protected submessage to preserve privacy from at least the external node; determining, by the external node, an order of the proposed transaction relative to other transactions; by way of at least some of the recipient nodes, validating the cryptographically-protected message; receiving a confirmation of validity of the cryptographically-protected message from at least some of the recipient nodes; finalizing the proposed transaction, as a confirmed transaction, based on receiving one or more confirmations from at least some of the recipient nodes that satisfy a confirmation condition; and writing the confirmed transaction to a distributed ledger according to the order determined by the external node.

A method for providing timing security in a time sensitive network (TSN), includes monitoring TSN times in timing synchronization packets exchanged between TSN network nodes. The method further includes monitoring TSN timing values calculated by TSN network nodes. The method further includes determining, using TSN times and TSN timing values, whether a timing attack is indicated. The method further includes, in response to determining that a timing attack is indicated, performing a timing attack effects mitigation action.

A physical access control system enables acceptable portal entry codes upon receiving each physical access request by operating on the elapsed time from a previous physical access request to generate a temporal credential. The controller receives a plurality of physical access requests from a plurality of mobile application devices. Upon authenticating the first access request, the controller eliminates repetition from the space of acceptable successor requests from each mobile application device. Monotonic nonces advance the range of temporal code matches. Entry code generation is decentralized to distributed application devices and is inherently unknowable until a successor access request is initiated by the same application device.

A method enables video surveillance service subscribers to share image streams with individual first responder agencies in the event of emergency. A customer administrator selects permissions on each camera via privileged web-browser or mobile device. Permissions enable selection by static meta data such as type, audio, location, motion, recognition, spectrum, and epoch. Setting ranges of time controls access to video streams of present and past epochs. Under control by a customer administrator, a virtual machine dedicated to each responding agency instantiates a video server. A camera is shared by a customer administrator's selection of permissions on each camera via privileged web-browser or mobile device. Video streams of present and past epochs are controlled by ranges of time. A notification is customized for each responding agency and each event by dynamically generating a link to a secure webserver which records geo-location or network identifiers for validation.

Example implementations relate to the processing of refresh token requests at an API gateway. The API gateway determines a first time associated with receipt of the refresh token request and a second time associated with the generation of a current access token. The current access token and a refresh token in the refresh token request are provided by the API gateway to the client device for accessing a backend service. The API gateway determines whether a difference between the first time and the second time is within a pre-defined threshold duration. When the difference between the first time and the second time is within the pre-defined threshold, the API gateway denies the refresh token request for generating the new access token and transmits the current access token back to the client device.

A system and method are described. An illustrative system enables operations such as: receiving new associated content from a user device and quantifying the new associated content via generating at least one new attribute-value pair object according to a multi-dimensional namespace and including at least some quantified attribute-value pairs determined from implementations of recognition algorithms executed on at least some of the new associated content. The operations may further include linking the at least one new attribute-value pair object into the linked list data structure and recording publication of the new associated content and the at least one new attribute-value pair object on a notarized ledger.

A hardware request of an application is detected. The Application executes on a virtualized computer system. It is determined that the hardware request includes a counter. The counter is to be performed by the virtualized computer system. The counter includes a counter value. The hardware request is intercepted before the it is processed by a hypervisor that hosts the virtualized computer system. The interception is based on the determining the hardware request includes the counter. The counter value is saved in a secure memory. The secure memory is obscured from the hypervisor. A scrambled counter value is generated. The hardware request is updated with the scrambled counter value. After the hardware request is updated it is provided to the hypervisor.

A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

A modifier infrastructure that takes digital device behaviors and allows them to enact channel behaviors instead. This infrastructure preferably extends to address issues of channels connected to channels for controlling and managing identities, privileges, and the encryption and decryption of valuable information. Embodiments of the present invention provide methods for computer authentication—particularly for component authentication, human-component authentication, and/or network cryptography.