In one example an apparatus comprises accelerator logic to pre-compute at least a portion of a message representative, hash logic to generate the message representative based on an input message, and signature logic to generate a signature to be transmitted in association with the message representative, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and determine whether the message representative satisfies a target threshold allocation of computational costs between a cost to generate the signature and a cost to verify the signature. Other examples may be described.

A computer-based method is provided for managing a transaction including provision of a process intelligence engine comprising a workflow aligner and process tool box, receiving deal parameters at the process intelligence engine, defining transaction subjects, each requiring the participation of at least one network partner, where each transaction subject is a requirement for achieving the objective of the transaction, defining, for each transaction subject, a plurality of subject goals to be addressed by a network partner, and defining, for each subject goal at least one action item required for satisfying the subject goal. The subject goals are then sequenced by the workflow aligner by defining prerequisites for at least one subject goal and transaction modules are defined based on the sequencing. During execution of a deal using the method, subject goals are not made available until prerequisite subject goals have been completed.

The disclosed technology teaches confirming proper deployment of sensors, with an authorization server (AS) issuing to a first client a Macaroon access token (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. The client modifies the MAT to produce multiple instances by appending caveats that add a deployment location to each of the instances, and applies a message authentication code (MAC) chaining algorithm to generate updated signatures to include in the instances of a MAT with caveats (MATwC). The first client forwards the multiple instances of the MATwC to respective sensor instances, and a second client receives, from the sensor instances, sensed data and location indicative data, accompanied by respective MATwC instances. The second client verifies that the location indicative data is consistent with the deployment location caveat in the respective MATwC and utilizes instances of the sensed data that are verified as consistent.

The disclosed technology teaches confirming delegation of authorization from an authorization server (AS) by a client to a service, including an AS issuing an OAuth2 access token in the form of a Macaroon (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. Included is the client modifying the OA2 access token by appending caveats that narrow authorization, and by applying a message authentication code (MAC) chaining algorithm to generate an updated signature to include in the resulting MAT with caveats (MATwC), the client delegating authorization to a service by forwarding the MATwC to the service and the service using the MATwC to access a resource server (RS), the RS passing the MATwC to the AS, and the AS determining authenticity of the MATwC as a bearer token and evaluating scope of authorization from the MAT as narrowed by the caveats, and reporting results.

Example implementations relate to metadata operations in a storage system. An example method includes receiving, from a first stream process, a first write request for a first container index in memory. The method further includes, in response to a receipt of the first write request, sending a first token to the first stream process without writing the first container index to a persistent storage. The method further includes receiving, from a second stream process, a first completion request for the first container index. The method further includes, in response to a receipt of the first completion request, writing the first container index from the memory to the persistent storage.

Systems and methods described herein track bartering using distributed ledger techniques to, for example, facilitate the establishment of a bartering marketplace that enables users to barter for, and ultimately exchange, services and/or goods with each other. In certain embodiments, a monetary value may be assigned to each service and/or good to be bartered to establish appropriate bartering baselines. In addition, in certain embodiments, additional monetary value exchanges may be tracked for particular exchanges to make sure that the exchanges are fair.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

Generating a 2D barcode includes acquiring private information input by a user and sending the private information to a server through a network. The method includes receiving an information access address returned through the network by the server, and generating a 2D barcode including the information access address. The method further includes acquiring a 2D barcode including an information access address and scanning the 2D barcode to obtain the information access address included in the 2D barcode, the information access address being for accessing private information. The method further includes sending the information access address to a server through a network, and receiving the private information returned through the network by the server, and using the private information as a reading result of the 2D barcode.

A multi-phase boot operation of a virtualization manager at a virtualization host is initiated at an offload card. In a first phase of the boot, a security key stored in a tamper-resistant location of the offload card is used. In a second phase, firmware programs are measured using a security module, and a first version of a virtualization coordinator is instantiated at the offload card. The first version of the virtualization coordinator obtains a different version of the virtualization coordinator and launches the different version at the offload card. Other components of the virtualization manager (such as various hypervisor components that do not run at the offload card) are launched by the different version of the virtualization controller.

Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.