A method for execution by a processing module of a distributed storage includes transmitting a request to retrieve a set of encoded data slices (EDSs) to a plurality of storage nodes followed by receiving a threshold number of EDSs from one or more of the plurality of storage nodes, and decoding the EDSs to produce a transposed encrypted data segment. The method continues with the processing module partitioning the encrypted data segment into an encoded encryption key and encrypted data, performing a hash function on the encrypted data to produce a digest resultant and combining the digest resultant with the encoded encryption key to generate combined key data. The method then continues with decoding the combined key data to recover an encryption key and decrypting the encrypted data using the encryption key to recover a data segment.

Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.

Techniques are disclosed relating to credential sharing for user authentication. In some embodiments, a first computing device maintains a credential manager that stores a plurality of user credentials usable to authenticate a user. The first computing device receives a request from the user to send one of the plurality of user credentials to a second computing device. In response to the request, the first computing device sends the user credential to the second computing device. The second computing device is configured to determine whether an application of the second computing device is presenting an authentication prompt to a user and, in response to determining that the authentication prompt is being presented, populate one or more fields of the authentication prompt with the user credential. In some embodiments, the second computing device is configured to store the user credential in a credential manager maintained by the second computing device.

A system and method for validating an entity and sending secret shared public key for securely communicating data that may include providing first and second entities with an identical sequence of bits; encrypting data, by the first entity, using bits in a first portion of the identical sequence as an encryption key, to produce encrypted data; XORing the encrypted data based on bits in a second portion of the sequence to produce encrypted and XORed data; sending the encrypted and XORed data to the second entity; and using the sequence of bits, by the second entity, to un-XOR and decrypt the encrypted and XORed data.

A system supports symmetric release of cryptologically-locked asset transactions. A leading exchange party and a reciprocal exchange party establish, at least in part, a peer challenge in a pre-exchange proposal. The reciprocal party uses the peer challenge to lock a cryptologically-locked asset transaction. The solution to the peer challenge corresponds to an exchange key controlled by the leading exchange party. The cryptologically-locked asset transaction call for solution of the peer challenge and signature of the transaction by exchange logic as conditions of release of the cryptologically-locked asset transaction. The exchange logic may execute a symmetric release of the exchange key and/or signature to the reciprocal exchange party and cryptologically-locked asset transaction (such that the asset is transferred to the leading exchange party).

Presented herein are systems and methods of securely sharing data from multiple sources with different client terminals. A server may establish an electronic document for defining a transaction. The electronic document may have data fields. Each data field may be from a client terminal. The server may identify encryption keys to encrypt the corresponding data fields included in the electronic document. The server may distribute the encryption keys across the client terminals in accordance with an access control policy. The access control policy may specify access permissions for a client terminal to each of the plurality of data fields based on a role of the client terminal in the transaction. The server may provide, to each client terminal with access to the data fields in the electronic document via the encryption keys distributed in accordance with the access control policy.

Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

A method for generation of an application cryptogram for use in a payment transaction includes: storing, in a first memory, a single use key associated with a transaction account; electronically transmitting the single use key to a processing server; receiving an encrypted session key and a server encryption key from the processing server; executing a first query to store the encrypted session key in the first memory and a second query to store the server encryption key in a second memory; decrypting the encrypted session key using the server encryption key; generating an application cryptogram based on the decrypted session key; and electronically transmitting the generated application cryptogram for use in a payment transaction.

Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

In an embodiment, a migration of a dataset from a source storage system to a target storage system is initiated, wherein at least one of the source storage system and the target storage system is a cloud-based storage system. The target storage system provides read/write access to the dataset before completing migration of the dataset from the source storage system to the target storage system.