97 results about "Central authority" patented technology

The present invention provides authentication of computer generated game or test results (“outcomes”), and a system by which persons who play games or take tests on a game or testing computer, respectively, may submit the outcomes of the games or tests to a central authority having at least one central computer, and have the central computer “certify” those outcomes as being accurately reported and fairly achieved. This certification of the computer generated result constitutes a “remote-auditing” of the activity taking place on the game computer. In one application, the system enables computer generated game tournaments in which players play the games on game computers and compete against each other by submitting the outcomes for those tournament games to the central computer, which certifies the outcomes and rates and ranks the players. In another application, the system provides for players of computer games to obtain a certified ranking and rating without participation in a tournament. In other embodiments, the system provides for self-authentication and certification of outcomes for games played on the game computer itself, or for mutual-authentication and certification of such outcomes on any other game computer in the system.

A computer network security system and method utilizes digitally signed and centrally assigned policy data, such as password length rules, that is unilaterally enforced at network nodes by node policy enforcement engines. The policy data may be variable on a per client or network node basis through a centralized authority, such as a certification authority. The computer network security system provides variable security policy rule data for distribution to at least one network node through a central security policy rule data distribution source, such as the certification authority. The central security policy rule data distribution source associates a digital signature to the variable security policy rule data to ensure the integrity of the policies in the system. Each network node uses a policy rule data engine and policy rule table to decode policy rule data and enforce the policy rules as selectively determined through the central authority.

A computing method and system is presented that allows multiple heterogeneous computing systems containing file storage mechanisms to work together in a peer-to-peer fashion to provide a fault-tolerant decentralized highly available clustered file system. The file system can be used by multiple heterogeneous systems to store and retrieve files. The system automatically ensures fault tolerance by storing files in multiple locations and requires hardly any configuration for a computing device to join the clustered file system. Most importantly, there is no central authority regarding meta-data storage, ensuring no single point of failure.

A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively. In addition to secrets the Authority owns, the system provides access to third party secrets from the computing devices. In one embodiment, the hardware-rooted encryption and hashing each use a single hardware register fabricated as part of the computing device's processor or System-on-Chip (SoC) and protected from external probing. The secret data is protected while in the device even during operating system malfunctions and becomes non-accessible from storage according to various rules, one of the rules being the passage of a certain time period. The use of the keys (or other secrets) can be bound to security policies that cannot be separated from the keys (or other secrets). The Authority is also able to establish remote trust and secure communications to the devices after deployment in the field using a special tamper-resistant hardware register in the device, to enable, disable or update the keys or secrets stored securely by the device.

User specific internet service provider (ISP) account information is stored on the user's smart card, but the ISP specific connection information is stored within a network computer client device (NC). When the NC is first powered on and used, it calls the relationship server to receive connection information corresponding to the ISP that is either specified on the first user's smart card or is otherwise chosen by the first user. This connection information is preferably stored in non-volatile memory within the NC, so that even if the NC is powered down, it maintains the ability to connect to the ISP designated by its previous user. Each ISP is designated by a unique enterprise identification number assigned by the relationship server. When a subsequent user inserts his smart card into an NC, the NC compares the enterprise identification number on the smart card to the enterprise identification number within the NC. If the enterprise identification numbers match, the NC connects to the IAP already stored in the NC without dialing the relationship server. Only if the enterprise identification numbers do not match must the NC then dial the relationship server to download connection information for the ISP designated by the smart card enterprise identification number. In the preferred embodiment, the ISP contents of the smart card are digitally signed by the ISP. If the enterprise identification numbers match, then the ISP contents of the smart card are cryptographically authenticated using the public key within the authorized usage certificate for the ISP. If the cryptographic authentication fails, then the NC reprograms the smart card.

Methods and systems for using blockchain digital currency are provided herein. The methods and systems comprise a blockchain digital currency that is created and utilized on a permission-based network of financial institutions. The blockchain digital currency is created by a central authority and minted into circulation by banks within the network, and is backed by reserves of real world currency of any country. The digital currency can be used for any type of financial transaction, and the system provides security, trust, traceability and a detailed audit trail for all transactions.

A controller is in communication with a plurality of vendors that are servicing customers, as well as with a plurality of “subsidizing” vendors seeking access to those customers. The controller receives from a first vendor an indication of one or more items that a customer is to purchase. In response, the controller transmits, on behalf of a subsidizing vendor, an indication of an offer for a subsidy such as a reduction in the customer's purchase price. If the customer accepts the offer, the controller provides an amount of funds from the subsidizing vendor to the first vendor. The controller may also retain a portion of the amount as payment. The controller also facilitates a transaction between the customer and the subsidizing vendor. For example, the customer may be required to sign up for a service (e.g. credit card account service) that is provided by the subsidizing vendor. By having the controller manage such a system by acting between subsidizing vendors and vendors that are servicing customers, a vendor need only communicate with the controller, rather than a plurality of other vendors.

Systems and methods are disclosed that provide for a blockchain-based transference tracking system to authenticate and register electronic transaction records. The transference tracking system, in one embodiment, is a permissioned, peer-to-peer, decentralized network containing an authorized, verifiable ledger of electronic transaction records that can be shared amongst authenticated actors. The decentralized ledger can be used as a substitute for a centralized database and enables automated tracking and reporting of electronic transaction records to an authoritative, but non-central authority using the blockchain of the transference tracking system.

In a first embodiment, a dynamic computer system security method and system using dynamic encryption and full synchronization between system nodes. A data record created by a source user is encrypted with an initial dynamic session key. A new dynamic session key is generated based upon a data record and a previous dynamic session key. A central authority is used to synchronize and authenticate both source and destination users with constantly regenerated dynamic authentication keys. In a second embodiment, a method of providing dynamic security authentication between wireless communication network nodes. An initial authentication key and an address are assigned to certain of the nodes. The address along with information encrypted by the initial authentication key is sent to an authentication server. The authentication server and node or nodes synchronously regenerate authentication keys based upon the initial authentication key. Secure handovers occur between nodes via an authentication key.

A dynamic computer communication security encryption method or system using an initial seed key and multiple random number generators of a specific design, whereby a sequence of independent random entropy values is produced by one set of random number generators and encrypted along with the message stream using the initial seed key, or the output of a second set of random number generators initialized with the initial seed key, and following the subsequent transmission of the variable encrypted entropy/message block, the entropy values are used to symmetrically or identically augment or increase the current uncertainty or entropy of the cryptosystem at both the sender and the receiver, prior to the next encryption block operation. The encryption process effectively entailing the use of multiple encryption ciphers, and the entropy augmentation process entailing the encryption or application of various logical mathematical operations on the already dynamic but deterministic internal state values of the second set of random number generators, effectively altering their deterministic outputs in a random probabilistic manner.

Random length message value sequences from one or more data sources is combined with one or more random length entropy value sequences from an independent source, following which the entropy “updates” may also be used to alter, or change any cryptosystem variable, value or component in a randomly determined manner. In addition, whilst ensuring synchronization, the random entropy sequences also serve to “pollute” the cipher-stream and thereby hinder most current forms of cryptanalysis, whilst simultaneously injecting additional entropy into the cryptographic system and allowing for its propagation to affect any connected system nodes, and thereby introducing unpredictable entropy into the system pseudorandom number generator outputs, and thereby ensuring the perpetual generation of unpredictable random numbers.

Super-encryption mechanics are independent of the user data, simple, fast and efficient, and can incorporate compression, error correction and asymmetric encryption authentication routines. But most importantly, super-encryption ensures resistance to brute force attacks (not possible to verify if a message was even sent), an ability to exceed “perfect secrecy” requirements, and an improvement on previous super-encipherment design, since overhead can be dramatically reduced from 100% overhead.

Communication links previously established by system nodes with central authorities may be used for secure node authentication and registration, whilst allowing the central authority to broker and synchronize communication channels and providing mutual authentication and other security functions between the system nodes.

Clinical trials are defined, managed and evaluated according to an overall end-to-end system. The central authority creates protocol meta-models and makes them available to clinical trial protocol designers. Each meta-model includes a short list of preliminary patient eligibility attributes which are appropriate for a particular disease category. The protocol designer chooses the appropriate meta-model, and encodes the clinical trial protocol, including eligibility and patient workflow, within the selected meta-model. The resulting protocol database is stored together with databases of other protocols in a library of protocol databases. Sponsors and individual clinical sites have controlled access to the protocols. Study sites make reference to the pertinent protocol databases to which they have access in the protocol database library in order to perform patient eligibility screening. Once a patient is enrolled into a study, the protocol database indicates to the clinician what tasks are to be performed at each patient visit. These tasks can include both patient management tasks and data management tasks. The workflow graph advantageously also instructs the proper time for the clinician to obtain a patient's informed consent. The system reports patient progress to study sponsors, who can then monitor the progress of the trial, and to a central authority which can then generate performance metrics. Advantageously, a common controlled medical terminology database is used by all components of the system.

One embodiment of the invention employs techniques for the self-installation of network devices using fire-and-forget principles. These devices modify their own network configuration data, but do not modify the network configuration data of other devices. Utilizing fire-and-forget principles, the need for a central database and central authority on the network is not required but may still be used.

Embodiments of the present invention provide a system for central authority-permissioned transfer of blockchain tokens. In particular, the a request is received to transfer a set of blockchain tokens that represent an ownership share in a physical asset from a first user to a second user. Information about the first user and second user is compared to a central authority repository that comprises a listing of vetted users permitted to perform transactions with blockchain tokens associated with the physical asset to determine that the first and second users are verified. In response to determining that the first and second users are verified a transaction function is built for the transfer of the set of blockchain tokens from a digital wallet of the first user to a digital wallet of the second user. Finally, the transaction function is published to a blockchain network associated with the set of blockchain tokens.

The invention provides a ciphertext policy attribute-based encryption system and a ciphertext policy attribute-based encryption method, which comprise ciphertext policy attribute-based encryption systems with a central mechanism and without the central mechanism and a ciphertext policy attribute-based encryption method. The ciphertext policy attribute-based encryption system with the central mechanism comprises a plurality of attribute mechanisms of the central mechanism, an encrypting component and a client. The plurality of attribute mechanisms of the central mechanism initialize the system together, publish a system public key, and generate a system private key, a local private keys of an attribute mechanism and local public keys; the encrypting component encrypts a cleartext based on the system public key, each local public key and a universal access tree; and the client inputs a client identifier, client attribute sets and the like so as to generate client private key used for decrypting the encrypted ciphertext. Due to the implementing mode of the invention, a multi-mechanism ciphertext policy attribute-based encryption system is designed. The scheme is based on the ciphertext policy, so the scheme better meets the access control requirement in an actual information safety system.

A method and apparatus is presented for revoking cryptographic keys within a distributed ledger system in which no central trusted authority is available, consisting of sending a key revocation message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger. In one embodiment the revocation message is signed using a private key of a public/private key pair to be revoked. In another embodiment an authorization for future revocation of the public/private key pair by a plurality of other public/private keys is sent for inclusion in the ledger, and subsequently the key revocation message is signed with one of the private keys of the plurality of public/private key pairs before sending the key revocation message. Once a valid key revocation message is included in the ledger, any future request to include a message signed by the revoked cryptographic key is rejected.

Described herein are computer implemented frameworks and methodologies for enabling identification verification in an online environment. Embodiments of the invention have been particularly developed to enable Internet users to have their identities verified by a central authority, and use that verification in the context of later online interactions.

A system and method for the secure transmission of a facsimile, which verifies that a selected user transmitted the document and only allows for the designated recipient or recipients to receive the facsimile is provided. A sending user scans a document, which is then encrypted and digitally signed using the sender's private key, which is retrieved from a central authority or server. The digitally signed document is then encrypted using the recipient's public key. The encrypted digitally signed document is then faxed to the recipient. The device receiving the facsimile transmission then notifies the designated recipient of the receipt of the encrypted fax job. The recipient then logs onto the receiving device, which retrieves the sender's public key and the recipient's private key from the server. The retrieved keys are then used to decrypt the document and verify the identities of both the sender and the user.

A Data Distribution Service (DDS) transfers information between nodes in an ad hoc mobile mesh network. The DDS includes many different novel features including techniques for coalescing retransmit requests to minimize traffic, providing a reasonable level of reliability for event oriented communications, multicasting retransmissions for use by many nodes, and providing other optimizations for multicast traffic. The DDS uses UDP datagrams for communications. Communications operate in a truly peer-to-peer fashion without requiring central authority or storage, and can be purely ad hoc and not depend on any central server. The protocol is NACK-based, which is more suited to a mesh network than a traditional approach like TCP, which uses positive acknowledgements of all data. The DDS is amenable to very long recovery intervals, matching well with nodes on wireless networks that lose coverage for significant periods of time and also works well with constantly changing network topologies. Reliability can also be handled over a span of time that might correspond to losing wireless coverage.

A system through which verbal information can be utilized to create structured data with tags (2) or inserted codes such as an XML code or the like provides hand held capability for easy adoption. A visual display (13) at the time of dictation can provide checklists, prompts or otherwise shape the entry to comport to a selected data context. The visual display can also be part of a transcriptionist system (7). By providing data in a coded fashion, analysis can be easily conducted such that alerts, bioterror alerts (e.g. evolving symptom or trend information for anthrax or the like) can be rapidly and perhaps automatically identified, and acted upon such as in providing health care alerts or locationally oriented statistical analysis information. A central database (1) reporting function to a central authority (11) (e.g., to the CDC or law enforcement) can be included for terrorist and other event management.