Systems and methods are provided for use in authenticating a software artifact, including target applications for a payment network. One exemplary computer-implemented method includes retrieving metadata and a stage log for an artifact from a stage of a pipeline, the metadata including a result of the stage. A keyword count is generated of the stage log, and a checksum for the stage log is generated based on a hashing function. A stage record is compiled for the artifact and the stage. The stage record includes the checksum, a representation of the keyword count, and the result, but not the stage log. The stage record is stored in at least two different data structures. The artifact is authenticated based on the stage records for the artifact in each of the at least two data structures, prior to releasing the artifact into production.

Provided are a selective verification system and method of zero-knowledge proofs for scalability of a blockchain, the system including: a proof unit generating a proof as a result of Prove( ) for a fact to be proved, and generating a transaction in the blockchain and storing the proof; a verification unit executing, when a new proof is registered, off-chain Verify( ) for a contract, a vk, and the proof, standing by when a result of execution is a value of true, and after a preset time elapses, determining that the proof is true; and an operation unit executing on-chain Verify( ) in response to a request for verification from the verification unit and imposing a penalty when a result of execution is a value of false.

Systems, methods, and apparatuses for protecting a secret on a device with limited memory, while still providing tamper resistance, are described. To achieve security, an encoding computer can apply a memory-hard function MHF to a secret S and determine a result Y, then determine a proof π for the result Y. Then, the encoding computer can send a codeword C comprising the secret S and the proof π to a decoding computer. The decoding computer can retrieve the codeword C from persistent memory and parse the secret S and the proof π. The decoding device can use transient memory to decode the codeword C by verifying the proof π was generated with the secret S and the result Y. When the correctness of the result Y is verified, the decoding device can apply a cryptographic function to input data using the secret S then reset the transient memory.

A method can include storing host code executable by a host device in a nonvolatile memory (NVM) device and NVM code executable by the NVM device. The NVM device can validate the integrity of the NVM code in response to predetermined conditions and generate a code integrity value for validating the NVM code. The code integrity value having a size independent of a size of the host code. An authentication code can be sent to the host device that is generated with at least the code integrity value. In response to read requests from the host device, returning at least portions of the host code for execution by the host device. Corresponding devices and systems are also disclosed.

The present disclosure relates to a firmware security verification method and device, including a processor and a read-only memory for storing instructions executable by the processor. While executing the instructions, the processor implements the following steps: acquiring firmware data and a digital signature; verifying the digital signature with a pre-stored public key; and running the firmware data upon determining that the digital signature passes the verification. With the firmware security verification method and device provided in embodiments of the present disclosure, the security of the firmware data can be acquired before the running of firmware.

Techniques for calculating a hash value of a single secure array of memory blocks in a sequential set of dice. The array can be defined by a set of address-size pairs. Each pair provides a pointer by including an address of a memory block and a size of the block. The hash value can be calculated by: for each die that is not the last die, partially applying a hash function, without final padding, to the memory blocks of the secure array in the die to generate a partial digest. And, for the last die, fully applying the hash function, with the final padding, to the memory blocks of the secure array in the last die to generate the hash value of the secure array, which can include adding an accumulation of partial digests to data from the last die as a basis for the generation of the hash value.

The present disclosure relates to a method for verifying the origin of electronic modules of a field device. Each manufacturer of an electronic module classified as trustworthy is assigned a key pair. Public keys classified as trustworthy are stored in a list in the field device. Each electronic module contains the public key of the manufacturer and a manufacturer signature. The manufacturer signature confirms the public key as trustworthy. When an electronic module is exchanged or added, the field device checks whether that module has a key pair and a manufacturer signature, whether the public key of the manufacturer of the electronic module is listed in the list with the public keys of the manufacturers classified as trustworthy, whether the manufacturer signature matches the manufacturer and the electronic module, and whether the electronic module is in possession of a correct private key.

Systems and methods are provided for use in authenticating a software artifact, including target applications for a payment network. One exemplary computer-implemented method includes retrieving metadata and a stage log for an artifact from a stage of a pipeline, the metadata including a result of the stage. A keyword count is generated of the stage log, and a checksum for the stage log is generated based on a hashing function. A stage record is compiled for the artifact and the stage. The stage record includes the checksum, a representation of the keyword count, and the result, but not the stage log. The stage record is stored in at least two different data structures. The artifact is authenticated based on the stage records for the artifact in each of the at least two data structures, prior to releasing the artifact into production.

A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is safe to run, the system may generate a hash output of the executable data and store the hash output in a database of approved executable data. In this way, the system may securely generate a repository of authorized hashes such that the system may ensure that only safely executable code is processed by the computing systems within the network environment.

An example operation may include one or more of dividing a data file into a plurality of data chunks, generating a randomness value for each data chunk based on one or more predefined randomness tests, and accumulating generated randomness values of the plurality of data chunks to generate an accumulated randomness value, detecting whether the data file is one or more of encrypted and compressed based on the accumulated randomness value and a predetermined threshold value, and storing information about the detection via a storage.