A computer implemented method includes generating, by a processor associated with a first client computer, a request message; generating, by the processor, a first public token based on a first private token; augmenting, by the processor, the electronic data transaction request message with the first public token; transmitting, by the processor, the augmented electronic data transaction request message to a second client computer; generating, by the processor, a second public token based on the first public token; identifying, by the processor, from a database of result messages, a result message labeled with the second public token, the identified result message including encrypted confidential information; generating, by the processor, a second private token corresponding to the second public token used to identify the result message; and decrypting, by the processor, the encrypted confidential information with the second private token.

According to one embodiment, a storage system includes a processor, a storage device, and a first memory. The storage device includes a nonvolatile memory, a control circuit, and a second memory. The processor retrieves, based on a retrieval key and retrieval information stored in the first memory, location information of data including the retrieval key and a value, and transmits the location information and the retrieval key to the control circuit. The control circuit reads the data from the nonvolatile memory based on the location information and the retrieval key, stores the data in the second memory, retrieves the value corresponding to the retrieval key from the data, and transmits the value to the processor.

An apparatus comprises a plurality of hardware security modules, at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry to generate a first plurality of pairs of cryptographic key pairs comprising a first plurality of private keys and a first plurality of public keys, forward the first plurality of public keys to a remote computing device, receive, from the remote computing device, a first plurality of ciphertexts, wherein each ciphertext in the plurality of ciphertexts represents an encryption of a cryptographic seed with a public key selected from the plurality of public keys, receive, from a subset of hardware security modules in the plurality of hardware security modules, a subset of private keys.

A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.

A method of storing data on a blockchain, such as the Bitcoin blockchain, is disclosed. The method comprises generating a plurality of blockchain transactions, wherein a plurality of the blockchain transactions each store therein a respective part (<Content chunk 1>, <Content chunk 2>) of first data to be stored on the blockchain and second data (<Metanet Flag>) indicating that the parts of the first data are related to each other.

An approach is disclosed for streaming content into a plurality of blobbers running on a blockchain storage platform. The streaming content is received, and the content is stored into a buffer. The buffered content is separated into fragments F (F1, F2, . . . , Fi, . . . , Fj . . . , Fn) where the each fragment Fi has a memory allocation different from other fragments Fj where j is not i while continuing to receive the streaming content until a blocking event occurs. Each fragment is split into a number of chunks determined by a fragment size divided by a chunk size. Each chunk is split into a fixed number of DABs where the number of DABs is the chunk size divided by the DAB size. A fixed Merkle tree is constructed suitable for sending to a number of blobbers for recording the DABs referenced by the leaf nodes of the fixed Merkle tree.

A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

For verifying authorization associated with a first electronic device by a second electronic device, using symmetric key encryption, the second electronic device receives from the first electronic device encrypted data and metadata with a key space identifier and positional information. The key space identifier defines a cryptographic key hierarchy and the positional information defines in the cryptographic key hierarchy the cryptographic key used to generate the encrypted data. The second electronic device derives the cryptographic key by way of a one-way function from cryptographic keys stored in the second electronic device, using the key space identifier and the positional information received from the first electronic device. The second electronic device decrypts the encrypted data, using the derived cryptographic key, for verifying the authorization associated with the first electronic device.

An application security authentication method, including: step 202, acquiring an application file to be downloaded and extracting signature information from the application file; step 204, acquiring public key information contained in a multilevel key hierarchy, and acquiring public key information of the currently highest priority according to a priority order of the public key information; step 206, authenticating the signature information with the acquired public key information of the currently highest priority; and step 208, allowing the application file to be downloaded if an authentication of the signature information is passed.

The disclosed embodiments enable applying production nature to a software signature post-build (or even post-release), where the signature type is determined by the existence of a production-signed intermediate CA certificate—either hosted in the cloud (for pure release immutability), or re-ingested into the package (if certain modification are allowed). This allows a so-called deferred issuance of the product release. Even if the CA certificate is to be reinserted into the package, this modification likely affects only the delivery shell (e.g., installer) and may not require format-specific binary changes of, possibly heterogeneous, artifacts therein.