A computer system that interfaces with a blockchain is provided. The computer system receives match data for a match between a first data transaction request that is associated with a first identifier and a second data transaction request that is associated with a second identifier. Based on the match data, first and second blockchain transactions are generated. The first blockchain transaction is from a first identifier to an intermediary identifier and the second blockchain transaction is from the intermediary identifier to the second identifier. The first and second blockchain transactions are submitted to the blockchain. A further blockchain transaction is generated and submitted to the blockchain that includes a programmatic structure with a timer condition.

A computer-implemented includes sending a public key associated with a particular node in a cyclically-ordered set of nodes participating in a blockchain network to an initiator node; receiving, by the particular node from a node immediately previous to the particular node in the cyclically-ordered set, a first value based on public keys associated with each node from the particular node through to the initiator node; determining a locking value based on the first value and the public key associated with the particular node; and preparing using the locking value, a transaction arranged to transmit control of a resource from a source address associated with the particular node to a receiving address of a node immediately subsequent to the particular node. The control of the resource is to be transmitted responsive to satisfaction of an execution condition including supply of an unlocking value corresponding to the locking value.

Some database systems may implement encryption services to improve the security of data stored in databases or on disks. The systems may implement encryption using multiple encryption keys. For example, a worker server may implement a system call interceptor, such as a filesystem in userspace (Fuse) driver. The system call interceptor may intercept system calls (e.g., associated with query or extract, transform, and load (ETL) jobs) as they enter or exit the kernel. The system call interceptor may determine whether data sets associated with the jobs are marked for encryption, and may perform an encryption process on the data sets. A worker may encrypt and store data sets on a worker disk or at a file store, or may retrieve and decrypt the data sets. The system may additionally manage encryption keys, and may provide mechanisms for archiving or revoking encryption keys while maintaining user access to stored data sets.

A method of generating a hierarchical deterministic keys portfolio, in particular to sign transactions sent to a blockchain. The generation method includes an initialization phase by an administrator and a phase of setting parameters for at least one user. Private key usage contexts are created from the administrator account, each context specifying conditions for use of the private key in said context. User accounts are also created, each user account being associated with a private key in the tree structure, the private key of said user being obtained from a master private key of the administrator, the usage context to which the user account is attached, and the user's identifier.

Systems and method are provided for data self-protection. The systems and methods may involve installing a sentry on a computer system, the sentry including a file system filter installed on a kernel of that computer system; providing a central sentry platform in communication with the sentry, operating the central sentry platform to send a data self-protection policy to the sentry, the data self-protection policy being encrypted so that it can only be modified by the central sentry platform; operating the file system filter to control access to encrypted data stored on the computer system, by, for each process making a file access request to the encrypted data, the file system filter receiving and handling that file access request according to the data self-protection policy; and, operating the central sentry platform to monitor the sentry and to receive information from the sentry regarding access to the encrypted data.

A decentralized and trust-minimizing computer architecture for computing rewards for users of an advertising system includes cryptographic black box accumulators (BBA), which is a cryptographic counter that only the issuer can update. An attention application requests initialization of a BBA from a guardian and subsequently requests updates to the BBA to track interactions between a user of the attention application and ads on the attention application. The guardian signs updates to the BBA to reach agreement on the state of ad interactions. The attention application may randomize the BBA and submit requests via an anonymous channel such that no participant can link two encounters with the BBA to each other or link the BBA to a specific attention application, thus improving user privacy. Reward redemption requests can be made based on a known policy and committed to a public blockchain for verification by observers that the protocol is operating correctly.

A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.

There are provided systems and methods for a dynamic value appended to cookie data for fraud detection and step-up authentication. A service provider, such as an electronic transaction processor for digital transactions, may utilize computer cookies for authentication and/or login for a user account. In order to further secure cookies from being compromised and used by malicious parties for fraudulent account access, the service provider may add or append a dynamic value that changes at each subsequent login to the computer cookie. The dynamic value may be used so that if a computer cookie is misappropriated, only one device may use the cookie once without the cookie updating and invalidating the cookie with another device or application on the device. Thereafter, when a login is requested, the dynamic value is matched to an expected value by the service provider when determining whether to authenticate the device.

Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack. At the same time, by using the main key only once (rather than using the main key each time a sub-key is generated), the vulnerability of the main key to a side-channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced. Specific embodiments use parallel or chained execution of sub-functions to generate respective sub-keys. Other specific embodiments generate all sub-keys from a single one-way function in one go.

A method of confirming receipt, including iteratively capturing by a receiving device visual codes in a series of visual codes displayed on a sending device. A corresponding captured visual code being from a display block that resulted from a partition of an original data file into display blocks, and wherein each display block is converted to a corresponding string and header including an ordered identifying display block number and a total count of the display blocks. Each corresponding string is converted to a corresponding visual code. Each of the captured visual codes is converted into a corresponding string and a header is read for the corresponding string. Captured display blocks are determined. A confirmation message is generated including information indicating which display blocks have been received. The confirmation message is sent over a wireless communication link to the sending device to reduce the number of visual codes being displayed.