The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. The method enables a prover to prove this particular statement in zero-knowledge. More specifically, the invention relates to a computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) in which a prover proves to a verifier that a statement is true while keeping a witness (W) to the statement a secret. The invention also relates to the reciprocal method employed by a verifier who verifies the proof. The method includes the prover sending to the verifier a statement (S) having an arithmetic circuit with m gates and n wires configured to implement a function circuit and determine whether for a given function circuit output (h) and an elliptic curve point (P), the function circuit input (s) to a wire of the function circuit is equal to the corresponding elliptic curve point multiplier(s). The prover also sends individual wire commitments and/or a batched commitment for wires of the circuit, an input for a wire in the arithmetic circuit; and a function circuit output (h). The prover receives from the verifier a challenge value (x) and responding with an opening or additionally sends a proving key (PrK) to the verifier. The statement and the data enables the verifier to determine that the circuit is satisfied and calculate the elliptic curve point (P) and validate the statement, thus determining that the prover holds the witness (W) to the statement.

Described herein is a secure system and methods for enabling a user to remotely generate a token to be used in a transaction. In the disclosure, the user may provide a mobile device identifier to a resource provider to complete a transaction. A service provider, upon receiving the mobile device identifier, may generate a message to be transmitted to a mobile device associated with that mobile device identifier that includes details of the transaction to be complete. Upon receiving the message, the user may be asked to elect a token service installed on the mobile device with which the transaction should be completed. This token service may be used to authenticate the user and subsequently generate or provide the requested token. The service provider computer may then use the generated token to complete the transaction.

The system and methods described herein may be utilized to perform operations in a faster and less complex manner than provided by conventional systems. An encrypted record may be stored at a user device. The encrypted record may include entries related to operations that were previously requested by the user device. The encrypted record may have been encrypted using a dynamic value and a key that is associated with an entity associated with the user. A recipient computer of a request by the user device may be configured to utilize the dynamic value provided in the request and the key associated with the entity to derive the encryption key(s) last used to encrypt the record. The recipient computer may decrypt and modify the decrypted record to perform the requested operation while the user device is precluded from doing so.

A method for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution includes reading payment information from a payment vehicle, reading financial institution routing information from the payment vehicle, reading a payment vehicle certificate from the payment vehicle, requesting consumer authentication information from a consumer, and submitting a payment transaction request to the financial institution using the financial institution routing information, a POS terminal certificate, and the payment vehicle certificate. An authentication certificate for submission of payment transaction requests from a point of sale (POS) terminal to a financial institution may be generated by receiving a request for an authentication certificate from a requestor, the request comprising a requestor ID and one or more capabilities of the requestor, verifying the requestor ID, generating an authentication certificate for the requestor, and returning the generated authentication certificate to the requestor.

A system for generating and applying a secure token in a resource distribution network is provided. For example, a headend system generates a time-based token based on a time duration specified for a meter. The time-based token indicates the time duration for the meter. The time-based token is further generated based on an identifier of the meter. The headend system transmits the time-based token to the meter via at least a mesh network. After receiving the time-based token, the meter validates the time-based token to determine that the time-based token is generated for the meter based on information related to the identifier of the meter. If the meter determines that the time-based token is valid, the meter connects premises associated with the meter to a resource distribution network for at least the time duration specified in the time-based token.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

A computing system that includes at least one processor and at least one memory communicatively coupled to the at least one processor is disclosed. The computing system also includes at least one network interface communicatively coupled to the at least one processor and configured to communicate with at least one vault system, each of the at least one vault system storing a respective one of N private keys or key components associated with a customer. The at least one processor is configured to generate, at the customer device, a sweeping transaction that transfers all funds from at least one input transaction address in a customer wallet to a new transaction address. The at least one processor is also configured to sign the sweeping transaction using at least M of N private keys or key components.

An example transaction-enabled system may include a smart contract wrapper to access a distributed ledger comprising intellectual property (IP) licensing terms corresponding to IP assets, wherein the IP licensing terms include an apportionment of royalties among owning entities in the distributed ledger. The smart contract wrapper may interpret an IP description value and an IP addition request, and, in response to the IP addition request and the IP description value, to add the apportionment of royalties corresponding to the IP description value. At least one of the plurality of IP assets comprises an instruction set and an operation on the distributed ledger provides provable access to the instruction set. A royalty apportionment wrapper apportions royalties from at least one royalty generating element to owning entities in response to the IP licensing terms.

Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.

A method and system of providing verification of information of a user relating to an attestation transaction is provided, and includes sending a request for information of the user, wherein the information has been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address; receiving at a processor associated with a verifier the information of the user; sending a cryptographic challenge nonce; receiving at the processor associated with the verifier the cryptographic challenge nonce signed by the user's private key; verifying user identity with the cryptographic challenge nonce signed by the user's private key; deriving a public attest key by using the information of the user; deriving an attestation address using the public attest key; and verifying the existence of the attestation transaction at the attestation address in the centralized or distributed ledger.