Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

A system and method for geolocation-aware, cyber-enabled infrastructure inventory and asset management with state prediction capability. The system tracks tangible and intangible assets, including states associated with each asset such as the location, condition, and value of each asset. Physical assets may be cyber-enabled by attaching wireless computing devices to some or all of the physical assets to provide data about the physical assets using sensors of the computing devices, including but not limited to, such data as location, conditions of storage, and hours of operation or use. Data for each item is stored in a multi-dimensional time series database, which keeps a historical record of the states of each item. Unknown or future states can be predicted by applying predictive models to the time series data. Parametric evaluations of current and predicted future states can be used to optimize the assets against an objective.

Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with relying party circuitry, the first interface circuitry being configured to receive, from the relying party circuitry, an attestation request in respect of a processing operation requested by attester circuitry to be performed by the relying party circuitry; second interface circuitry to communicate with the attester circuitry, the second interface circuitry being configured to: transmit the attestation request to the attester circuitry; and receive, from the attester circuitry, evidence data associated with the processing operation, and third interface circuitry to communicate with verifier circuitry, the third interface circuitry being configured to: transmit the evidence data to the verifier circuitry; and receive, from the verifier circuitry, attestation result data indicative of a verification of the evidence data, wherein the first interface circuitry is configured to transmit the attestation result data to the relying party circuitry.

A storage apparatus sends a request for a key encryption key to a key management server using a storage apparatus ID as a parameter, acquires the key encryption key, for which a request has been sent to the key management server, and its attribute information, and stores the key encryption key and its attribute information in a key encryption key list while eliminating the key encryption key that is duplicated. Then, in the order listed in the key encryption key list, decryption of the encryption key is attempted by the key encryption key stored in the key encryption key list, and the success or failure of the decryption of the encryption key is determined. When the decryption of the encryption key using the key encryption key fails, the decryption of the encryption key is attempted using a key encryption key, which has not been attempted yet, in the key encryption key list.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

Improved document processing workflows provide a secure electronic signature framework by reducing attack vectors that could be used to gain unauthorized access to digital assets. In one embodiment an electronically signed document is removed from an electronic signature server after signed copies of the document are distributed to all signatories. The electronic signature server optionally retains an encrypted copy of the signed document, but does not retain the decryption password. This limits the amount of data retained by the electronic signature server, making it a less attractive target for hackers. However, the electronic signature server still maintains audit data that can be used to identify a signed document and validate an electronic signature. For example, a hash of the document (or other document metadata) can be used to validate the authenticity of an electronically signed document based on a logical association between an electronic signature and the signed document.

Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).

A system, method, and device for stochastically processing data. There is an architect module operating on a processor configured to manage and control stochastic processing of data, a non-deterministic data pool module configured to provide a stream of non-deterministic values that are not derived from a function, a plurality of functionally equivalent data processing modules each configured to stochastically process data as called upon by the architect module, a data feed configured to feed a data set desired to be stochastically processed, and a structure memory module including a memory storage device and configured to provide sufficient information for the architect module to duplicate a predefined processing architecture and to record a utilized processing architecture.

Systems and methods are disclosed for generation of a representative data structure. A computing device can receive data including various data items. The computing device can generate logical rows that include the data items. The computing device can convert the logical rows into nodes and store the nodes into logical rows of a first logical table. The computing device can generate logical rows for a second logical table including row identifiers and a link to one of the logical rows from the first logical table.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.