A diamond asset comprising one or more diamonds and an encryption chip is used to asset-back a cryptographic token that can be used to conduct transactions. The cryptographic token is written to a blockchain using a smart contract that is configured to enable a transaction associated with the token in response to two or more of: a signature by the encryption chip, a signature by the owner of the diamond asset, and a validation of a visual layout of the diamond asset.

A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

The present application discloses a method of issuing pseudonymous authorisation tickets to nodes of a cooperative ITS, for signing messages, comprising: receiving a ticket request from a node in an authorisation server, and sending a validation request to an enrolment server, conducting a validity check in the enrolment server, and, when the validity check is passed, incrementing a counter value of a counter assigned to an account at an account server enrolled with the enrolment server for the requesting node, sending a validation message to the authorisation server, and issuing a pseudonymous authorisation ticket from the authorisation server to the requesting node, repeating the aforementioned steps until a predetermined charging period expires, and, upon expiry, sending, from the enrolment server to the authorisation server, said counter value, and sending a charging request calculated from said counter value from the authorisation server to the account server for charging said account.

In an example, a subject using a user mobile-identification-credential device (UMD) requests vetting by a vetting system, which receives verified subject information associated with a level-n mobile identification credential (MIC-n) that UMD received from a level-n authorizing party system (APS-n). MIC-n is linked to lower level MIC-0 to MIC-(n−1). The vetting system, as level-n relying party system (RPS-n), uses the verified subject information associated with the linked MIC-0 to MIC-n to verify or not verify the identity of the subject, develops an identity profile of the subject, and determines a vetting result of the subject by calculating a composite trust score based on MIC trust values for the multiple levels of MIC. MIC-i (i=1 to n) is linked to MIC-(i−1) which UMD received from APS-(i−1), and APS-i is RPS-(i−1) which verified the identity of the subject using verified subject information associated with MIC-(i−1), such that MIC-0 to MIC-n are linked.

Embodiments described herein provide for system and methods to enable the secure streaming of real-time location data between electronic devices. One embodiment provides for a non-transitory machine-readable medium storing instructions to perform operations comprising creating record to specify a location streaming relationship between a first device registered with a first user account and a second device registered with a second online account, the record including a secret key. The record is stored to an online datastore and shared between the first user account and the second online account. The location data stream can be encrypted using the secret key stored in the record.

Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

A secure access control system configured to control access to sensitive data stored on disparate systems is disclosed. A first entity is designated to control access to second entity data. An authentication token, generated using a key derivation function, is used to authenticate the first entity. The authenticated first entity is granted access to second entity data. An access control interface is generated configured to selectively grant or withdraw access to second entity data. The access control interface identifies entities associated with respective access controls. The access control interface is instantiated on a first entity device. Activation indications of access controls is received over a network. Access to second entity data is accordingly granted or withdrawn. Access control transition event rules and/or access control transition time rules are retrieved. Using monitored events and the access control transition event rules, and/or a monitored current time and the access control transition time rules, a determination is made as to transition access control of the second entity data first entity to the second entity.

The present invention realizes an electronic signature system with high security level in which abuse of a signature key by a system administrator is prevented. A user sets an authentication information conceived by the user himself to his/her own signature key stored in the tamper resistant device (5) via the terminal device (2). When digitally signing an electronic document, the user transmits his/her own encrypted authentication information to the tamper resistant device (5) through the terminal device (2) and asks for permission to use his/her signature key. The tamper resistant device (5) decodes the inputted authentication information, verifies the decoded authentication information, and allows the digital signing only if the correct authentication information is entered. As a result, the electronic signature system in which only a user having valid use authority for the signature key can digitally sign is built.

A method for providing online security may include: (1) receiving, by a validation computer program executed by a trusted entity backend for a trusted entity, a call from a web browser executed on a customer electronic device browsing a webpage for an online entity, the call comprising an online entity identifier for the online entity and a session identifier, wherein the webpage for the online entity may include a hidden <iframe> comprising code that causes the web browser to execute the call; (2) confirming, by the validation computer program, that a cookie for the trusted entity may be stored on the customer electronic device; and (3) returning, by the validation computer program, a first value indicating that the customer electronic device is known to the trusted entity or a second value indicating that the customer electronic device is not known to the trusted entity based on the confirmation.

A vehicle identifier and a nonfungible token (NFT) associated with the vehicle identifier are stored on an electronic ledger. The electronic ledger is a distributed electronic ledger shared between at least a computer and a remote computer. Upon transitioning a vehicle to an on state, the electronic ledger is queried to identify programming instructions associated with the NFT. Upon retrieving the identified programming instructions from the electronic ledger, the vehicle is actuated based on the retrieved programming instructions.